[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-53 - 30 candidates



I have proposed cluster RECENT-53 for review and voting by the Editorial
Board.

Name: RECENT-53
Description: Candidates announced between 12/18/2000 and 1/23/2001
Size: 30

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:012
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
Reference: SUSE:SuSE-SA:2001:01
Reference: URL:http://www.suse.com/de/support/security/2001_001_glibc_txt.txt
Reference: CALDERA:CSSA-2001-007
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
Reference: REDHAT:RHSA-2001:002-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html
Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc
Reference: URL:http://www.securityfocus.com/archive/1/157650
Reference: BID:2223
Reference: URL:http://www.securityfocus.com/bid/2223
Reference: XF:linux-glibc-preload-overwrite
Reference: URL:http://xforce.iss.net/static/5971.php

When using the LD_PRELOAD environmental variable in SUID or SGID
applications, glibc does not verify that preloaded libraries in
/etc/ld.so.cache are also SUID/SGID, which could allow a local user to
overwrite arbitrary files by loading a library from /lib or /usr/lib.

Analysis
----------------
ED_PRI CAN-2001-0169 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010110 Glibc Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
Reference: REDHAT:RHSA-2001:001-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html
Reference: BID:2181
Reference: URL:http://www.securityfocus.com/bid/2181
Reference: XF:linux-glibc-read-files
Reference: URL:http://xforce.iss.net/static/5907.php

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF,
HOSTALIASES, or RES_OPTIONS environmental variables when executing
setuid/setgid programs, which could allow local users to read
arbitrary files.

Analysis
----------------
ED_PRI CAN-2001-0170 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0178
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:018
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Reference: CALDERA:CSSA-2001-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Reference: SUSE:SuSE-SA:2001:02
Reference: URL:http://www.suse.com/de/support/security/2001_002_kdesu_txt.txt
Reference: XF:kde2-kdesu-retrieve-passwords
Reference: URL:http://xforce.iss.net/static/5995.php

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify
the owner of a UNIX socket that is used to send a password, which
allows local users to steal passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0178 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0183
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:08
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
Reference: BID:2293
Reference: URL:http://www.securityfocus.com/bid/2293
Reference: XF:ipfw-bypass-firewall
Reference: URL:http://xforce.iss.net/static/5998.php

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to
bypass access restrictions by setting the ECE flag in a TCP packet,
which makes the packet appear to be part of an established connection.

Analysis
----------------
ED_PRI CAN-2001-0183 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0187
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
Reference: BID:2296
Reference: URL:http://www.securityfocus.com/bid/2296
Reference: XF:wuftp-debug-format-string
Reference: URL:http://xforce.iss.net/static/6020.php

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running
with debug mode enabled, allows remote attackers to execute arbitrary
commands via a malformed argument that is recorded in a PASV port
assignment.

Analysis
----------------
ED_PRI CAN-2001-0187 1
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0195
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-015
Reference: URL:http://www.debian.org/security/2001/dsa-015
Reference: XF:linux-sash-shadow-readable
Reference: URL:http://xforce.iss.net/static/5994.php

sash before 3.4-4 in Debian Linux does not properly clone /etc/shadow,
which makes it world-readable and could allow local users to gain
privileges via password cracking.

Analysis
----------------
ED_PRI CAN-2001-0195 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0197
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
Reference: CONECTIVA:CLA-2001:374
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
Reference: REDHAT:RHSA-2001:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html
Reference: XF:icecast-format-string
Reference: URL:http://xforce.iss.net/static/5978.php
Reference: BID:2264
Reference: URL:http://www.securityfocus.com/bid/2264

Format string vulnerability in print_client in icecast 1.3.8beta2 and
earlier allows remote attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0197 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0219
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: HP:HPSBUX0101-137
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
Reference: XF:hp-stm-dos
Reference: URL:http://xforce.iss.net/static/5957.php
Reference: BID:2239
Reference: URL:http://www.securityfocus.com/bid/2239

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11
and earlier allows local users to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2001-0219 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0222
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001-016
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
Reference: CALDERA:CSSA-2001-004.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
Reference: XF:linux-webmin-tmpfiles
Reference: URL:http://xforce.iss.net/static/6011.php

webmin 0.84 and earlier allows local users to overwrite and create
arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-0222 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0233
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
Reference: DEBIAN:DSA-012
Reference: URL:http://www.debian.org/security/2001/dsa-012
Reference: FREEBSD:FreeBSD-SA-01:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
Reference: REDHAT:RHSA-2001:005-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html
Reference: XF:micq-sprintf-remote-bo(5962)
Reference: URL:http://xforce.iss.net/static/5962.php

Buffer overflow in micq client 0.4.6 and earlier allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long Description field.

Analysis
----------------
ED_PRI CAN-2001-0233 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0235
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-024
Reference: URL:http://www.debian.org/security/2001/dsa-024
Reference: FREEBSD:FreeBSD-SA-01:09
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc

Vulnerability in crontab allows local users to read crontab files of
other users by replacing the temporary file that is being edited while
crontab is running.

Analysis
----------------
ED_PRI CAN-2001-0235 1
Vendor Acknowledgement: yes advisory

This looks similar to CVE-2000-0972, which is for HP-UX.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
Reference: XF:shockwave-flash-swf-bo
Reference: URL:http://xforce.iss.net/static/5826.php

Macromedia Shockwave Flash plugin version 8 and earlier allows remote
attackers to cause a denial of service via malformed tag length
specifiers in a SWF file.

Analysis
----------------
ED_PRI CAN-2001-0166 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
Reference: URL:http://www.securityfocus.com/archive/1/157952
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035651825590&w=2
Reference: BID:2287
Reference: URL:http://www.securityfocus.com/bid/2287
Reference: XF:netopia-telnet-dos
Reference: URL:http://xforce.iss.net/static/6001.php

Netopia R9100 router version 4.6 allows authenticated users to cause a
denial of service by using the router's telnet program to connect to
the router's IP address, which causes a crash.

Analysis
----------------
ED_PRI CAN-2001-0185 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0207
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 Buffer overflow in bing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0333.html
Reference: XF:linux-bing-bo
Reference: URL:http://xforce.iss.net/static/6036.php
Reference: BID:2279
Reference: URL:http://www.securityfocus.com/bid/2279

Buffer overflow in bing allows remote attackers toe xecute arbitrary
commands via a long hostname, which is copied to a small buffer after
a reverse DNS lookup using the gethostbyaddr function.

Analysis
----------------
ED_PRI CAN-2001-0207 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0172
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010109 major security bug in reiserfs (may affect SuSE Linux)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0127.html
Reference: XF:suse-reiserfs-long-filenames
Reference: URL:http://xforce.iss.net/static/5910.php
Reference: BID:2180
Reference: URL:http://www.securityfocus.com/bid/2180

Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to
cause a denial of service and possibly execute arbitrary commands by
via a long directory name.

Analysis
----------------
ED_PRI CAN-2001-0172 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2273
Reference: URL:http://www.securityfocus.com/bid/2273
Reference: XF:netscape-fasttrack-cache-dos
Reference: URL:http://xforce.iss.net/static/5985.php

The caching module in Netscape Fasttrack Server 4.1 allows remote
attackers to cause a denial of service (resource exhaustion) by
requesting a large number of non-existent URL's.

Analysis
----------------
ED_PRI CAN-2001-0175 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
Reference: BID:2125
Reference: URL:http://www.securityfocus.com/bid/2125

The setuid doroot program in Voyant Sonata 3.x executes arbitrary
command line arguments, which allows local users to gain root
privileges.

Analysis
----------------
ED_PRI CAN-2001-0176 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010110 Vulnerable: Conference Room Professional-Developer Edititon.
Reference: URL:http://www.securityfocus.com/archive/1/155388
Reference: BID:2178
Reference: URL:http://www.securityfocus.com/bid/2178
Reference: XF:conferenceroom-developer-dos
Reference: URL:http://xforce.iss.net/static/5909.php

WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a
denial of service via a buddy relationship between the IRC server and
a server clone.

Analysis
----------------
ED_PRI CAN-2001-0177 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: CALDERA:CSSA-2001-003.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-003.0.txt
Reference: BID:2215
Reference: URL:http://www.securityfocus.com/bid/2215
Reference: XF:dhcp-format-string
Reference: URL:http://xforce.iss.net/static/5953.php

Format string vulnerability in the error logging code of DHCP server
and client in Caldera Linux allows remote attackers to execute
arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0181 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0182
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
Reference: XF:fw1-limited-license-dos
Reference: URL:http://xforce.iss.net/static/5966.php
Reference: BID:2238
Reference: URL:http://www.securityfocus.com/bid/2238

Firewall-1 4.1 with a limited-IP license allows remote attackers to
cause a denial of service by sending a large number of spoofed IP
packets with various source addresses to the inside interface, which
floods the console with warning messages and consumes CPU resources.

Analysis
----------------
ED_PRI CAN-2001-0182 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010121 eEye Iris the Network traffic analyser DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html
Reference: BID:2278
Reference: URL:http://www.securityfocus.com/bid/2278
Reference: XF:eeye-iris-dos
Reference: URL:http://xforce.iss.net/static/5981.php

eEye Iris 1.01 beta allows remote attackers to cause a denial of
service via a malformed packet, which causes Iris to crash when a user
views the packet.

Analysis
----------------
ED_PRI CAN-2001-0184 3
Vendor Acknowledgement: yes followup
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010122 def-2001-03: GoodTech Systems FTP Connection DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0350.html
Reference: BID:2270
Reference: URL:http://www.securityfocus.com/bid/2270
Reference: XF:goodtech-ftp-dos
Reference: URL:http://xforce.iss.net/static/5984.php

GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to
cause a denial of service via a flood of connections to the server,
which causes it to crash.

Analysis
----------------
ED_PRI CAN-2001-0188 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
Reference: BID:2268
Reference: URL:http://www.securityfocus.com/bid/2268
Reference: XF:localweb2k-directory-traversal
Reference: URL:http://xforce.iss.net/static/5982.php

Directory traversal vulnerability in LocalWEB2000 HTTP server allows
remote attackers to read arbitrary commands via a .. (dot dot) attack
in an HTTP GET request.

Analysis
----------------
ED_PRI CAN-2001-0189 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2
Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and
possibly other operating systems, allows local users to gain
privileges by executing cu with a long program name (arg0).

Analysis
----------------
ED_PRI CAN-2001-0190 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0201
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Postaci allows arbitrary SQL query execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0287.html
Reference: BID:2230
Reference: URL:http://www.securityfocus.com/bid/2230
Reference: XF:postaci-sql-command-injection
Reference: URL:http://xforce.iss.net/static/5972.ph p

The Postaci frontend for PostgreSQL does not properly filter
characters such as semicolons, which could allow remote attackers to
execute arbitrary SQL queries via the deletecontact.php program.

Analysis
----------------
ED_PRI CAN-2001-0201 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
Reference: BID:2284
Reference: URL:http://www.securityfocus.com/bid/2284
Reference: XF:watchguard-firebox-obtain-passphrase
Reference: URL:http://xforce.iss.net/static/5979.php

Watchguard Firebox II firewall allows users with read-only access to
gain read-write access, and administrative privileges, by accessing a
file that contains hashed passphrases, and using the hashes during
authentication.

Analysis
----------------
ED_PRI CAN-2001-0203 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0209
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010118 Shoutcast Server Buffer Crashes Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0305.html
Reference: XF:shoutcast-description-bo
Reference: URL:http://xforce.iss.net/static/5965.php

Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS)
1.7.1 allows remote attackers to cause a denial of service, and
possibly execute arbitrary commands, via a long description.

Analysis
----------------
ED_PRI CAN-2001-0209 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0223
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 numerous holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97984174724339&w=2
Reference: XF:wwwwais-cgi-dos
Reference: URL:http://xforce.iss.net/static/5980.php

Buffer overflow in wwwwais allows remote attackers to execute
arbitrary commands via a long QUERY_STRING (HTTP GET request).

Analysis
----------------
ED_PRI CAN-2001-0223 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0231
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010103 News Desk 1.2 CGI Vulnerbility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html
Reference: BID:2172
Reference: URL:http://www.securityfocus.com/bid/2172
Reference: XF:newsdesk-cgi-read-files
Reference: URL:http://xforce.iss.net/static/5898.php

Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows
remote attackers to read arbitrary files via a .. in the "t" parameter.

Analysis
----------------
ED_PRI CAN-2001-0231 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0232
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010103 News Desk 1.2 CGI Vulnerbility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html

newsdesk.cgi in News Desk 1.2 allows remote attackers to read
arbitrary files via shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0232 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007