[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-58 - 28 candidates

I have proposed cluster RECENT-58 for review and voting by the Editorial
Board.

Name: RECENT-58
Description: Candidates announced between 2/22/2001 and 3/29/2001
Size: 28

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-012.asp
Reference: ATSTAKE:A022301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a022301-1.txt

Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook
Express 5.x, allows an attacker to execute arbitrary commands via a
malformed vCard birthday field.

Analysis
----------------
ED_PRI CAN-2001-0145 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp

Buffer overflow in Windows 2000 event viewer snap-in allows attackers
to execute arbitrary commands via a malformed field that is improperly
handled during the detailed view of event records.

Analysis
----------------
ED_PRI CAN-2001-0147 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp

The password protection option for the Compressed Folders feature in
Plus! for Windows 98 and Windows Me writes password information to a
file, which allows local users to recover the passwords and read the
compressed folders.

Analysis
----------------
ED_PRI CAN-2001-0152 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html
Reference: MS:MS01-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual
Studio 6.0 Enterprise Edition allows remote attackers to execute
arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0153 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2
Reference: MS:MS01-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

HTML e-mail feature in Internet Explorer 5.5 and earlier allows
attackers to execute attachments by setting an unusual MIME type for
the attachment, which Internet Explorer does not process correctly.

Analysis
----------------
ED_PRI CAN-2001-0154 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010309
Category: SF
Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2
Reference: CERT:CA-2001-05
Reference: URL:http://www.cert.org/advisories/CA-2001-05.html
Reference: BID:2417
Reference: URL:http://www.securityfocus.com/bid/2417

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows
remote attackers to execute arbitrary commands via a long "indication"
event.

Analysis
----------------
ED_PRI CAN-2001-0236 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBUX0102-143
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html

Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier
allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0266 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
Reference: MANDRAKE:MDKSA-2001:024
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
Reference: DEBIAN:DSA-031
Reference: URL:http://www.debian.org/security/2001/dsa-031
Reference: CONECTIVA:CLA-2001:381
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to
gain root privileges.

Analysis
----------------
ED_PRI CAN-2001-0279 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a malformed Authentication
header (AH) IPv4 option.

Analysis
----------------
ED_PRI CAN-2001-0284 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

Cisco switches and routers running IOS 12.1 and earlier produce
predictable TCP Initial Sequence Numbers (ISNs), which allows remote
attackers to spoof or hijack TCP connections.

Analysis
----------------
ED_PRI CAN-2001-0288 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Reference: MANDRAKE:MDKSA-2001:026
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
Reference: DEBIAN:DSA-041
Reference: URL:http://www.debian.org/security/2001/dsa-041
Reference: REDHAT:RHSA-2001:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html

Joe text editor 2.8 searches the current working directory (CWD) for
the .joerc configuration file, which could allow local users to gain
privileges of other users by placing a Trojan Horse .joerc file into a
directory, then waiting for users to execute joe from that directory.

Analysis
----------------
ED_PRI CAN-2001-0289 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm

VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to
cause a denial of service (system panic) via the -L option to the
lltstat command.

Analysis
----------------
ED_PRI CAN-2001-0287 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html

Vulnerability in Mailman 2.0.1 and earlier allows list administrators
to obtain user passwords.

Analysis
----------------
ED_PRI CAN-2001-0290 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0295
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2
Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
Reference: BID:2444
Reference: URL:http://www.securityfocus.com/bid/2444

Directory traversal vulnerability in War FTP 1.67.04 allows remote
attackers to list directory contents and possibly read files via a
"dir *./../.." command.

Analysis
----------------
ED_PRI CAN-2001-0295 2
Vendor Acknowledgement: yes advisory

Other vulnerability sources say that the vulnerability allows
arbitrary file reading, but only "dir" is affected, according to the
vendor.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0280
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html

Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to
execute arbitrary commands via a long EXPN command.

Analysis
----------------
ED_PRI CAN-2001-0280 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010223 SEDUM v2.1 HTTPd - Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0419.html

SEDUM 2.1 HTTP server allows remote attackers to cause a denial of
service and possibly execute arbitrary commands via a long HTTP
request.

Analysis
----------------
ED_PRI CAN-2001-0282 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010302 Sunftp build9(1) - ftp server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html

Directory traversal vulnerability in SunFTP build 9 allows remote
attackers to read arbitrary files via .. (dot dot) characters in
various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME,
or (5) PUT.

Analysis
----------------
ED_PRI CAN-2001-0283 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION:

CD:SF-LOC suggests combining problems of the same type, in the same
software version, into the same candidate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html

Buffer overflow in A1 HTTP server 1.0a allows remote attackers to
cause a denial of service and possibly execute arbitrary commands via
a long HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0285 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html

Directory traversal vulnerability in A1 HTTP server 1.0a allows remote
attackers to read arbitrary files via a .. (dot dot) in an HTTP GET
request.

Analysis
----------------
ED_PRI CAN-2001-0286 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010305 Remote buffer overflow condition in post-query (CGI).
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0003.html

Buffer overflow in post-query sample CGI program allows remote
attackers to execute arbitrary commands via an HTTP POST request that
contains at least 10001 parameters.

Analysis
----------------
ED_PRI CAN-2001-0291 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010302 PHPNUKE4.4.1a Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0525.html

PHP-Nuke 4.4.1a allows remote attackers to modify a user's email
address and obtain the password by guessing the user id (UID) and
calling user.php with the saveuser operator.

Analysis
----------------
ED_PRI CAN-2001-0292 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010228 Vulnerability in FtpXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0508.html
Reference: BID:2426
Reference: URL:http://www.securityfocus.com/bid/2426

Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows
remote attackers to read arbitrary files via a .. (dot dot) in the GET
command.

Analysis
----------------
ED_PRI CAN-2001-0293 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010228 Vulnerability in TYPSoft FTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0511.html

Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows
remote attackers to read arbitrary files via (1) a .. (dot dot) in a
GET command, or (2) a ... in a CWD command.

Analysis
----------------
ED_PRI CAN-2001-0294 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION:

CD:SF-LOC suggests that since these are variations of .. problems
occurring in the same software version, they should be combined into a
single candidate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010303 WFTPD Pro 3.00 R1 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0531.html

Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute
arbitrary commands via a long CWD command.

Analysis
----------------
ED_PRI CAN-2001-0296 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0297
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010224 The Simple Server HTTPd Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/165523
Reference: BID:2415
Reference: URL:http://www.securityfocus.com/bid/2415

Directory traversal vulnerability in Simple Server HTTPd 1.0
(originally Free Java Server) allows remote attackers to read
arbitrary files via a .. (dot dot) in the URL.

Analysis
----------------
ED_PRI CAN-2001-0297 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0298
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010227 WebReflex 1.55 HTTPd DoS
Reference: URL:http://www.securityfocus.com/archive/1/165671
Reference: BID:2425
Reference: URL:http://www.securityfocus.com/bid/2425

Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to
cause a denial of service, and possibly execute arbitrary commands,
via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2001-0298 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010223 Yet another hole in PHP-Nuke
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote
attackers to read arbitrary files and gain PHP administrator
privileges by inserting a null character and .. (dot dot) sequences
into a malformed username argument.

Analysis
----------------
ED_PRI CAN-2001-0320 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html

opendir.php script n PHP-Nuke allows remote attackers to read
arbitrary files by specifying the filename as an argument to the
requesturl parameter.

Analysis
----------------
ED_PRI CAN-2001-0321 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007