[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[INTERIM] ACCEPT 134 recent candidates (Final 5/7)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: [INTERIM] ACCEPT 134 recent candidates (Final 5/7)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Wed, 2 May 2001 01:56:13 -0400 (EDT)
- Delivery-Date: Wed May 2 01:56:17 2001
- Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following 234 candidates, all of which are from various RECENT-XX clusters, up to the clusters that were proposed on April 4. I will make a Final Decision on May 7. Voters: Wall ACCEPT(19) NOOP(85) REVIEWING(1) Ziese ACCEPT(75) NOOP(31) REVIEWING(1) LeBlanc ACCEPT(1) Cole ACCEPT(110) NOOP(3) Collins ACCEPT(7) Bishop ACCEPT(28) Baker ACCEPT(31) Lawler ACCEPT(29) Frech ACCEPT(51) MODIFY(71) Dik ACCEPT(4) MODIFY(1) NOOP(1) Christey NOOP(39) Balinsky ACCEPT(1) Bollinger ACCEPT(1) Prosser ACCEPT(18) ACCEPT --> 117 ACCEPT_ACK --> 15 ACCEPT_ACK_REV --> 1 ACCEPT_REV --> 1 ====================================================== Candidate: CAN-2001-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0002 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010309 Assigned: 20010104 Category: SF Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97475003815911&w=2 Reference: XF:ie-chm-execute-files(5567) Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Modifications: ADDREF XF:ie-chm-execute-files(5567) INFERRED ACTION: CAN-2001-0002 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ie-chm-execute-files(5567) ====================================================== Candidate: CAN-2001-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0003 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010104 Category: SF Reference: MS:MS01-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp Reference: XF:wec-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5920.php Reference: BID:2199 Reference: URL:http://www.securityfocus.com/bid/2199 Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. Modifications: ADDREF BID:2199 ADDREF XF:wec-ntlm-authentication INFERRED ACTION: CAN-2001-0003 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Wall MODIFY(1) Frech NOOP(2) Ziese, Christey Voter Comments: Christey> BID:2199 URL:http://www.securityfocus.com/bid/2199 Frech> XF:wec-ntlm-authentication(5920) Christey> XF:wec-ntlm-authentication URL:http://xforce.iss.net/static/5920.php ====================================================== Candidate: CAN-2001-0005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0005 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010104 Category: SF Reference: ATSTAKE:A012301-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt Reference: MS:MS01-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp Reference: XF:powerpoint-execute-code(5996) Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. Modifications: ADDREF XF:powerpoint-execute-code(5996) INFERRED ACTION: CAN-2001-0005 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Prosser, Cole, Collins, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:powerpoint-execute-code(5996) Christey> XF:powerpoint-execute-code(5996) Prosser> MS01-002 ====================================================== Candidate: CAN-2001-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0006 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010104 Category: SF Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2 Reference: MS:MS01-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp Reference: XF:winnt-mutex-dos(6006) The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. Modifications: ADDREF XF:winnt-mutex-dos(6006) INFERRED ACTION: CAN-2001-0006 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Wall MODIFY(1) Frech NOOP(2) Ziese, Christey Voter Comments: Frech> XF:winnt-mutex-dos(6006) Christey> XF:winnt-mutex-dos(6006) Prosser> MS01-003 ====================================================== Candidate: CAN-2001-0008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0008 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010110 Category: SF Reference: CERT:CA-2001-01 Reference: URL:http://www.cert.org/advisories/CA-2001-01.html Reference: BID:2192 Reference: URL:http://www.securityfocus.com/bid/2192 Reference: XF:interbase-backdoor-account(5911) Reference: URL:http://xforce.iss.net/static/5911.php Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. Modifications: ADDREF BID:2192 ADDREF XF:interbase-backdoor-account INFERRED ACTION: CAN-2001-0008 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Collins MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Christey> BID:2192 URL:http://www.securityfocus.com/bid/2192 Frech> XF:interbase-backdoor-account(5911) Christey> XF:interbase-backdoor-account URL:http://xforce.iss.net/static/5911.php Prosser> CA-2001-01 ====================================================== Candidate: CAN-2001-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0009 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010110 Category: SF Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root Reference: URL:http://www.securityfocus.com/archive/1/154537 Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server Reference: URL:http://www.securityfocus.com/archive/1/155124 Reference: BID:2173 Reference: URL:http://www.securityfocus.com/bid/2173 Reference: XF:lotus-domino-directory-traversal(5899) Reference: URL:http://xforce.iss.net/static/5899.php Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. Modifications: ADDREF XF:lotus-domino-directory-traversal(5899) INFERRED ACTION: CAN-2001-0009 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Collins MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> XF:lotus-domino-directory-traversal(5899) Christey> reorganize the Bugtraq ref's into chronological order XF:lotus-domino-directory-traversal URL:http://xforce.iss.net/static/5899.php ====================================================== Candidate: CAN-2001-0010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0010 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010118 Category: SF Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001-007 Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-tsig-bo Reference: BID:2302 Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. Modifications: ADDREF IBM:ERS-SVA-E01-2001:002.1 ADDREF MANDRAKE:MDKSA-2001-017 ADDREF REDHAT:RHSA-2001-007 ADDREF CONECTIVA:000377 ADDREF FREEBSD:FreeBSD-SA-01:18 ADDREF XF:bind-tsig-bo ADDREF BID:2302 INFERRED ACTION: CAN-2001-0010 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Baker, Collins MODIFY(1) Frech NOOP(4) Ziese, Christey, Cole, Wall Voter Comments: Frech> XF:bind-tsig-bo(6015) Christey> IBM:ERS-SVA-E01-2001:002.1 MANDRAKE:MDKSA-2001-017 REDHAT:RHSA-2001-007 CONECTIVA:000377 FREEBSD:FreeBSD-SA-01:18 Christey> XF:bind-tsig-bo URL:http://xforce.iss.net/static/6015.php BID:2302 URL:http://www.securityfocus.com/bid/2302 ====================================================== Candidate: CAN-2001-0011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0011 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010118 Category: SF Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001-007 Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-complain-bo Reference: BID:2307 Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Modifications: ADDREF IBM:ERS-SVA-E01-2001:002.1 ADDREF MANDRAKE:MDKSA-2001-017 ADDREF REDHAT:RHSA-2001-007 ADDREF CONECTIVA:000377 ADDREF FREEBSD:FreeBSD-SA-01:18 ADDREF XF:bind-complain-bo ADDREF BID:2307 INFERRED ACTION: CAN-2001-0011 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Collins MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> XF:bind-complain-bo(6016) Christey> IBM:ERS-SVA-E01-2001:002.1 MANDRAKE:MDKSA-2001-017 REDHAT:RHSA-2001-007 CONECTIVA:000377 FREEBSD:FreeBSD-SA-01:18 Christey> XF:bind-complain-bo URL:http://xforce.iss.net/static/6016.php BID:2307 URL:http://www.securityfocus.com/bid/2307 ====================================================== Candidate: CAN-2001-0012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0012 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010119 Category: SF Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001-007 Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-inverse-query-disclosure Reference: BID:2321 BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. Modifications: ADDREF IBM:ERS-SVA-E01-2001:002.1 ADDREF MANDRAKE:MDKSA-2001-017 ADDREF REDHAT:RHSA-2001-007 ADDREF CONECTIVA:000377 ADDREF FREEBSD:FreeBSD-SA-01:18 ADDREF XF:bind-inverse-query-disclosure ADDREF BID:2321 INFERRED ACTION: CAN-2001-0012 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Collins MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> XF:bind-inverse-query-disclosure(6018) Christey> XF:bind-inverse-query-disclosure URL:http://xforce.iss.net/static/6018.php Add these ref's to this and other CAN's: IBM:ERS-SVA-E01-2001:002.1 MANDRAKE:MDKSA-2001-017 REDHAT:RHSA-2001-007 CONECTIVA:000377 FREEBSD:FreeBSD-SA-01:18 Christey> BID:2321 URL:http://www.securityfocus.com/bid/2321 Christey> Make sure ISS/BID ref's are added ====================================================== Candidate: CAN-2001-0013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0013 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010125 Category: SF Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8 Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp Reference: CERT:CA-2001-02 Reference: URL:http://www.cert.org/advisories/CA-2001-02.html Reference: IBM:ERS-SVA-E01-2001:002.1 Reference: MANDRAKE:MDKSA-2001-017 Reference: REDHAT:RHSA-2001-007 Reference: CONECTIVA:000377 Reference: FREEBSD:FreeBSD-SA-01:18 Reference: XF:bind-complain-format-string Reference: BID:2309 Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Modifications: ADDREF IBM:ERS-SVA-E01-2001:002.1 ADDREF MANDRAKE:MDKSA-2001-017 ADDREF REDHAT:RHSA-2001-007 ADDREF CONECTIVA:000377 ADDREF FREEBSD:FreeBSD-SA-01:18 ADDREF XF:bind-complain-format-string ADDREF BID:2309 INFERRED ACTION: CAN-2001-0013 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Collins MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> XF:bind-complain-format-string(6017) Christey> IBM:ERS-SVA-E01-2001:002.1 MANDRAKE:MDKSA-2001-017 REDHAT:RHSA-2001-007 CONECTIVA:000377 FREEBSD:FreeBSD-SA-01:18 Christey> XF:bind-complain-format-string URL:http://xforce.iss.net/static/6017.php BID:2309 URL:http://www.securityfocus.com/bid/2309 Prosser> CERT Advisory CA-2001-02 Multiple Vulnerabilities in BIND http://www.cert.org/advisories Internet Software Consortium BIND Vulnerabilities http://www.isc.org/products/BIND/bind-security.html COVERT Labs Security Advisory COVERT-2001-01 http://www.pgp.com/covert ====================================================== Candidate: CAN-2001-0014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0014 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010127 Category: SF Reference: MS:MS01-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp Reference: XF:win2k-rdp-dos Reference: BID:2326 Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. Modifications: ADDREF XF:win2k-rdp-dos ADDREF BID:2326 INFERRED ACTION: CAN-2001-0014 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Prosser, Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:win2k-rdp-dos(6035) Christey> XF:win2k-rdp-dos http://xforce.iss.net/static/6035.php BID:2326 URL:http://www.securityfocus.com/bid/2326 Prosser> MS01-06 ====================================================== Candidate: CAN-2001-0015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0015 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010214 Assigned: 20010127 Category: SF Reference: ATSTAKE:A020501-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt Reference: MS:MS01-007 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp Reference: BID:2341 Reference: XF:win-dde-elevate-privileges(6062) Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. Modifications: ADDREF BID:2341 ADDREF XF:win-dde-elevate-privileges(6062) INFERRED ACTION: CAN-2001-0015 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Prosser, Baker, Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> BID:2341 URL:http://www.securityfocus.com/bid/2341 Frech> XF:win-dde-elevate-privileges(6062) Prosser> MS01-007 ====================================================== Candidate: CAN-2001-0016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0016 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20010127 Category: SF Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html Reference: MS:MS01-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp Reference: BID:2348 Reference: XF:ntlm-ssp-elevate-privileges(6076) NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. Modifications: ADDREF BID:2348 ADDREF XF:ntlm-ssp-elevate-privileges(6076) INFERRED ACTION: CAN-2001-0016 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Prosser, Baker, Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> BID:2348 URL:http://www.securityfocus.com/bid/2348 Frech> XF:ntlm-ssp-elevate-privileges(6076) Prosser> MS01-008 ====================================================== Candidate: CAN-2001-0017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0017 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010214 Assigned: 20010127 Category: SF Reference: MS:MS01-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp Reference: BID:2368 Reference: XF:winnt-pptp-dos(6103) Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. Modifications: ADDREF BID:2368 ADDREF XF:winnt-pptp-dos(6103) INFERRED ACTION: CAN-2001-0017 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Prosser, Baker, Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> BID:2368 URL:http://www.securityfocus.com/bid/2368 Frech> XF:winnt-pptp-dos(6103) Prosser> MS01-009 ====================================================== Candidate: CAN-2001-0021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0021 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm Reference: BID:2063 Reference: URL:http://www.securityfocus.com/bid/2063 Reference: XF:mailman-alternate-templates Reference: URL:http://xforce.iss.net/static/5649.php MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template paramater. INFERRED ACTION: CAN-2001-0021 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0026 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html Reference: CONECTIVA:CLA-2000:357 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357 Reference: MANDRAKE:MDKSA-2000:084 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3 Reference: REDHAT:RHSA-2000:130-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html Reference: BID:2098 Reference: URL:http://www.securityfocus.com/bid/2098 Reference: XF:rppppoe-zero-length-dos Reference: URL:http://xforce.iss.net/static/5727.php rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. INFERRED ACTION: CAN-2001-0026 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0028 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html Reference: FREEBSD:FreeBSD-SA-00:79 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html Reference: BID:2099 Reference: URL:http://www.securityfocus.com/bid/2099 Reference: XF:oops-ftputils-bo Reference: URL:http://xforce.iss.net/static/5725.php Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters. INFERRED ACTION: CAN-2001-0028 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0033 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: XF:kerberos4-user-config Reference: URL:http://xforce.iss.net/static/5738.php KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. INFERRED ACTION: CAN-2001-0033 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0034 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: XF:kerberos4-arbitrary-proxy Reference: URL:http://xforce.iss.net/static/5733.php KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. INFERRED ACTION: CAN-2001-0034 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0035 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html Reference: XF:kerberos4-auth-packet-overflow Reference: URL:http://xforce.iss.net/static/5734.php Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. Modifications: ADDREF BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches INFERRED ACTION: CAN-2001-0035 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(3) Ziese, Christey, Wall Voter Comments: Christey> See comments by Dug Song at: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html ====================================================== Candidate: CAN-2001-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0036 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html Reference: BUGTRAQ:20001210 KTH upgrade and FIX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html Reference: XF:kerberos4-tmpfile-dos Reference: URL:http://xforce.iss.net/static/5754.php KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. INFERRED ACTION: CAN-2001-0036 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0039 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html Reference: BID:2083 Reference: URL:http://www.securityfocus.com/bid/2083 Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html Reference: XF:imail-smtp-auth-dos Reference: URL:http://xforce.iss.net/static/5674.php IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. Modifications: DESC fix typo: "remore" and add hyphen to "base64 encoded" INFERRED ACTION: CAN-2001-0039 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> In description, may want to change to "base64-encoded". Christey> fix typo: "remore" ====================================================== Candidate: CAN-2001-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0040 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: CF Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html Reference: MANDRAKE:MDKSA-2000:077 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3 Reference: BID:2070 Reference: URL:http://www.securityfocus.com/bid/2070 Reference: XF:apc-apcupsd-dos Reference: URL:http://xforce.iss.net/static/5654.php APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file. Modifications: DESC Fix spelling: "writeable" should be "writable" INFERRED ACTION: CAN-2001-0040 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall Voter Comments: Frech> In description, "writable", not "writeable". ====================================================== Candidate: CAN-2001-0041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0041 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml Reference: BID:2072 Reference: URL:http://www.securityfocus.com/bid/2072 Reference: XF:cisco-catalyst-telnet-dos Reference: URL:http://xforce.iss.net/static/5656.php Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. INFERRED ACTION: CAN-2001-0041 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0043 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604 Reference: BID:2069 Reference: URL:http://www.securityfocus.com/bid/2069 Reference: XF:phpgroupware-include-files Reference: URL:http://xforce.iss.net/static/5650.php phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. INFERRED ACTION: CAN-2001-0043 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0050 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html Reference: REDHAT:RHSA-2000:126-03 Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-126.html Reference: MANDRAKE:MDKSA-2000:079 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3 Reference: FREEBSD:FreeBSD-SA-00:78 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc Reference: CONECTIVA:CLA-2000:364 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364 Reference: BID:2087 Reference: URL:http://www.securityfocus.com/bid/2087 Reference: XF:irc-bitchx-dns-bo Reference: URL:http://xforce.iss.net/static/5701.php Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. INFERRED ACTION: CAN-2001-0050 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0053 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: OPENBSD:20001218 Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt Reference: NETBSD:NetBSD-SA2000-018 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html Reference: BID:2124 Reference: URL:http://www.securityfocus.com/bid/2124 Reference: XF:bsd-ftpd-replydirname-bo Reference: URL:http://xforce.iss.net/static/5776.php One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. INFERRED ACTION: CAN-2001-0053 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0054 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2 Reference: BUGTRAQ:20001205 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html Reference: BID:2052 Reference: URL:http://www.securityfocus.com/bid/2052 Reference: XF:ftp-servu-homedir-travers Reference: URL:http://xforce.iss.net/static/5639.php Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. INFERRED ACTION: CAN-2001-0054 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0055 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-syn-packets Reference: URL:http://xforce.iss.net/static/5627.php CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. INFERRED ACTION: CAN-2001-0055 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0056 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-invalid-login Reference: URL:http://xforce.iss.net/static/5628.php The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. INFERRED ACTION: CAN-2001-0056 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0057 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-icmp-echo Reference: URL:http://xforce.iss.net/static/5629.php Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. INFERRED ACTION: CAN-2001-0057 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0058 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml Reference: XF:cisco-cbos-web-access Reference: URL:http://xforce.iss.net/static/5626.php The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. INFERRED ACTION: CAN-2001-0058 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0059 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2 Reference: BID:2127 Reference: URL:http://www.securityfocus.com/bid/2127 Reference: XF:solaris-patchadd-symlink Reference: URL:http://xforce.iss.net/static/5789.php patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. INFERRED ACTION: CAN-2001-0059 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Dik, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0060 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Stunnel format bug Reference: URL:http://www.securityfocus.com/archive/1/151719 Reference: REDHAT:RHSA-2000:129-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html Reference: CONECTIVA:CLA-2000:363 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363 Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html Reference: DEBIAN:20001225 DSA-009-1 stunnel: insecure file handling, format string bug Reference: URL:http://www.debian.org/security/2000/20001225a Reference: FREEBSD:FreeBSD-SA-01:05 Reference: XF:stunnel-format-logfile Reference: URL:http://xforce.iss.net/static/5807.php Reference: BID:2128 Reference: URL:http://www.securityfocus.com/bid/2128 Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. Modifications: ADDREF FREEBSD:FreeBSD-SA-01:05 INFERRED ACTION: CAN-2001-0060 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-01:05 ====================================================== Candidate: CAN-2001-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0061 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2130 Reference: URL:http://www.securityfocus.com/bid/2130 Reference: XF:procfs-elevate-privileges(6106) procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space. Modifications: ADDREF XF:procfs-elevate-privileges(6106) INFERRED ACTION: CAN-2001-0061 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Prosser, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:procfs-elevate-privileges(6106) Prosser> http://www.linuxsecurity.com/advisories/freebsd_advisory-988.html ====================================================== Candidate: CAN-2001-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0062 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2131 Reference: URL:http://www.securityfocus.com/bid/2131 Reference: XF:procfs-mmap-dos(6107) procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang. Modifications: ADDREF XF:procfs-mmap-dos(6107) INFERRED ACTION: CAN-2001-0062 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:procfs-mmap-dos(6107) ====================================================== Candidate: CAN-2001-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0063 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2132 Reference: URL:http://www.securityfocus.com/bid/2132 Reference: XF:procfs-access-control-bo(6108) procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. Modifications: ADDREF XF:procfs-access-control-bo(6108) INFERRED ACTION: CAN-2001-0063 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:procfs-access-control-bo(6108) ====================================================== Candidate: CAN-2001-0066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0066 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html Reference: DEBIAN:DSA-005-1 Reference: URL:http://www.debian.org/security/2000/20001217a Reference: MANDRAKE:MDKSA-2000:085 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3 Reference: REDHAT:RHSA-2000:128-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html Reference: CONECTIVA:CLA-2001:369 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369 Reference: TURBO:TLSA2001002-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html Reference: XF:slocate-heap-execute-code(5594) Reference: http://xforce.iss.net/static/5594.php Reference: BID:2004 Reference: URL:http://www.securityfocus.com/bid/2004 Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer. Modifications: ADDREF XF:slocate-heap-execute-code(5594) ADDREF TURBO:TLSA2001002-1 INFERRED ACTION: CAN-2001-0066 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(3) Ziese, Christey, Wall Voter Comments: Frech> XF:slocate-heap-execute-code(5594) Christey> TURBO:TLSA2001002-1 ====================================================== Candidate: CAN-2001-0069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0069 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: DEBIAN:DSA-008-1 Reference: URL:http://www.debian.org/security/2000/20001225 Reference: BID:2151 Reference: URL:http://www.securityfocus.com/bid/2151 Reference: XF:dialog-symlink Reference: URL:http://xforce.iss.net/static/5809.php dialog before 0.9a-20000118-3bis in Debian Linux allows local users to overwrite arbitrary files via a symlink attack. INFERRED ACTION: CAN-2001-0069 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0071 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: REDHAT:RHSA-2000-131 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html Reference: MANDRAKE:MDKSA-2000-087 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 Reference: DEBIAN:DSA-010-1 Reference: URL:http://www.debian.org/security/2000/20001225b Reference: XF:gnupg-detached-sig-modify Reference: URL:http://xforce.iss.net/static/5802.php Reference: CONECTIVA:CLA-2000:368 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 Reference: BID:2141 Reference: URL:http://www.securityfocus.com/bid/2141 Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD Reference: URL:http://www.securityfocus.com/archive/1/152197 gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. INFERRED ACTION: CAN-2001-0071 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0072 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: REDHAT:RHSA-2000-131 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html Reference: MANDRAKE:MDKSA-2000-087 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 Reference: DEBIAN:DSA-010-1 Reference: URL:http://www.debian.org/security/2000/20001225b Reference: CONECTIVA:CLA-2000:368 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD Reference: URL:http://www.securityfocus.com/archive/1/152197 Reference: BID:2153 Reference: URL:http://www.securityfocus.com/bid/2153 Reference: XF:gnupg-reveal-private Reference: URL:http://xforce.iss.net/static/5803.php gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. INFERRED ACTION: CAN-2001-0072 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0080 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml Reference: XF:cisco-catalyst-ssh-mismatch Reference: URL:http://xforce.iss.net/static/5760.php Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. INFERRED ACTION: CAN-2001-0080 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0081 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt Reference: XF:ncipher-recover-operator-cards(5999) Reference: URL:http://xforce.iss.net/static/5999.php swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys. Modifications: ADDREF XF:ncipher-recover-operator-cards(5999) INFERRED ACTION: CAN-2001-0081 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Baker, Cole MODIFY(1) Frech NOOP(2) Ziese, Wall Voter Comments: Frech> XF:ncipher-recover-operator-cards(5999) Prosser> Add Source: http://active.ncipher.com/updates/advisory.txt Security World Recovery Bug Fix ====================================================== Candidate: CAN-2001-0083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0083 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-097 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp Reference: MSKB:Q281256 Reference: XF:mediaservices-dropped-connection-dos Reference: URL:http://xforce.iss.net/static/5785.php Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. Modifications: DESC Change "which allows" to "that allows" INFERRED ACTION: CAN-2001-0083 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Frech, Cole, Wall NOOP(1) Ziese Voter Comments: Frech> In description, consider changing "leak which allows" to "leak that allows". ====================================================== Candidate: CAN-2001-0085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0085 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: HP:HPSBUX0012-135 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html Reference: BID:2170 Reference: URL:http://www.securityfocus.com/bid/2170 Reference: XF:hpux-kermit-bo Reference: URL:http://xforce.iss.net/static/5793.php Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands. INFERRED ACTION: CAN-2001-0085 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Prosser, Cole NOOP(1) Wall Voter Comments: Prosser> HPSBUX0012-135 Sec. Vulnerability in kermit(1) REVISED01 http://us-support2.external.hp.com ====================================================== Candidate: CAN-2001-0089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0089 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-form-file-upload Reference: URL:http://xforce.iss.net/static/5615.php Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. INFERRED ACTION: CAN-2001-0089 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Cole, Wall ====================================================== Candidate: CAN-2001-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0090 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-print-template(5614) Reference: URL:http://xforce.iss.net/static/5614.php The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. Modifications: ADDREF XF:ie-print-template(5614) INFERRED ACTION: CAN-2001-0090 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:ie-print-template(5614) Christey> XF:ie-print-template URL:http://xforce.iss.net/static/5614.php ====================================================== Candidate: CAN-2001-0091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0091 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-scriptlet-rendering-read-files(6085) Reference: URL:http://xforce.iss.net/static/6085.php The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. Modifications: ADDREF XF:ie-scriptlet-rendering-read-files(6085) INFERRED ACTION: CAN-2001-0091 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Prosser, Cole, Wall MODIFY(1) Frech NOOP(1) Ziese Voter Comments: Frech> XF:ie-scriptlet-rendering-read-files(6085) Prosser> ms00-093 ====================================================== Candidate: CAN-2001-0092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0092 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-093 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp Reference: XF:ie-frame-verification-read-files(6086) A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. Modifications: ADDREF XF:ie-frame-verification-read-files(6086) INFERRED ACTION: CAN-2001-0092 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Prosser, Cole, Wall MODIFY(1) Frech REVIEWING(1) Ziese Voter Comments: Frech> XF:ie-frame-verification-read-files(6086) Prosser> ms00-093 ====================================================== Candidate: CAN-2001-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0096 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-100 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-100.asp Reference: XF:iis-web-form-submit Reference: URL:http://xforce.iss.net/static/5823.php FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. INFERRED ACTION: CAN-2001-0096 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Cole, Wall ====================================================== Candidate: CAN-2001-0099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0099 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html Reference: MISC:http://www.stanback.net/ Reference: XF:bsguest-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/5796.php bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. INFERRED ACTION: CAN-2001-0099 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Ziese, Wall ====================================================== Candidate: CAN-2001-0100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0100 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html Reference: MISC:http://www.stanback.net/ Reference: XF:bslist-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/5797.php bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. INFERRED ACTION: CAN-2001-0100 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Wall, Ziese ====================================================== Candidate: CAN-2001-0105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0105 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: HP:HPSBUX0012-134 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html Reference: XF:hp-top-sys-files Reference: URL:http://xforce.iss.net/static/5773.php Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. INFERRED ACTION: CAN-2001-0105 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0106 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: HP:HPSBUX0101-136 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html Reference: XF:hp-inetd-swait-dos(5904) Reference: URL:http://xforce.iss.net/static/5904.php Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server. Modifications: ADDREF XF:hp-inetd-swait-dos INFERRED ACTION: CAN-2001-0106 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Prosser, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:hp-inetd-swait-dos(5904) Christey> XF:hp-inetd-swait-dos URL:http://xforce.iss.net/static/5904.php Prosser> HPSBUX0101-136 http://us-support2.external.hp.com ====================================================== Candidate: CAN-2001-0109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0109 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html Reference: BID:2207 Reference: URL:http://www.securityfocus.com/bid/2207 Reference: XF:rctab-elevate-privileges(5945) Reference: URL:http://xforce.iss.net/static/5945.php rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. Modifications: ADDREF XF:rctab-elevate-privileges(5945) CHANGEREF BUGTRAQ [fix date] INFERRED ACTION: CAN-2001-0109 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> XF:rctab-elevate-privileges URL:http://xforce.iss.net/static/5945.php Also, see the clarification by SuSE at: http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html Frech> XF:rctab-elevate-privileges(5945) ====================================================== Candidate: CAN-2001-0110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0110 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010114 Vulnerability in jaZip. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html Reference: DEBIAN:DSA-017-1 Reference: URL:http://www.debian.org/security/2001/dsa-017 Reference: XF:jazip-display-bo(5942) Reference: URL:http://xforce.iss.net/static/5942.php Reference: BID:2209 Reference: URL:http://www.securityfocus.com/bid/2209 Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable. Modifications: ADDREF XF:jazip-display-bo(5942) INFERRED ACTION: CAN-2001-0110 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:jazip-display-bo(5942) ====================================================== Candidate: CAN-2001-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0111 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2 Reference: DEBIAN:DSA-014-1 Reference: URL:http://www.debian.org/security/2001/dsa-014 Reference: XF:splitvt-perserc-format-string(5948) Reference: URL:http://xforce.iss.net/static/5948.php Reference: BID:2210 Reference: URL:http://www.securityfocus.com/bid/2210 Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. Modifications: ADDREF XF:splitvt-perserc-format-string(5948) INFERRED ACTION: CAN-2001-0111 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> XF:splitvt-perserc-format-string(5948) Frech> XF:splitvt-perserc-format-string(5948) ====================================================== Candidate: CAN-2001-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0115 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2 Reference: BUGTRAQ:20010112 arp exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2 Reference: SUN:00200 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba Reference: XF:solaris-arp-bo(5928) Reference: URL:http://xforce.iss.net/static/5928.php Reference: BID:2193 Reference: URL:http://www.securityfocus.com/bid/2193 Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. Modifications: ADDREF XF:solaris-arp-bo(5928) INFERRED ACTION: CAN-2001-0115 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(2) Frech, Dik NOOP(2) Wall, Christey Voter Comments: Christey> XF:solaris-arp-bo URL:http://xforce.iss.net/static/5928.php Frech> XF:solaris-arp-bo(5928) Dik> "allows users to execute arbitrary commands *with euid sys*" Sun bug 4296166 Christey> The "CVE style" implies that "arbitrary commands" means "arbitrary commands as another UID," not necessarily root, so the addition of euis sys to the description is not essential. ====================================================== Candidate: CAN-2001-0116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0116 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:006 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3 Reference: BID:2188 Reference: URL:http://www.securityfocus.com/bid/2188 Reference: XF:linux-gpm-symlink(5917) Reference: URL:http://xforce.iss.net/static/5917.php gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:linux-gpm-symlink(5917) INFERRED ACTION: CAN-2001-0116 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:linux-gpm-symlink(5917) Christey> XF:linux-gpm-symlink URL:http://xforce.iss.net/static/5917.php ====================================================== Candidate: CAN-2001-0117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0117 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:008-1 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3 Reference: XF:linux-diffutils-sdiff-symlink(5914) Reference: URL:http://xforce.iss.net/static/5914.php Reference: BID:2191 Reference: URL:http://www.securityfocus.com/bid/2191 sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. Modifications: ADDREF XF:linux-diffutils-sdiff-symlink(5914) INFERRED ACTION: CAN-2001-0117 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:linux-diffutils-sdiff-symlink(5914) Christey> http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008-1.php3?dis=7.0 XF:linux-diffutils-sdiff-symlimk URL:http://xforce.iss.net/static/5914.php ====================================================== Candidate: CAN-2001-0118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0118 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001-005 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3 Reference: BID:2195 Reference: URL:http://www.securityfocus.com/bid/2195 Reference: XF:rdist-symlink(5925) Reference: URL:http://xforce.iss.net/static/5925.php rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:rdist-symlink(5925) INFERRED ACTION: CAN-2001-0118 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:rdist-symlink(5925) Christey> XF:rdist-symlink URL:http://xforce.iss.net/static/5925.php MANDRAKE:MDKSA-2001-005 http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-005.php3 ====================================================== Candidate: CAN-2001-0119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0119 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:004 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3 Reference: BID:2194 Reference: URL:http://www.securityfocus.com/bid/2194 Reference: XF:gettyps-symlink(5924) Reference: URL:http://xforce.iss.net/static/5924.php getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:gettyps-symlink(5924) INFERRED ACTION: CAN-2001-0119 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:gettyps-symlink(5924) Christey> XF:gettyps-symlink URL:http://xforce.iss.net/static/5924.php ====================================================== Candidate: CAN-2001-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0120 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:007 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3 Reference: BID:2196 Reference: URL:http://www.securityfocus.com/bid/2196 Reference: XF:shadow-utils-useradd-symlink(5927) Reference: URL:http://xforce.iss.net/static/5927.php useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:shadow-utils-useradd-symlink(5927) INFERRED ACTION: CAN-2001-0120 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:shadow-utils-useradd-symlink(5927) Christey> XF:shadow-utils-useradd-symlink URL:http://xforce.iss.net/static/5927.php ====================================================== Candidate: CAN-2001-0123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0123 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2 Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html Reference: BID:2177 Reference: URL:http://www.securityfocus.com/bid/2177 Reference: XF:http-cgi-bbs-forum(5906) Reference: URL:http://xforce.iss.net/static/5906.php Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter. Modifications: ADDREF XF:http-cgi-bbs-forum(5906) ADDREF CONFIRM:http://www.extropia.com/hacks/bbs_security.html INFERRED ACTION: CAN-2001-0123 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:http-cgi-bbs-forum(5906) Christey> XF:http-cgi-bbs-forum URL:http://xforce.iss.net/static/5906.php Baker> http://www.extropia.com/hacks/bbs_security.html ====================================================== Candidate: CAN-2001-0124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0124 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2 Reference: SUNBUG:4161925 Reference: XF:solaris-exrecover-bo(5913) Reference: URL:http://xforce.iss.net/static/5913.php Reference: BID:2179 Reference: URL:http://www.securityfocus.com/bid/2179 Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument. Modifications: ADDREF XF:solaris-exrecover-bo(5913) INFERRED ACTION: CAN-2001-0124 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Dik, Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:solaris-exrecover-bo(5913) Christey> XF:solaris-exrecover-bo URL:http://xforce.iss.net/static/5913.php ====================================================== Candidate: CAN-2001-0125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0125 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2 Reference: BUGTRAQ:20010112 exmh security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2 Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html Reference: FREEBSD:FreeBSD-SA-01:17 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html Reference: MANDRAKE:MDKSA-2001:015 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3 Reference: DEBIAN:DSA-022-1 Reference: URL:http://www.debian.org/security/2001/dsa-022 Reference: XF:exmh-error-symlink Reference: URL:http://xforce.iss.net/static/5829.php exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. INFERRED ACTION: CAN-2001-0125 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0126 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2 Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2 Reference: XF:oracle-xsql-execute-code(5905) Reference: URL:http://xforce.iss.net/static/5905.php Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet. Modifications: ADDREF XF:oracle-xsql-execute-code(5905) INFERRED ACTION: CAN-2001-0126 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:oracle-xsql-execute-code(5905) Christey> XF:oracle-xsql-execute-code(5905) ====================================================== Candidate: CAN-2001-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0128 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20010206 Category: SF Reference: MANDRAKE:MDKSA-2000-083 Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3 Reference: CONECTIVA:CLA-2000:365 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 Reference: REDHAT:RHSA-2000:127-06 Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-127.html Reference: DEBIAN:DSA-006-1 Reference: URL:http://www.debian.org/security/2000/20001219 Reference: FREEBSD:FreeBSD-SA-01:06 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc Reference: XF:zope-calculate-roles Reference: URL:http://xforce.iss.net/static/5777.php Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. INFERRED ACTION: CAN-2001-0128 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0129 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2 Reference: DEBIAN:DSA-018-1 Reference: URL:http://www.debian.org/security/2001/dsa-018 Reference: FREEBSD:FreeBSD-SA-01:15 Reference: BID:2217 Reference: URL:http://www.securityfocus.com/bid/2217 Reference: XF:tinyproxy-remote-bo(5954) Reference: URL:http://xforce.iss.net/static/5954.php Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request. Modifications: ADDREF XF:tinyproxy-remote-bo INFERRED ACTION: CAN-2001-0129 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> XF:tinyproxy-remote-bo URL:http://xforce.iss.net/static/5954.php Frech> XF:tinyproxy-remote-bo(5954) ====================================================== Candidate: CAN-2001-0130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0130 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html Reference: XF:lotus-html-bo(6207) Reference: URL:http://xforce.iss.net/static/6207.php Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier. Modifications: ADDREF XF:lotus-html-bo(6207) INFERRED ACTION: CAN-2001-0130 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:lotus-html-bo(6207) ====================================================== Candidate: CAN-2001-0137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0137 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2 Reference: MS:MS01-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp Reference: XF:win-mediaplayer-arbitrary-code(5937) Reference: URL:http://xforce.iss.net/static/5937.php Reference: BID:2203 Reference: URL:http://www.securityfocus.com/bid/2203 Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. Modifications: ADDREF MS:MS01-010 DESC Add "aka" portion ADDREF XF:win-mediaplayer-arbitrary-code(5937) INFERRED ACTION: CAN-2001-0137 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) LeBlanc, Prosser MODIFY(1) Frech NOOP(2) Christey, Cole REVIEWING(1) Wall Voter Comments: Christey> ADDREF MS:MS01-010 URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp Also change description to identify the "Windows Media Player Skins File Download" vulnerability. Christey> ADDREF XF:win-mediaplayer-arbitrary-code(5937) http://xforce.iss.net/static/5937.php Frech> XF:win-mediaplayer-arbitrary-code(5937) Reference:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp LeBlanc> Looks to me like we fixed it. Prosser> ms01-0010 ====================================================== Candidate: CAN-2001-0138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0138 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0010.html Reference: MANDRAKE:MDKSA-2001-001 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3 Reference: DEBIAN:DSA-016 Reference: URL:http://www.debian.org/security/2001/dsa-016 Reference: BID:2189 Reference: URL:http://www.securityfocus.com/bid/2189 Reference: XF:linux-wuftpd-privatepw-symlink(5915) Reference: URL:http://xforce.iss.net/static/5915.php privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:linux-wuftpd-privatepw-symlink(5915) ADDREF MANDRAKE:MDKSA-2001-001 ADDREF DEBIAN:DSA-016 INFERRED ACTION: CAN-2001-0138 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:linux-wuftpd-privatepw-symlink(5915) Christey> XF:linux-wuftpd-privatepw-symlink URL:http://xforce.iss.net/static/5915.php MANDRAKE:MDKSA-2001-001 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3 DEBIAN:DSA-016 http://www.debian.org/security/2001/dsa-016 ====================================================== Candidate: CAN-2001-0139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0139 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:010 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3 Reference: CALDERA:CSSA-2001-001.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt Reference: XF:linux-inn-symlink(5916) Reference: URL:http://xforce.iss.net/static/5916.php Reference: BID:2190 Reference: URL:http://www.securityfocus.com/bid/2190 inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Modifications: ADDREF XF:linux-inn-symlink(5916) INFERRED ACTION: CAN-2001-0139 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-inn-symlink(5916) ====================================================== Candidate: CAN-2001-0140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0140 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:002 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3 Reference: XF:tcpdump-arpwatch-symlink(5922) Reference: URL:http://xforce.iss.net/static/5922.php Reference: BID:2183 Reference: URL:http://www.securityfocus.com/bid/2183 arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Modifications: ADDREF XF:tcpdump-arpwatch-symlink(5922) INFERRED ACTION: CAN-2001-0140 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:tcpdump-arpwatch-symlink(5922) Christey> XF:tcpdump-arpwatch-symlink URL:http://xforce.iss.net/static/5922.php ====================================================== Candidate: CAN-2001-0141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0141 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:009 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3 Reference: DEBIAN:DSA-011 Reference: URL:http://www.debian.org/security/2001/dsa-011 Reference: CALDERA:CSSA-2001-002.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt Reference: BID:2187 Reference: URL:http://www.securityfocus.com/bid/2187 Reference: XF:linux-mgetty-symlink(5918) Reference: URL:http://xforce.iss.net/static/5918.php mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Modifications: ADDREF XF:linux-mgetty-symlink(5918) INFERRED ACTION: CAN-2001-0141 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:linux-mgetty-symlink(5918) Christey> XF:linux-mgetty-symlink URL:http://xforce.iss.net/static/5918.php ====================================================== Candidate: CAN-2001-0142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0142 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:003 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3 Reference: DEBIAN:DSA-019 Reference: URL:http://www.debian.org/security/2001/dsa-019 Reference: XF:squid-email-symlink(5921) Reference: URL:http://xforce.iss.net/static/5921.php Reference: BID:2184 Reference: URL:http://www.securityfocus.com/bid/2184 squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. Modifications: ADDREF XF:squid-email-symlink(5921) ADDREF DEBIAN:DSA-019 INFERRED ACTION: CAN-2001-0142 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:squid-email-symlink(5921) Christey> ADDREF XF:squid-email-symlink URL:http://xforce.iss.net/static/5921.php http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-003.php3?dis=7.0 http://www.debian.org/security/2001/dsa-019 Christey> http://archives.neohapsis.com/archives/vendor/2001-q1/0015.html ====================================================== Candidate: CAN-2001-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0143 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2 Reference: MANDRAKE:MDKSA-2001:011 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3 Reference: BID:2186 Reference: URL:http://www.securityfocus.com/bid/2186 Reference: XF:linuxconf-vpop3d-symlink(5923) Reference: URL:http://xforce.iss.net/static/5923.php vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:linuxconf-vpop3d-symlink(5923) INFERRED ACTION: CAN-2001-0143 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:linuxconf-vpop3d-symlink(5923) Christey> XF:linuxconf-vpop3d-symlink URL:http://xforce.iss.net/static/5923.php ====================================================== Candidate: CAN-2001-0144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0144 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010214 Assigned: 20010208 Category: SF Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2 Reference: XF:ssh-deattack-overwrite-memory(6083) Reference: URL:http://xforce.iss.net/static/6083.php Reference: BID:2347 Reference: URL:http://www.securityfocus.com/bid/2347 CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. Modifications: ADDREF XF:ssh-deattack-overwrite-memory(6083) INFERRED ACTION: CAN-2001-0144 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ssh-deattack-overwrite-memory(6083) ====================================================== Candidate: CAN-2001-0147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0147 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: MS:MS01-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. INFERRED ACTION: CAN-2001-0147 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Ziese, Balinsky, Cole, Bishop ====================================================== Candidate: CAN-2001-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0148 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010210 Category: SF Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: XF:media-player-execute-commands(6227) Reference: URL:http://xforce.iss.net/static/6227.php The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. Modifications: ADDREF XF:media-player-execute-commands(6227) INFERRED ACTION: CAN-2001-0148 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:media-player-execute-commands(6227) ====================================================== Candidate: CAN-2001-0149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0149 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010210 Category: SF Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2 Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: XF:ie-getobject-expose-files(5293) Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. Modifications: ADDREF XF:ie-getobject-expose-files(5293) INFERRED ACTION: CAN-2001-0149 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ie-getobject-expose-files(5293) ====================================================== Candidate: CAN-2001-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0150 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010210 Category: SF Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: XF:ie-telnet-execute-commands(6230) Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. Modifications: ADDREF XF:ie-telnet-execute-commands(6230) INFERRED ACTION: CAN-2001-0150 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> ie-telnet-execute-commands(6230) ====================================================== Candidate: CAN-2001-0151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0151 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010210 Category: SF Reference: MS:MS01-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp Reference: XF:iis-webdav-dos(6205) IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. Modifications: ADDREF XF:iis-webdav-dos(6205) INFERRED ACTION: CAN-2001-0151 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:iis-webdav-dos(6205) ====================================================== Candidate: CAN-2001-0152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0152 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: MS:MS01-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. INFERRED ACTION: CAN-2001-0152 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Ziese, Cole, Bishop ====================================================== Candidate: CAN-2001-0153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0153 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html Reference: MS:MS01-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2001-0153 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Ziese, Cole, Bishop ====================================================== Candidate: CAN-2001-0154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010210 Category: SF Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2 Reference: MS:MS01-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. INFERRED ACTION: CAN-2001-0154 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Ziese, Cole, Bishop ====================================================== Candidate: CAN-2001-0157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0157 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010301 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A030101-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt Reference: XF:palm-debug-bypass-password(6196) Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. Modifications: ADDREF XF:palm-debug-bypass-password(6196) INFERRED ACTION: CAN-2001-0157 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Cole MODIFY(1) Frech NOOP(1) Ziese Voter Comments: Frech> XF:palm-debug-bypass-password(6196) ====================================================== Candidate: CAN-2001-0165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0165 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html Reference: SUNBUG:4409148 Reference: XF:solaris-ximp40-bo Reference: URL:http://xforce.iss.net/static/6039.php Reference: BID:2322 Reference: URL:http://www.securityfocus.com/bid/2322 Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument. Modifications: ADDREF SUNBUG:4409148 INFERRED ACTION: CAN-2001-0165 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Frech, Dik NOOP(1) Ziese Voter Comments: Dik> More research needed on my part (the ximp40.so appear to be loaded only in specific circumstances) CHANGE> [Dik changed vote from REVIEWING to ACCEPT] Dik> Sun bug 4409148 ====================================================== Candidate: CAN-2001-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0166 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html Reference: XF:shockwave-flash-swf-bo Reference: URL:http://xforce.iss.net/static/5826.php Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. INFERRED ACTION: CAN-2001-0166 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0169 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: MANDRAKE:MDKSA-2001:012 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2 Reference: SUSE:SuSE-SA:2001:01 Reference: URL:http://www.suse.com/de/support/security/2001_001_glibc_txt.txt Reference: CALDERA:CSSA-2001-007 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt Reference: REDHAT:RHSA-2001:002-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html Reference: DEBIAN:DSA-039 Reference: URL:http://www.debian.org/security/2001/dsa-039 Reference: TURBO:TLSA2000021-2 Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc Reference: URL:http://www.securityfocus.com/archive/1/157650 Reference: BID:2223 Reference: URL:http://www.securityfocus.com/bid/2223 Reference: XF:linux-glibc-preload-overwrite Reference: URL:http://xforce.iss.net/static/5971.php When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. Modifications: ADDREF DEBIAN:DSA-039 ADDREF TURBO:TLSA2000021-2 INFERRED ACTION: CAN-2001-0169 ACCEPT (3 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech NOOP(1) Christey Voter Comments: Christey> DEBIAN:DSA-039 URL:http://www.debian.org/security/2001/dsa-039 TURBO:TLSA2000021-2 http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html ====================================================== Candidate: CAN-2001-0170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0170 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010110 Glibc Local Root Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html Reference: REDHAT:RHSA-2001:001-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html Reference: BID:2181 Reference: URL:http://www.securityfocus.com/bid/2181 Reference: XF:linux-glibc-read-files Reference: URL:http://xforce.iss.net/static/5907.php glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. INFERRED ACTION: CAN-2001-0170 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0178 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: MANDRAKE:MDKSA-2001:018 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2 Reference: CALDERA:CSSA-2001-005.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt Reference: SUSE:SuSE-SA:2001:02 Reference: URL:http://www.suse.com/de/support/security/2001_002_kdesu_txt.txt Reference: XF:kde2-kdesu-retrieve-passwords Reference: URL:http://xforce.iss.net/static/5995.php kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. INFERRED ACTION: CAN-2001-0178 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0179 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: ALLAIRE:ASB01-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full Reference: XF:jrun-webinf-file-retrieval Reference: URL:http://xforce.iss.net/static/6008.php Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." INFERRED ACTION: CAN-2001-0179 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0183 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:08 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc Reference: BID:2293 Reference: URL:http://www.securityfocus.com/bid/2293 Reference: XF:ipfw-bypass-firewall Reference: URL:http://xforce.iss.net/static/5998.php ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection. INFERRED ACTION: CAN-2001-0183 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0185 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash Reference: URL:http://www.securityfocus.com/archive/1/157952 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035651825590&w=2 Reference: BID:2287 Reference: URL:http://www.securityfocus.com/bid/2287 Reference: XF:netopia-telnet-dos Reference: URL:http://xforce.iss.net/static/6001.php Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. INFERRED ACTION: CAN-2001-0185 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0187 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: DEBIAN:DSA-016 Reference: URL:http://www.debian.org/security/2001/dsa-016 Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch Reference: BID:2296 Reference: URL:http://www.securityfocus.com/bid/2296 Reference: XF:wuftp-debug-format-string Reference: URL:http://xforce.iss.net/static/6020.php Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. INFERRED ACTION: CAN-2001-0187 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0190 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2 Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2 Reference: SUNBUG:4406722 Reference: XF:cu-argv-bo(6224) Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). Modifications: ADDREF XF:cu-argv-bo(6224) ADDREF SUNBUG:4406722 INFERRED ACTION: CAN-2001-0190 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Dik MODIFY(1) Frech NOOP(1) Ziese Voter Comments: Frech> XF:cu-argv-bo(6224) Dik> Sun bug 4406722 ====================================================== Candidate: CAN-2001-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0191 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html Reference: REDHAT:RHSA-2001:010 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html Reference: REDHAT:RHSA-2001:011 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html Reference: MANDRAKE:MDKSA-2001:019 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3 Reference: XF:gnuserv-tcp-cookie-overflow(6056) gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. Modifications: ADDREF XF:gnuserv-tcp-cookie-overflow(6056) DESC Correct spelling: "MIT-MAGIC-COOKIE" INFERRED ACTION: CAN-2001-0191 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Ziese MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:gnuserv-tcp-cookie-overflow(6056) Christey> Correct spelling: "MIT-MAGIC-COOKIE" ====================================================== Candidate: CAN-2001-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0193 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98096782126481&w=2 Reference: DEBIAN:DSA-028-1 Reference: URL:http://www.debian.org/security/2001/dsa-028 Reference: BID:2327 Reference: URL:http://www.securityfocus.com/bid/2327 Reference: XF:man-i-format-string(6059) Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter. Modifications: ADDREF XF:man-i-format-string(6059) INFERRED ACTION: CAN-2001-0193 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Lawler MODIFY(1) Frech NOOP(1) Ziese Voter Comments: Frech> XF:man-i-format-string(6059) ====================================================== Candidate: CAN-2001-0194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0194 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: MANDRAKE:MDKSA-2001:020-1 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3 Reference: XF:cups-httpgets-dos(6043) Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. Modifications: ADDREF XF:cups-httpgets-dos(6043) INFERRED ACTION: CAN-2001-0194 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:cups-httpgets-dos(6043) ====================================================== Candidate: CAN-2001-0195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0195 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: DEBIAN:DSA-015 Reference: URL:http://www.debian.org/security/2001/dsa-015 Reference: XF:linux-sash-shadow-readable Reference: URL:http://xforce.iss.net/static/5994.php sash before 3.4-4 in Debian Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. INFERRED ACTION: CAN-2001-0195 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0196 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:11 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc Reference: BID:2324 Reference: URL:http://www.securityfocus.com/bid/2324 Reference: XF:inetd-ident-read-files(6052) inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. Modifications: ADDREF XF:inetd-ident-read-files(6052) INFERRED ACTION: CAN-2001-0196 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:inetd-ident-read-files(6052) ====================================================== Candidate: CAN-2001-0197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0197 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html Reference: CONECTIVA:CLA-2001:374 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374 Reference: REDHAT:RHSA-2001:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html Reference: XF:icecast-format-string Reference: URL:http://xforce.iss.net/static/5978.php Reference: BID:2264 Reference: URL:http://www.securityfocus.com/bid/2264 Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2001-0197 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0218 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0218 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html Reference: FREEBSD:FreeBSD-SA-01:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html Reference: XF:mars-nwe-format-string(6019) Reference: URL:http://xforce.iss.net/static/6019.php Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. Modifications: CHANGEREF XF [canonicalize] INFERRED ACTION: CAN-2001-0218 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:mars-nwe-format-string(6019) ====================================================== Candidate: CAN-2001-0219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0219 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: HP:HPSBUX0101-137 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html Reference: XF:hp-stm-dos Reference: URL:http://xforce.iss.net/static/5957.php Reference: BID:2239 Reference: URL:http://www.securityfocus.com/bid/2239 Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. INFERRED ACTION: CAN-2001-0219 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0221 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:19 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html Reference: XF:ja-xklock-bo(6073) Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. Modifications: ADDREF XF:ja-xklock-bo(6073) INFERRED ACTION: CAN-2001-0221 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ja-xklock-bo(6073) ====================================================== Candidate: CAN-2001-0222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0222 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: MANDRAKE:MDKSA-2001-016 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 Reference: CALDERA:CSSA-2001-004.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt Reference: XF:linux-webmin-tmpfiles Reference: URL:http://xforce.iss.net/static/6011.php webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. INFERRED ACTION: CAN-2001-0222 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0230 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:22 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html Reference: XF:dc20ctrl-port-bo(6077) Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. Modifications: ADDREF XF:dc20ctrl-port-bo(6077) INFERRED ACTION: CAN-2001-0230 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:dc20ctrl-port-bo(6077) ====================================================== Candidate: CAN-2001-0233 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0233 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html Reference: DEBIAN:DSA-012 Reference: URL:http://www.debian.org/security/2001/dsa-012 Reference: FREEBSD:FreeBSD-SA-01:14 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc Reference: REDHAT:RHSA-2001:005-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html Reference: XF:micq-sprintf-remote-bo(5962) Reference: URL:http://xforce.iss.net/static/5962.php Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. INFERRED ACTION: CAN-2001-0233 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Ziese, Frech ====================================================== Candidate: CAN-2001-0234 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0234 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570 Reference: XF:newsdaemon-gain-admin-access Reference: URL:http://xforce.iss.net/static/6010.php NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter. INFERRED ACTION: CAN-2001-0234 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Frech NOOP(1) Ziese ====================================================== Candidate: CAN-2001-0259 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0259 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010329 Category: SF Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html Reference: BID:2222 Reference: URL:http://www.securityfocus.com/bid/2222 Reference: XF:ssh-rpc-private-key Reference: URL:http://xforce.iss.net/static/5963.php ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. Modifications: ADDREF CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html INFERRED ACTION: CAN-2001-0259 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Cole, Bishop NOOP(1) Wall Voter Comments: Frech> "SSH1 Secure RPC Vulnerability" at http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html ====================================================== Candidate: CAN-2001-0260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0260 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010329 Category: SF Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html Reference: XF:lotus-domino-smtp-bo Reference: URL:http://xforce.iss.net/static/5993.php Reference: BID:2283 Reference: URL:http://www.securityfocus.com/bid/2283 Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command. INFERRED ACTION: CAN-2001-0260 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Frech, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0266 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: HP:HPSBUX0102-143 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. INFERRED ACTION: CAN-2001-0266 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0267 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: HP:HPSBMP0102-008 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html Reference: XF:hp-nmdebug-gain-privileges(6226) NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges. Modifications: ADDREF XF:hp-nmdebug-gain-privileges(6226) INFERRED ACTION: CAN-2001-0267 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:hp-nmdebug-gain-privileges(6226) ====================================================== Candidate: CAN-2001-0268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0268 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: NETBSD:NetBSD-SA:2001-002 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html Reference: BUGTRAQ:20010219 Re: your mail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory. Reference: URL:http://www.openbsd.org/errata.html#userldt Reference: XF:user-ldt-validation(6222) NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local users to gain root privileges by accessing kernel memory via a segment call gate when the USER_LDT kernel option is enabled. Modifications: ADDREF XF:user-ldt-validation(6222) INFERRED ACTION: CAN-2001-0268 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:user-ldt-validation(6222) ====================================================== Candidate: CAN-2001-0274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0274 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010214 Security hole in kicq Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html Reference: BUGTRAQ:20010303 Re: Security hole in kicq Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html Reference: XF:kicq-execute-commands(6112) kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Modifications: ADDREF XF:kicq-execute-commands(6112) INFERRED ACTION: CAN-2001-0274 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:kicq-execute-commands(6112) ====================================================== Candidate: CAN-2001-0278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0278 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: HP:HPSBMP0102-009 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html Reference: XF:hp-linkeditor-gain-privileges(6223) Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges. Modifications: ADDREF XF:hp-linkeditor-gain-privileges(6223) INFERRED ACTION: CAN-2001-0278 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:hp-linkeditor-gain-privileges(6223) ====================================================== Candidate: CAN-2001-0279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0279 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html Reference: MANDRAKE:MDKSA-2001:024 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3 Reference: DEBIAN:DSA-031 Reference: URL:http://www.debian.org/security/2001/dsa-031 Reference: CONECTIVA:CLA-2001:381 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381 Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. INFERRED ACTION: CAN-2001-0279 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0284 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel. Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. INFERRED ACTION: CAN-2001-0284 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0287 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. INFERRED ACTION: CAN-2001-0287 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(2) Wall, Dik Voter Comments: Dik> No insight in veritas bugs ====================================================== Candidate: CAN-2001-0288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0288 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. INFERRED ACTION: CAN-2001-0288 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0289 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html Reference: MANDRAKE:MDKSA-2001:026 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3 Reference: DEBIAN:DSA-041 Reference: URL:http://www.debian.org/security/2001/dsa-041 Reference: REDHAT:RHSA-2001:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. INFERRED ACTION: CAN-2001-0289 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0290 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. INFERRED ACTION: CAN-2001-0290 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0295 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2 Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31 Reference: BID:2444 Reference: URL:http://www.securityfocus.com/bid/2444 Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. INFERRED ACTION: CAN-2001-0295 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0299 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20001127 Nokia firewalls Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2 Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2 Reference: XF:nokia-ip440-bo(5640) Reference: BID:2054 Reference: URL:http://www.securityfocus.com/bid/2054 Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. Modifications: ADDREF XF:nokia-ip440-bo(5640) INFERRED ACTION: CAN-2001-0299 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:nokia-ip440-bo(5640) ====================================================== Candidate: CAN-2001-0301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0301 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010213 Security advisory for analog Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html Reference: CONFIRM:http://www.analog.cx/security2.html Reference: REDHAT:RHSA-2001:017 Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html Reference: DEBIAN:DSA-033 Reference: URL:http://www.debian.org/security/2001/dsa-033 Reference: BID:2377 Reference: URL:http://www.securityfocus.com/bid/2377 Reference: XF:analog-alias-bo(6105) Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. Modifications: ADDREF XF:analog-alias-bo(6105) INFERRED ACTION: CAN-2001-0301 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:analog-alias-bo(6105) ====================================================== Candidate: CAN-2001-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0309 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: REDHAT:RHSA-2001:006 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html Reference: XF:inetd-internal-socket-dos(6380) inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services. Modifications: ADDREF XF:inetd-internal-socket-dos(6380) INFERRED ACTION: CAN-2001-0309 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:inetd-internal-socket-dos(6380) ====================================================== Candidate: CAN-2001-0310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0310 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010404 Assigned: 20010404 Category: SF Reference: FREEBSD:FreeBSD-SA-01:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc Reference: XF:sort-temp-file-abort Reference: URL:http://xforce.iss.net/static/6038.php sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. INFERRED ACTION: CAN-2001-0310 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Bishop, Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0311 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: HP:HPSBUX0102-142 Reference: HPBUG:PHSS_22914 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html Reference: HPBUG:PHSS_22915 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html Reference: XF:omniback-unauthorized-access(6434) Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an ImniBack client. Modifications: ADDREF XF:omniback-unauthorized-access(6434) ADDREF HP:HPSBUX0102-142 INFERRED ACTION: CAN-2001-0311 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:omniback-unauthorized-access(6434) In description should be "OmniBack" instead of "Imniback" Add Reference: Hewlett-Packard Company Security Bulletin HPSBUX0102-142 URL:http://www.securityfocus.com/advisories/3160 ====================================================== Candidate: CAN-2001-0316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0316 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: REDHAT:RHSA-2001:013 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html Reference: CALDERA:CSSA-2001-009 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: XF:linux-sysctl-read-memory(6079) Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. Modifications: ADDREF XF:linux-sysctl-read-memory(6079) INFERRED ACTION: CAN-2001-0316 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-sysctl-read-memory(6079) ====================================================== Candidate: CAN-2001-0317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0317 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: REDHAT:RHSA-2001:013 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html Reference: CALDERA:CSSA-2001-009 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt Reference: XF:linux-ptrace-modify-process(6080) Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. Modifications: ADDREF XF:linux-ptrace-modify-process(6080) INFERRED ACTION: CAN-2001-0317 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-ptrace-modify-process(6080) ====================================================== Candidate: CAN-2001-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0318 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2 Reference: BUGTRAQ:20010206 Response to ProFTPD issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html Reference: MANDRAKE:MDKSA-2001:021 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3 Reference: DEBIAN:DSA-029 Reference: URL:http://www.debian.org/security/2001/dsa-029 Reference: CONECTIVA:CLA-2001:380 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380 Reference: XF:proftpd-format-string(6433) Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). Modifications: ADDREF XF:proftpd-format-string(6433) INFERRED ACTION: CAN-2001-0318 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:proftpd-format-string(6433) ====================================================== Candidate: CAN-2001-0319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0319 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010205 IBM NetCommerce Security Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html Reference: BID:2350 Reference: URL:http://www.securityfocus.com/bid/2350 Reference: XF:ibm-netcommerce-reveal-information(6067) orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Modifications: ADDREF XF:ibm-netcommerce-reveal-information(6067) INFERRED ACTION: CAN-2001-0319 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Bishop, Bollinger, Wall, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ibm-netcommerce-reveal-information(6067) ====================================================== Candidate: CAN-2001-0326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0326 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20010404 Assigned: 20010404 Category: CF Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html Reference: XF:oracle-jvm-file-permissions(6438) Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. Modifications: ADDREF XF:oracle-jvm-file-permissions(6438) INFERRED ACTION: CAN-2001-0326 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Bishop, Wall, Ziese, Cole MODIFY(1) Frech Voter Comments: Frech> XF:oracle-jvm-file-permissions(6438)
- Prev by Date: [INTERIM] ACCEPT 55 candidates from 2000 (Final 5/7)
- Next by Date: [FINAL] ACCEPT 12 candidates from 1999
- Prev by thread: [INTERIM] ACCEPT 55 candidates from 2000 (Final 5/7)
- Next by thread: [FINAL] ACCEPT 12 candidates from 1999
- Index(es):
