[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-52 - 21 candidates

The following cluster contains 21 candidates that were anounced
between January 11, 2001 and February 13, 2001.  (With the exception
of several reserved candidates, most were announced between January 11
and January 17).

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: MS:MS01-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt

Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users
to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible
window that is running with the privileges of the WINLOGON process.

Analysis
----------------
ED_PRI CAN-2001-0015 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010127
Category: SF/CF/MP/SA/AN/unknown
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp

NTLM Security Support Provider (NTLMSSP) service does not properly
check the function number in an LPC request, which could allow local
users to gain administrator level access.

Analysis
----------------
ED_PRI CAN-2001-0016 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: MS:MS01-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp

Memory leak in PPTP server in Windows NT 4.0 allows remote attackers
to cause a denial of service via a malformed data packet, aka the
"Malformed PPTP Packet Stream" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0017 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 Vulnerability in jaZip.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
Reference: DEBIAN:DSA-017-1
Reference: URL:http://www.debian.org/security/2001/dsa-017
Reference: BID:2209
Reference: URL:http://www.securityfocus.com/bid/2209

Buffer overflow in jaZip Zip/Jaz drive manager allows local users to
gain root privileges via a long DISPLAY environmental variable.

Analysis
----------------
ED_PRI CAN-2001-0110 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-1
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210

Format string vulnerability in splitvt before 1.6.5 allows local users
to execute arbitrary commands via the -rcfile command line argument.

Analysis
----------------
ED_PRI CAN-2001-0111 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0115
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2
Reference: BUGTRAQ:20010112 arp exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2
Reference: SUN:00200
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
Reference: BID:2193
Reference: URL:http://www.securityfocus.com/bid/2193

Buffer overflow in arp command in Solaris 7 and earlier allows local users
to execute arbitrary commands via a long -f parameter.

Analysis
----------------
ED_PRI CAN-2001-0115 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2
Reference: DEBIAN:DSA-018-1
Reference: URL:http://www.debian.org/security/2001/dsa-018
Reference: FREEBSD:FreeBSD-SA-01:15
Reference: BID:2217
Reference: URL:http://www.securityfocus.com/bid/2217

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long connect request.

Analysis
----------------
ED_PRI CAN-2001-0129 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010208
Category: SF
Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2
Reference: BID:2347
Reference: URL:http://www.securityfocus.com/bid/2347

CORE SDI SSH1 CRC-32 compensation attack detector allows remote
attackers to execute arbitrary commands on an SSH server or client via
an integer overflow.

Analysis
----------------
ED_PRI CAN-2001-0144 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0130
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF/CF/MP/SA/AN/unknown
Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html

Buffer overflow in HTML parser of the Lotus R5 Domino Server before
5.06, and Domino Client before 5.05, allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via a
malformed font size specifier.

Analysis
----------------
ED_PRI CAN-2001-0130 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010115 Veritas BackupExec (remote DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958921407182&w=2
Reference: BID:2204
Reference: URL:http://www.securityfocus.com/bid/2204

Veritas Backup agent on Linux allows remote attackers to cause a denial of
service by establishing a connection without sending any data, which
causes the process to hang.

Analysis
----------------
ED_PRI CAN-2001-0107 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://www.securityfocus.com/archive/1/156202
Reference: BID:2206
Reference: URL:http://www.securityfocus.com/bid/2206

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass
.htaccess access restrictions via a malformed HTTP request on an
unrestricted page that causes PHP to use those access controls on the
next page that is requested.

Analysis
----------------
ED_PRI CAN-2001-0108 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0109
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
Reference: BID:2207
Reference: URL:http://www.securityfocus.com/bid/2207

rctab in SuSE 7.0 and earlier allows local users to create or overwrite
arbitrary files via a symlink attack on the rctmp temporary file.

Analysis
----------------
ED_PRI CAN-2001-0109 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0112
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-2
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210

Multiple buffer overflows in splitvt before 1.6.5 allow local users
to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0112 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010116 Vulnerabilities in OmniHTTPd default installation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html
Reference: BID:2211
Reference: URL:http://www.securityfocus.com/bid/2211

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute
arbitrary commands via the mostbrowsers parameter, whose value is used
as part of a generated Perl script.

Analysis
----------------
ED_PRI CAN-2001-0113 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010116 Vulnerabilities in OmniHTTPd default installation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html
Reference: BID:2211
Reference: URL:http://www.securityfocus.com/bid/2211

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite
arbitrary files via the cgidir parameter.

Analysis
----------------
ED_PRI CAN-2001-0114 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010115 Flash plugin write-overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html
Reference: BID:2214
Reference: URL:http://www.securityfocus.com/bid/2214

Buffer overflow in Olivier Debon Flash plugin (not the Macromedia
plugin) allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a long DefineSound tag.

Analysis
----------------
ED_PRI CAN-2001-0127 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 Trend Micro's VirusWall: Multiple vunerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html
Reference: BID:2213
Reference: URL:http://www.securityfocus.com/bid/2213

Interscan VirusWall 3.6.x and earlier follows symbolic links when
uninstalling the product, which allows local users to overwrite
arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-0132 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 Trend Micro's VirusWall: Multiple vunerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html
Reference: BID:2212
Reference: URL:http://www.securityfocus.com/bid/2212

The web administration interface for Interscan VirusWall 3.6.x and
earlier does not use encryption, which could allow remote attackers to
obtain the administrator password to sniff the administrator password
via the setpasswd.cgi program or other HTTP GET requests that contain
base64 encoded usernames and passwords.

Analysis
----------------
ED_PRI CAN-2001-0133 3
Vendor Acknowledgement:
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010116 iXsecurity.20001120.compaq-authbo.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97967435023835&w=2
Reference: COMPAQ:SSRT0705
Reference: URL:http://www5.compaq.com/products/servers/management/agentsecurity.html
Reference: BID:2200
Reference: URL:http://www.securityfocus.com/bid/2200

Buffer overflow in cpqlogin.htm in web-enabled agents for various
Compaq management software products such as Insight Manager and
Management Agents allows remote attackers to execute arbitrary
commands via a long user name.

Analysis
----------------
ED_PRI CAN-2001-0134 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0135
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: CF
Reference: BUGTRAQ:20010112 UltraBoard cgi directory permission problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97933458505857&w=2
Reference: BID:2197
Reference: URL:http://www.securityfocus.com/bid/2197

The default installation of Ultraboard 2000 2.11 creates the Skins,
Database, and Backups directories with world-writeable permissions,
which could allow local users to modify sensitive information or
possibly insert and execute CGI programs.

Analysis
----------------
ED_PRI CAN-2001-0135 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2
Reference: BID:2203
Reference: URL:http://www.securityfocus.com/bid/2203

Windows Media Player 7 allows remote attackers to execute malicious
Java applets in Internet Explorer clients by enclosing the applet in a
skin file named skin.wmz, then referencing that skin in the codebase
parameter to an applet tag.

Analysis
----------------
ED_PRI CAN-2001-0137 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007