|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-58 - 28 candidates
I have proposed cluster RECENT-58 for review and voting by the Editorial Board. Name: RECENT-58 Description: Candidates announced between 2/22/2001 and 3/29/2001 Size: 28 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0145 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: MS:MS01-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-012.asp Reference: ATSTAKE:A022301-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a022301-1.txt Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. Analysis ---------------- ED_PRI CAN-2001-0145 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0147 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: MS:MS01-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. Analysis ---------------- ED_PRI CAN-2001-0147 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0152 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: MS:MS01-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. Analysis ---------------- ED_PRI CAN-2001-0152 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0153 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html Reference: MS:MS01-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2001-0153 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2 Reference: MS:MS01-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. Analysis ---------------- ED_PRI CAN-2001-0154 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0236 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010309 Category: SF Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2 Reference: CERT:CA-2001-05 Reference: URL:http://www.cert.org/advisories/CA-2001-05.html Reference: BID:2417 Reference: URL:http://www.securityfocus.com/bid/2417 Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. Analysis ---------------- ED_PRI CAN-2001-0236 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0266 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: HP:HPSBUX0102-143 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-0266 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0279 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html Reference: MANDRAKE:MDKSA-2001:024 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3 Reference: DEBIAN:DSA-031 Reference: URL:http://www.debian.org/security/2001/dsa-031 Reference: CONECTIVA:CLA-2001:381 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381 Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0279 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0284 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel. Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. Analysis ---------------- ED_PRI CAN-2001-0284 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0288 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Analysis ---------------- ED_PRI CAN-2001-0288 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0289 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html Reference: MANDRAKE:MDKSA-2001:026 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3 Reference: DEBIAN:DSA-041 Reference: URL:http://www.debian.org/security/2001/dsa-041 Reference: REDHAT:RHSA-2001:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. Analysis ---------------- ED_PRI CAN-2001-0289 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0287 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. Analysis ---------------- ED_PRI CAN-2001-0287 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0290 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. Analysis ---------------- ED_PRI CAN-2001-0290 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0295 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2 Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31 Reference: BID:2444 Reference: URL:http://www.securityfocus.com/bid/2444 Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. Analysis ---------------- ED_PRI CAN-2001-0295 2 Vendor Acknowledgement: yes advisory Other vulnerability sources say that the vulnerability allows arbitrary file reading, but only "dir" is affected, according to the vendor. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0280 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0280 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. Analysis ---------------- ED_PRI CAN-2001-0280 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0282 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010223 SEDUM v2.1 HTTPd - Denial of Service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0419.html SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. Analysis ---------------- ED_PRI CAN-2001-0282 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0283 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010302 Sunftp build9(1) - ftp server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT. Analysis ---------------- ED_PRI CAN-2001-0283 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type, in the same software version, into the same candidate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0285 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. Analysis ---------------- ED_PRI CAN-2001-0285 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0286 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0286 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. Analysis ---------------- ED_PRI CAN-2001-0286 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0291 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010305 Remote buffer overflow condition in post-query (CGI). Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0003.html Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. Analysis ---------------- ED_PRI CAN-2001-0291 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0292 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010302 PHPNUKE4.4.1a Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0525.html PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. Analysis ---------------- ED_PRI CAN-2001-0292 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0293 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0293 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010228 Vulnerability in FtpXQ Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0508.html Reference: BID:2426 Reference: URL:http://www.securityfocus.com/bid/2426 Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. Analysis ---------------- ED_PRI CAN-2001-0293 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0294 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0294 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010228 Vulnerability in TYPSoft FTP Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0511.html Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command. Analysis ---------------- ED_PRI CAN-2001-0294 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that since these are variations of .. problems occurring in the same software version, they should be combined into a single candidate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0296 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010303 WFTPD Pro 3.00 R1 Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0531.html Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. Analysis ---------------- ED_PRI CAN-2001-0296 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0297 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010224 The Simple Server HTTPd Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/165523 Reference: BID:2415 Reference: URL:http://www.securityfocus.com/bid/2415 Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Analysis ---------------- ED_PRI CAN-2001-0297 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0298 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010227 WebReflex 1.55 HTTPd DoS Reference: URL:http://www.securityfocus.com/archive/1/165671 Reference: BID:2425 Reference: URL:http://www.securityfocus.com/bid/2425 Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-2001-0298 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0320 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010223 Yet another hole in PHP-Nuke Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. Analysis ---------------- ED_PRI CAN-2001-0320 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0321 Final-Decision: Interim-Decision: Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html opendir.php script n PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. Analysis ---------------- ED_PRI CAN-2001-0321 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
