[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-56 - 24 candidates

I have proposed cluster RECENT-56 for review and voting by the Editorial
Board.

Name: RECENT-56
Description: Candidates announced between 11/27/2000 and 1/30/2001
Size: 24

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html

inetd in Red Hat 6.2 does not properly close sockets for internal
services such as chargen, daytime, echo, etc., which allows remote
attackers to cause a denial of service via a series of connections to
the internal services.

Analysis
----------------
ED_PRI CAN-2001-0309 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
Reference: XF:sort-temp-file-abort
Reference: URL:http://xforce.iss.net/static/6038.php

sort in FreeBSD 4.1.1 and earlier, and possibly other operating
systems, uses predictable temporary file names and does not properly
handle when the temporary file already exists, which causes sort to
crash and possibly impacts security-sensitive scripts.

Analysis
----------------
ED_PRI CAN-2001-0310 1
Vendor Acknowledgement: yes advisory

INCLUSION:

FreeBSD considered this enough of a problem to post an advisory, but
it seems mostly theoretical and highly dependent on individual
scripts.  sort appears to have an exit status that is interpreted as
an error, so maybe the flaw is in the scripts that do not properly
handle when sort fails.  However, this error can be triggered by
another user, which effectively violates the underlying OS'es security
model despite how theoretical or minor the bug may be.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2
Reference: BUGTRAQ:20010206 Response to ProFTPD issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to
execute arbitrary commands by shutting down the FTP server while using
a malformed working directory (cwd).

Analysis
----------------
ED_PRI CAN-2001-0318 1
Vendor Acknowledgement: yes advisory

The original January 10 Bugtraq post indicates multiple format string
problems, but only one seems to be affected by user input.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0259
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
Reference: BID:2222
Reference: URL:http://www.securityfocus.com/bid/2222
Reference: XF:ssh-rpc-private-key
Reference: URL:http://xforce.iss.net/static/5963.php

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local
attackers to recover a SUN-DES-1 magic phrase generated by another
user, which the attacker can use to decrypt that user's private key
file.

Analysis
----------------
ED_PRI CAN-2001-0259 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
Reference: XF:lotus-domino-smtp-bo
Reference: URL:http://xforce.iss.net/static/5993.php
Reference: BID:2283
Reference: URL:http://www.securityfocus.com/bid/2283

Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a
remote attacker to crash the server or execute arbitrary code via a
long "RCPT TO" command.

Analysis
----------------
ED_PRI CAN-2001-0260 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0299
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20001127 Nokia firewalls
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2
Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2
Reference: BID:2054
Reference: URL:http://www.securityfocus.com/bid/2054

Buffer overflow in Voyager web administration server for Nokia IP440
allows local users to cause a denial of service, and possibly execute
arbitrary commands, via a long URL.

Analysis
----------------
ED_PRI CAN-2001-0299 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HPBUG:PHSS_22914
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
Reference: HPBUG:PHSS_22915
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows
attackers to gain unauthorized access to an ImniBack client.

Analysis
----------------
ED_PRI CAN-2001-0311 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: CF
Reference: BUGTRAQ:20010124 [SAFER] Security Bulletin 010124.EXP.1.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html
Reference: BID:2285
Reference: URL:http://www.securityfocus.com/bid/2285
Reference: XF:netscape-enterprise-list-directories
Reference: URL:http://xforce.iss.net/static/5997.php

The Web Publishing feature in Netscape Enterprise Server 4.x and
earlier allows remote attackers to list arbitrary directories under
the web server root via the INDEX command.

Analysis
----------------
ED_PRI CAN-2001-0250 3
Vendor Acknowledgement: unknown
Content Decisions: CD:CF-DATA

The INDEX capability may be a necessary feature for Web publishing.
If web publishing doesn't require any authentication, then maybe this
item should not be included in CVE.

Since this is a different type of vulnerability than the REVLOG denial
of service, CD:SF-LOC says to create a separate candidate for this
problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010125 [SAFER] Security Bulletin 010125.DOS.1.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0422.html
Reference: BID:2294
Reference: URL:http://www.securityfocus.com/bid/2294
Reference: XF:netscape-enterprise-revlog-dos
Reference: URL:http://xforce.iss.net/static/6003.php

The Web Publishing feature in Netscape Enterprise Server 3.x allows
remote attackers to cause a denial of service via the REVLOG command.

Analysis
----------------
ED_PRI CAN-2001-0251 3
Vendor Acknowledgement: unknown

Since this is a different type of vulnerability than the INDEX
disclosure problem, CD:SF-LOC says to create a separate candidate for
this problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0252
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS
Reference: URL:http://www.securityfocus.com/archive/1/157641
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2282
Reference: URL:http://www.securityfocus.com/bid/2282
Reference: XF:netscape-enterprise-dot-dos
Reference: URL:http://xforce.iss.net/static/5983.php

iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote
attackers to cause a denial of service via a long HTTP GET request
that contains many "/../" (dot dot) sequences.

Analysis
----------------
ED_PRI CAN-2001-0252 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0253
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010128 Hyperseek 2000 Search Engine - "show directory & files" bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0463.html
Reference: BID:2314
Reference: URL:http://www.securityfocus.com/bid/2314
Reference: XF:hyperseek-cgi-reveal-info
Reference: URL:http://xforce.iss.net/static/6012.php

Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek
2000 allows remote attackers to read arbitrary files and directories
via a .. (dot dot) attack in the show parameter.

Analysis
----------------
ED_PRI CAN-2001-0253 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021181215325&w=2

FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real
pathname of the server via the "pwd" command.

Analysis
----------------
ED_PRI CAN-2001-0254 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA, DESIGN-REAL-PATH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021181215325&w=2
Reference: BID:2267
Reference: URL:http://www.securityfocus.com/bid/2267
Reference: XF:fastream-ftp-path-disclosure
Reference: URL:http://xforce.iss.net/static/5977.php

FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary
directories by using the "ls" command and including the drive letter
name (e.g. C:) in the requested pathname.

Analysis
----------------
ED_PRI CAN-2001-0255 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021181215325&w=2
Reference: BID:2261
Reference: URL:http://www.securityfocus.com/bid/2261
Reference: XF:fastream-ftp-server-dos
Reference: URL:http://xforce.iss.net/static/5976.php

FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of
service, and possibly execute arbitrary commands, via a long username.

Analysis
----------------
ED_PRI CAN-2001-0256 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010123 def-2001-06: Easycom/Safecom 10/100 Multiple DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0375.html
Reference: BID:2291
Reference: URL:http://www.securityfocus.com/bid/2291
Reference: XF:easycom-safecom-url-bo
Reference: URL:http://xforce.iss.net/static/5988.php

Buffer overflow in Easycom/Safecom Print Server Web service, version
404.590 and earlier, allows remote attackers to execute arbitrary
commands via (1) a long URL or (2) a long HTTP header field such as
"Host:".

Analysis
----------------
ED_PRI CAN-2001-0257 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC says that multiple failure points of the same vulnerability
type should be combined into a single candidate.  Since the long URL
and long HTTP header field are both buffer overflows occurring in the
same version, they are combined here.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010123 def-2001-06: Easycom/Safecom 10/100 Multiple DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0375.html
Reference: XF:easycom-safecom-printguide-dos
Reference: URL:http://xforce.iss.net/static/5989.php

The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server
allows remote attackers to cause a denial of service via a large
number of connections that send null characters.

Analysis
----------------
ED_PRI CAN-2001-0258 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0261
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010119 BugTraq: EFS Win 2000 flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97992179925715&w=2
Reference: BUGTRAQ:20010123 Reply to EFS note on Bugtraq
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027311214976&w=2
Reference: BID:2243
Reference: URL:http://www.securityfocus.com/bid/2243
Reference: XF:win2k-efs-recover-data
Reference: URL:http://xforce.iss.net/static/5973.php

Microsoft Windows 2000 Encrypted File System does not properly destroy
backups of files that are encrypted, which allows a local attacker to
recover the text of encrypted files.

Analysis
----------------
ED_PRI CAN-2001-0261 3
Vendor Acknowledgement: unknown

A followup from Microsoft notes: "The plaintext backup file is *only*
created if an existing plaintext document is coverted to encrypted
form."  In addition, the user needs a certain level of privileges (or
physical access) needed to exploit this problem; if those privileges
allow the user to do other nefarious things, then maybe this should
not be considered a vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0300
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html

oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory
(ldaplog) that has world-writable permissions, which may allow local
users to delete logs and/or overwrite other files via a symlink
attack.

Analysis
----------------
ED_PRI CAN-2001-0300 3
Vendor Acknowledgement:

There might not be a problem here.  It is not clearly described in the
post.  In addition, the exploit only shows that a file is created by
root.  There is no followup by Oracle.  It is not clear whether this
is a real problem or not.  If there is no symlink problem, then logs
could be deleted - unless the log directory has the sticky bit set
(though it doesn't look like it's set based on the original post).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0312
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0312
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010125 Yet Another IBM WebSphere Showcode Vulerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0446.html

IBM WebSphere plugin for Netscape Enterprise server allows remote
attackers to read source code for JSP files via an HTTP request that
contains a host header that references a host that is not in
WebSphere's host aliases list, which will bypass WebSphere processing.

Analysis
----------------
ED_PRI CAN-2001-0312 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category:
Reference: BUGTRAQ:20010126 Borderware v6.1.2 ping DoS vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98053139231392&w=2
Reference: XF:borderware-ping-dos
Reference: URL:http://xforce.iss.net/static/6004.php

Borderware Firewall Server 6.1.2 allows remote attackers to cause a
denial of service via a ping to the broadcast address of the public
network on which the server is placed, which causes the server to
continuously send pings (echo requests) to the network.

Analysis
----------------
ED_PRI CAN-2001-0313 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010125 America Online 5.0 contains a buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98053366805491&w=2
Reference: XF:aol-malformed-url-dos
Reference: URL:http://xforce.iss.net/static/6009.php

Buffer overflow in www.tol module in America Online (AOL) 5.0 may
allow remote attackers to cause a denial of service, and possibly
execute arbitrary commands, via a long URL in a link.

Analysis
----------------
ED_PRI CAN-2001-0314 3
Vendor Acknowledgement:

INCLUSION:

The exploit as provided by the researcher involves placing a long
string into the client's input buffer for reading URL's.  Therefore it
is possible that the overflow occurs in the client's GUI instead of
the underlying networking code; if so, then this is not exploitable
and is not a security issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010125 mIRC allows password protection to be bypassed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98053777917287&w=2
Reference: XF:mirc-bypass-password
Reference: URL:http://xforce.iss.net/static/6013.php

The locking feature in mIRC 5.7 allows local users to bypass the
password mechanism by modifying the LockOptions registry key.

Analysis
----------------
ED_PRI CAN-2001-0315 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category:
Reference: BUGTRAQ:20010115 Stack Overflow in MSHTML.DLL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958685100219&w=2
Reference: BID:2202
Reference: URL:http://www.securityfocus.com/bid/2202
Reference: XF:ie-mshtml-dos
Reference: URL:http://xforce.iss.net/static/5938.php

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions,
allows remote attackers to cause a denial of service (application
crash) via a script that creates and deletes an object that is
associated with the browser window object.

Analysis
----------------
ED_PRI CAN-2001-0322 3
Vendor Acknowledgement:
Content Decisions: EX-CLIENT-DOS

INCLUSION:

CD:EX-CLIENT-DOS relates to issues in which there is a client-side DoS
that does not extend beyond the client itself.  The Editorial Board
may decide that such problems should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010115 ICMP fragmentation required but DF set problems.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958349623450&w=2
Reference: XF:icmp-pmtu-dos
Reference: URL:http://xforce.iss.net/static/5975.php

The ICMP path MTU (PMTU) discovery feature in various UNIX systems
allows remote attackers to cause a denial of service by spoofing "ICMP
Fragmentation needed but Don't Fragment (DF) set" packets between two
target hosts, which could cause one host to lower its MTU when
transmitting to the other host.

Analysis
----------------
ED_PRI CAN-2001-0323 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007