[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-57 - 27 candidates



I have proposed cluster RECENT-57 for review and voting by the Editorial
Board.

Name: RECENT-57
Description: Candidates announced between 2/2/2001 and 2/21/2001
Size: 27

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-008
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html

NM debug in HP MPE/iX 6.5 and earlier does not properly handle
breakpoints, which allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0267 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: NETBSD:NetBSD-SA:2001-002
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
Reference: BUGTRAQ:20010219 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Reference: URL:http://www.openbsd.org/errata.html#userldt

NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local users
to gain root privileges by accessing kernel memory via a segment call
gate when the USER_LDT kernel option is enabled.

Analysis
----------------
ED_PRI CAN-2001-0268 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-009
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html

Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local
users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0278 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0301
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Security advisory for analog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
Reference: CONFIRM:http://www.analog.cx/security2.html
Reference: REDHAT:RHSA-2001:017
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
Reference: DEBIAN:DSA-033
Reference: URL:http://www.debian.org/security/2001/dsa-033
Reference: BID:2377
Reference: URL:http://www.securityfocus.com/bid/2377

Buffer overflow in Analog before 4.16 allows remote attackers to
execute arbitrary commands by using the ALIAS command to construct
large strings.

Analysis
----------------
ED_PRI CAN-2001-0301 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and
possibly gain privileges via a negative argument to the sysctl call.

Analysis
----------------
ED_PRI CAN-2001-0316 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local
users to gain privileges by using ptrace to track and modify a running
setuid process.

Analysis
----------------
ED_PRI CAN-2001-0317 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0274
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010214 Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
Reference: BUGTRAQ:20010303 Re: Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html

kicq IRC client 1.0.0, and possibly later versions, allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.

Analysis
----------------
ED_PRI CAN-2001-0274 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010205 IBM NetCommerce Security
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
Reference: BID:2350
Reference: URL:http://www.securityfocus.com/bid/2350

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to
execute arbitrary SQL queries by inserting them into the order_rn
option of the report capability.

Analysis
----------------
ED_PRI CAN-2001-0319 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: CF
Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle
Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to
read arbitrary files via the .jsp and .sqljsp file extensions when the
server is configured to use the <<ALL FILES>> FilePermission.

Analysis
----------------
ED_PRI CAN-2001-0326 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html

pam_ldap authentication module in Solaris 8 allows remote attackers to
bypass authentication via a NULL password.

Analysis
----------------
ED_PRI CAN-2001-0269 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category:
Reference: BUGTRAQ:20010219 Denial of Service Condition exists in Fore/Marconi ASX Switches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0349.html
Reference: BID:2400
Reference: URL:http://www.securityfocus.com/bid/2400

Marconi ASX-1000 ASX switches allow remote attackers to cause a denial
of service in the telnet and web management interfaces via a malformed
packet with the SYN-FIN and More Fragments attributes set.

Analysis
----------------
ED_PRI CAN-2001-0270 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010218 mailnews.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0347.html

mailnews.cgi 1.3 and earlier allows remote attackers to execute
arbitrary commands via a user name that contains shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0271 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010212 W3.ORG sendtemp.pl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0259.html

Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web
development server allows remote attackers to read arbitrary files via
a .. (dot dot) attack in the templ parameter.

Analysis
----------------
ED_PRI CAN-2001-0272 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0273
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010220 [CryptNET Advisory] pgp4pine-1.75-6 - expired public keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0367.html

pgp4pine Pine/PGP interface version 1.75-6 does not properly check to
see if a public key has expired when obtaining the keys via Gnu
Privacy Guard (GnuPG), which causes the message to be sent in
cleartext.

Analysis
----------------
ED_PRI CAN-2001-0273 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010219 NetSuite 1.02 web server vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0346.html

Moby Netsuite Web Server 1.02 allows remote attackers to cause a
denial of service, and possibly execute arbitrary commands, via a long
HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0275 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2
Reference: BID:2390
Reference: URL:http://www.securityfocus.com/bid/2390

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote
attackers to determine the physical path of the server by directly
calling ext.dll without any arguments, which produces an error message
that contains the path.

Analysis
----------------
ED_PRI CAN-2001-0276 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2
Reference: BID:2392
Reference: URL:http://www.securityfocus.com/bid/2392

Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2001-0277 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010221 NT drivers are potentially vulnerable to format string bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0379.html

Format string vulnerability in DbgPrint function, used in debug
messages for some Windows NT drivers (possibly when called through
DebugMessage), may allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0281 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0302
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010215 Vulnerabilities in Pi3Web Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html
Reference: BID:2381
Reference: URL:http://www.securityfocus.com/bid/2381

Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows
remote attackers to cause a denial of service, and possibly execute
arbitrary commands, via a long URL.

Analysis
----------------
ED_PRI CAN-2001-0302 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0303
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010215 Vulnerabilities in Pi3Web Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html
Reference: BID:2381
Reference: URL:http://www.securityfocus.com/bid/2381

tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to
determine the physical path of the server via a URL that requests a
non-existent file.

Analysis
----------------
ED_PRI CAN-2001-0303 3
Vendor Acknowledgement:
Content Decisions: DESIGN-REAL-PATH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0304
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0304
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category:
Reference: BUGTRAQ:20010216 Vulnerability in Resin Webserver
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98229372610440&w=2
Reference: BID:2384
Reference: URL:http://www.securityfocus.com/bid/2384

Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote
attackers to read arbitrary files via a "\.." (dot dot) in a URL
request.

Analysis
----------------
ED_PRI CAN-2001-0304 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0305
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0305
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010216 Thinking Arts Store.cgi Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0324.html
Reference: BID:2385
Reference: URL:http://www.securityfocus.com/bid/2385

Directory traversal vulnerability in store.cgi in Thinking Arts ES.One
package allows remote attackers to read arbitrary files via a .. (dot
dot) in the StartID parameter.

Analysis
----------------
ED_PRI CAN-2001-0305 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010216 WEBactive HTTP Server 1.0 Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0332.html
Reference: BID:2386
Reference: URL:http://www.securityfocus.com/bid/2386

Directory traversal vulnerability in ITAfrica WEBactive HTTP Server
1.00 allows remote attackers to read arbitrary files via a .. (dot
dot) in a URL.

Analysis
----------------
ED_PRI CAN-2001-0306 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category:
Reference: BUGTRAQ:20010216 Vulnerabilities in Bajie Http JServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html

Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary
commands via shell metacharacters in an HTTP request for a CGI program
that does not exist.

Analysis
----------------
ED_PRI CAN-2001-0307 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010216 Vulnerabilities in Bajie Http JServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html
Reference: BID:2388
Reference: URL:http://www.securityfocus.com/bid/2388

UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to
execute arbitrary commands by calling the servlet to upload a program,
then using a ... (modified ..) to access the file that was created for
the program.

Analysis
----------------
ED_PRI CAN-2001-0308 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

There may be 2 separate vulnerabilities here, one of which may be the
same as CAN-2000-0773.  One problem could be UploadServlet - unless the
intended design requires some sort of review/approval process before
the servlet can be executed.  A separate problem could be the use of
the ... in the request to execute the program, which resides outside
of the CGI bin directory.  However, perhaps the vendor didn't fix
the dot dot problem that was in an earlier version (CAN-2000-0773), and
this is the same bug.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0324
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010206 Windows client UDP exhaustion denial of service
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0060.html
Reference: BID:2340
Reference: URL:http://www.securityfocus.com/bid/2340

Windows 98 and Windows 2000 Java clients allow remote attackers to
cause a denial of service via a Java applet that opens a large number
of UDP sockets, which prevents the host from establishing any
additional UDP connections, and possibly causes a crash.

Analysis
----------------
ED_PRI CAN-2001-0324 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010202 QNX RTP ftpd stack overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0031.html
Reference: BID:2342
Reference: URL:http://www.securityfocus.com/bid/2342

Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a
denial of service and possibly execute arbitrary commands via a large
number of arguments to the stat command.

Analysis
----------------
ED_PRI CAN-2001-0325 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007