[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-49 - 33 candidates

The following cluster contains 33 candidates that were announced
between December 11, 2000 and December 18, 2000.

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.  The voting web
site will be updated with this cluster later today.  Recent additions
to the Editorial Board will also be notified about their account
information at that time.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0896
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0896
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: XF:watchguard-soho-fragmented-packets
Reference: URL:http://xforce.iss.net/static/5749.php
Reference: BID:2113
Reference: URL:http://www.securityfocus.com/bid/2113

WatchGuard SOHO firewall allows remote attackers to cause a denial of
service via a flood of fragmented IP packets, which causes the
firewall to drop connections and stop forwarding packets.

Analysis
----------------
ED_PRI CAN-2000-0896 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: XF:rppppoe-zero-length-dos
Reference: URL:http://xforce.iss.net/static/5727.php

rp-pppoe PPPoE client allows remote attackers to cause a denial of service
via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Analysis
----------------
ED_PRI CAN-2001-0026 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: XF:oops-ftputils-bo
Reference: URL:http://xforce.iss.net/static/5725.php

Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2
and earlier allows remote attackers to execute arbitrary commands via a
large number of " (quotation) characters.

Analysis
----------------
ED_PRI CAN-2001-0028 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: XF:bsd-ftpd-replydirname-bo
Reference: URL:http://xforce.iss.net/static/5776.php

One-byte buffer overflow in replydirname function in BSD-based ftpd
allows remote attackers to gain root privileges.

Analysis
----------------
ED_PRI CAN-2001-0053 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Stunnel format bug
Reference: URL:http://www.securityfocus.com/archive/1/151719
Reference: REDHAT:RHSA-2000:129-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html
Reference: CONECTIVA:CLA-2000:363
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
Reference: DEBIAN:20001225 DSA-009-1 stunnel: insecure file handling, format string bug
Reference: URL:http://www.debian.org/security/2000/20001225a
Reference: XF:stunnel-format-logfile
Reference: URL:http://xforce.iss.net/static/5807.php
Reference: BID:2128
Reference: URL:http://www.securityfocus.com/bid/2128

Format string vulnerability in stunnel 3.8 and earlier allows
attackers to execute arbitrary commands via a malformed ident
username.

Analysis
----------------
ED_PRI CAN-2001-0060 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2130
Reference: URL:http://www.securityfocus.com/bid/2130

procfs in FreeBSD and possibly other operating systems does not
properly restrict access to per-process mem and ctl files, which
allows local users to gain root privileges by forking a child process
and executing a privileged process from the child, while the parent
retains access to the child's address space.

Analysis
----------------
ED_PRI CAN-2001-0061 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2131
Reference: URL:http://www.securityfocus.com/bid/2131

procfs in FreeBSD and possibly other operating systems allows local
users to cause a denial of service by calling mmap on the process' own
mem file, which causes the kernel to hang.

Analysis
----------------
ED_PRI CAN-2001-0062 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2132
Reference: URL:http://www.securityfocus.com/bid/2132

procfs in FreeBSD and possibly other operating systems allows local
users to bypass access control restrictions for a jail environment and
gain additional privileges.

Analysis
----------------
ED_PRI CAN-2001-0063 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
Reference: XF:cisco-catalyst-ssh-mismatch
Reference: URL:http://xforce.iss.net/static/5760.php

Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to
cause a denial of service by connecting to the SSH service with a
non-SSH client, which generates a protocol mismatch error.

Analysis
----------------
ED_PRI CAN-2001-0080 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0083
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-097
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp
Reference: MSKB:Q281256
Reference: XF:mediaservices-dropped-connection-dos
Reference: URL:http://xforce.iss.net/static/5785.php

Windows Media Unicast Service in Windows Media Services 4.0 and 4.1
does not properly shut down some types of connections, producing a
memory leak which allows remote attackers to cause a denial of service
via a series of severed connections, aka the "Severed Windows Media
Server Connection" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0083 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0012-134
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
Reference: XF:hp-top-sys-files
Reference: URL:http://xforce.iss.net/static/5773.php

Vulnerability in top in HP-UX 11.04 and earlier allows local users to
overwrite files owned by the "sys" group.

Analysis
----------------
ED_PRI CAN-2001-0105 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0894
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php

HTTP server on the WatchGuard SOHO firewall does not properly restrict
access to administrative functions such as password resets or
rebooting, which allows attackers to cause a denial of service or
conduct unauthorized activities.

Analysis
----------------
ED_PRI CAN-2000-0894 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0895
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: BID:2114
Reference: URL:http://www.securityfocus.com/bid/2114

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long GET request.

Analysis
----------------
ED_PRI CAN-2000-0895 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0059
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Solaris patchadd(1)  (3) symlink vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2
Reference: BID:2127
Reference: URL:http://www.securityfocus.com/bid/2127
Reference: XF:solaris-patchadd-symlink
Reference: URL:http://xforce.iss.net/static/5789.php

patchadd in Solaris allows local users to overwrite arbitrary files
via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-0059 2
Vendor Acknowledgement: yes followup

Some followups imply that this is the ksh << problem, but another
followup includes a portion of the actual code, which does not rely
on ksh.  Therefore this is a separate vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0081
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt

swinit in nCipher does not properly disable the Operator Card Set
recovery feature even when explicitly disabled by the user, which
could allow attackers to gain access to application keys.

Analysis
----------------
ED_PRI CAN-2001-0081 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1090
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001211
Category: SF
Reference: MISC:http://www.nsfocus.com/english/homepage/sa_08.htm
Reference: BID:2100
Reference: URL:http://www.securityfocus.com/bid/2100
Reference: XF:microsoft-iis-file-disclosure
Reference: URL:http://xforce.iss.net/static/5729.php

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers
to read source code for parsed pages via a malformed URL that uses the
lead-byte of a double-byte character.

Analysis
----------------
ED_PRI CAN-2000-1090 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001213 Re: Insecure input validation in simplestmail.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html
Reference: BID:2106
Reference: URL:http://www.securityfocus.com/bid/2106
Reference: XF:http-cgi-simplestguest
Reference: URL:http://xforce.iss.net/static/5743.php

simplestguest.cgi CGI program by Leif Wright allows remote attackers to
execute arbitrary commands via shell metacharacters in the guestbook
parameter.

Analysis
----------------
ED_PRI CAN-2001-0022 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 Insecure input validation in everythingform.cgi (remote command execution)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html
Reference: BID:2101
Reference: URL:http://www.securityfocus.com/bid/2101
Reference: XF:http-cgi-everythingform
Reference: URL:http://xforce.iss.net/static/5736.php

everythingform.cgi CGI program by Leif Wright allows remote attackers to
execute arbitrary commands via shell metacharacters in the config
parameter.

Analysis
----------------
ED_PRI CAN-2001-0023 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 Insecure input validation in simplestmail.cgi (remote command execution)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0136.html
Reference: BID:2102
Reference: URL:http://www.securityfocus.com/bid/2102
Reference: XF:http-cgi-simplestmail
Reference: URL:http://xforce.iss.net/static/5739.php

simplestmail.cgi CGI program by Leif Wright allows remote attackers to
execute arbitrary commands via shell metacharacters in the MyEmail
parameter.

Analysis
----------------
ED_PRI CAN-2001-0024 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 Insecure input validation in ad.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0143.html
Reference: BID:2103
Reference: URL:http://www.securityfocus.com/bid/2103
Reference: XF:http-cgi-ad
Reference: URL:http://xforce.iss.net/static/5741.php

ad.cgi CGI program by Leif Wright allows remote attackers to execute
arbitrary commands via shell metacharacters in the file parameter.

Analysis
----------------
ED_PRI CAN-2001-0025 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 mod_sqlpw Password Caching Bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html
Reference: XF:proftpd-modsqlpw-unauth-access
Reference: URL:http://xforce.iss.net/static/5737.php

mod_sqlpw module in ProFTPD does not reset a cached password when a
user uses the "user" command to change accounts, which allows authenticated
attackers to gain privileges of other users.

Analysis
----------------
ED_PRI CAN-2001-0027 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 Re: [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0158.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: MISC:http://zipper.paco.net/~igor/oops/ChangeLog

Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other
versions) allows remote attackers to execute arbitrary commands via a
long host or domain name that is obtained from a reverse DNS lookup.

Analysis
----------------
ED_PRI CAN-2001-0029 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001213 Potential Buffer Overflow vulnerability in bftpd-1.0.13
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0189.html
Reference: XF:bftpd-site-chown-bo
Reference: URL:http://xforce.iss.net/static/5775.php

Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a
denial of service and possibly execute arbitrary commands via a long
SITE CHOWN command.

Analysis
----------------
ED_PRI CAN-2001-0065 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: BUGTRAQ:20001214 J-Pilot Permissions Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&fromthread=1&start=2001-01-28&threads=0&list=1&;
Reference: MANDRAKE:MDKSA-2000:081
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3
Reference: XF:jpilot-perms
Reference: URL:http://xforce.iss.net/static/5762.php

The installation of J-Pilot creates the .jpilot directory with the
user's umask, which could allow local attackers to read other users'
PalmOS backup information if their umasks are not securely set.

Analysis
----------------
ED_PRI CAN-2001-0067 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PERMS

INCLUSION:

Is this just an instance of the high-cardinality vulnerability/exposure
"user has an insecure umask?"  There was a long debate about this
on Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001215 Security Hole of MRJ 2.2.3 (Mac OS Runtime for Java) - Inconsistent Use of CODEBASE and ARCHIVE Attributes -
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0241.html
Reference: XF:mrj-runtime-malicious-applets
Reference: URL:http://xforce.iss.net/static/5784.php

Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use
malicious applets to read files outside of the CODEBASE context via
the ARCHIVE applet parameter.

Analysis
----------------
ED_PRI CAN-2001-0068 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category:
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html

The clustmon service in Sun Cluster 2.x does not require
authentication, which allows remote attackers to obtain sensitive
information such as system logs and cluster configurations.

Analysis
----------------
ED_PRI CAN-2001-0077 3
Vendor Acknowledgement:
Content Decisions: DESIGN-NO-AUTH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html

in.mond in Sun Cluster 2.x allows local users to read arbitrary files
via a symlink attack on the status file of a host running HA-NFS.

Analysis
----------------
ED_PRI CAN-2001-0078 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0079
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001213 STM symlink Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0174.html

Support Tools Manager (STM) A.22.00 for HP-UX allows local users to
overwrite arbitrary files via a symlink attack on the tool_stat.txt
log file.

Analysis
----------------
ED_PRI CAN-2001-0079 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0082
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 FireWall-1 Fastmode Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0271.html

Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows
remote attackers to bypass access restrictions via malformed,
fragmented packets.

Analysis
----------------
ED_PRI CAN-2001-0082 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0160.html
Reference: BID:2108
Reference: URL:http://www.securityfocus.com/bid/2108
Reference: XF:subscribemelite-gain-admin-access
Reference: URL:http://xforce.iss.net/static/5735.php

CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote
attackers to delete arbitrary mailing list users without
authentication by directly calling subscribe.pl with the target
address as a parameter.

Analysis
----------------
ED_PRI CAN-2001-0086 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
Reference: XF:solaris-catman-symlink
Reference: URL:http://xforce.iss.net/static/5788.php

catman in Solaris 2.7 and 2.8 allows local users to overwrite
arbitrary files via a symlink attack on the sman_PID temporary file.

Analysis
----------------
ED_PRI CAN-2001-0095 3
Vendor Acknowledgement: unknown discloser-claimed

CAN-1999-0370 identifies what may be a symlink vulnerability in man and
catman, but the affected versions include 2.7, and Sun patched this.  So,
this is probably a different vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BID:2107
Reference: URL:http://www.securityfocus.com/bid/2107
Reference: XF:coffeecup-ftp-weak-encryption
Reference: URL:http://xforce.iss.net/static/5744.php

CoffeeCup Direct and Free FTP clients useas weak encryption to store
passwords in the FTPServers.ini file, which could allow attackers to
easily decrypt the passwords.

Analysis
----------------
ED_PRI CAN-2001-0103 3
Vendor Acknowledgement:
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001214 Bypass MDaemon 3.5.1 "Lock Server" Protection
Reference: URL:http://www.securityfocus.com/archive/1/151156
Reference: BID:2115
Reference: URL:http://www.securityfocus.com/bid/2115
Reference: XF:mdaemon-lock-bypass-password
Reference: URL:http://xforce.iss.net/static/5763.php

MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock
server" security setting by pressing the Cancel button at the password
prompt, then pressing the enter key.

Analysis
----------------
ED_PRI CAN-2001-0104 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007