[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PROPOSAL] Cluster RECENT-59 - 38 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster RECENT-59 - 38 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Thu, 24 May 2001 02:56:35 -0400 (EDT)
Delivery-Date: Thu May 24 02:56:58 2001
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have proposed cluster RECENT-59 for review and voting by the
Editorial Board.

Name: RECENT-59
Description: Candidates announced between 2/5/2001 and 3/20/2001
Size: 38

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0388
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:28
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
Reference: MANDRAKE:MDKSA-2001:034
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
Reference: SUSE:SuSE-SA:2001:07
Reference: URL:http://www.suse.de/de/support/security/2001_007_nkitserv.txt
Reference: XF:timed-remote-dos
Reference: URL:http://xforce.iss.net/static/6228.php

time server daemon timed allows remote attackers to cause a denial of
service via malformed packets.

Analysis
----------------
ED_PRI CAN-2001-0388 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0416
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0416
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-038
Reference: URL:http://www.debian.org/security/2001/dsa-038
Reference: REDHAT:RHSA-2001:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html
Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98477491130367&w=2
Reference: MANDRAKE:MDKSA-2001:030
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3
Reference: CONECTIVA:CLA-2001:390
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390
Reference: XF:sgmltools-symlink
Reference: URL:http://xforce.iss.net/static/6201.php

sgml-tools before 1.0.9-15 creates temporary files with insecure
permissions, which allows other users to read files that are being
processed by sgml-tools.

Analysis
----------------
ED_PRI CAN-2001-0416 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0417
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0417
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010307 Security advisory: Unsafe temporary file handling in krb4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html
Reference: REDHAT:RHSA-2001:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-025.htm

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files
via a symlink attack on new ticket files.

Analysis
----------------
ED_PRI CAN-2001-0417 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0441
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0441
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-040
Reference: URL:http://www.debian.org/security/2001/dsa-040
Reference: MANDRAKE:MDKSA-2001:028
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-028.php3
Reference: CONECTIVA:CLA-2001:383
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000383
Reference: REDHAT:RHSA-2001:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-028.html
Reference: FREEBSD:FreeBSD-SA-01:37
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0610.html
Reference: BUGTRAQ:20010316 Immunix OS Security update for slrn
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98471253131191&w=2
Reference: BID:2493
Reference: URL:http://www.securityfocus.com/bid/2493
Reference: XF:slrn-wrapping-bo
Reference: URL:http://xforce.iss.net/static/6213.php

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn
news reader before 0.9.7.0 allows remote attackers to execute
arbitrary commands via a long message header.

Analysis
----------------
ED_PRI CAN-2001-0441 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0455
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
Reference: XF:cisco-aironet-web-access
Reference: URL:http://xforce.iss.net/static/6200.php

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly
disable access to the web interface, which allows remote attackers to
modify its configuration.

Analysis
----------------
ED_PRI CAN-2001-0455 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0456
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: DEBIAN:DSA-032
Reference: URL:http://www.debian.org/security/2001/dsa-032
Reference: XF:proftpd-postinst-root
Reference: URL:http://xforce.iss.net/static/6208.php

postinst installation script for Proftpd in Debian 2.2 does not
properly change the "run as uid/gid root" configuration when the user
enables anonymous access, which causes the server to run at a higher
privilege than intended.

Analysis
----------------
ED_PRI CAN-2001-0456 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0457
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: DEBIAN:DSA-035
Reference: URL:http://www.debian.org/security/2001/dsa-035
Reference: XF:man2html-remote-dos
Reference: URL:http://xforce.iss.net/static/6211.php

man2html before 1.5-22 allows remote attackers to cause a denial of
service (memory exhaustion).

Analysis
----------------
ED_PRI CAN-2001-0457 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0469
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:29
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
Reference: BID:2473
Reference: URL:http://www.securityfocus.com/bid/2473
Reference: XF:rwhod-remote-dos
Reference: URL:http://xforce.iss.net/static/6229.php

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other
operating systems, allows remote attackers to cause a denial of
service via malformed packets with a short length.

Analysis
----------------
ED_PRI CAN-2001-0469 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0473
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001-031
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
Reference: REDHAT:RHSA-2001:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html
Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2
Reference: CONECTIVA:CLA-2001:385
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
Reference: XF:mutt-imap-format-string
Reference: URL:http://xforce.iss.net/static/6235.php

Format string vulnerability in Mutt before 1.2.5 allows a remote
malicious IMAP server to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0473 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0361
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010207 CORE-20010116: SSH protocol 1.5 session key recovery
Reference: URL:http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm
Reference: BID:2344
Reference: URL:http://www.securityfocus.com/bid/2344

The SSH version 1.5 protocol allows a remote attacker to decrypt
and/or alter traffic via an attack on PKCS#1 version 1.5 knows as a
"Bleichenbacher attack".  OpenSSH up to version 2.3.0, AppGate, and
SSH Communications Security ssh-1 up to version 1.2.31 have the
vulnerability present, although it may not be exploitable due to
configurations.

Analysis
----------------
ED_PRI CAN-2001-0361 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0364
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98467799732241&w=2
Reference: BID:2477
Reference: URL:http://www.securityfocus.com/bid/2477
Reference: XF:ssh-ssheloop-dos
Reference: URL:http://xforce.iss.net/static/6241.php

SSH Communications Security sshd versions 2.4 for Windows allows a
remote attacker to create a denial of service via a large number of
simultaneous connections.

Analysis
----------------
ED_PRI CAN-2001-0364 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0365
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010318 feeble.you!dora.exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2
Reference: XF:eudora-html-execute-code
Reference: URL:http://xforce.iss.net/static/6262.php
Reference: BID:2490
Reference: URL:http://www.securityfocus.com/bid/2490

Eudora before 5.1 allows a remote attacker to execute arbitrary code,
when the 'Use Microsoft Viewer' and 'allow executables in HTML
content' options are enabled, via an HTML email message containing
Javascript, with ActiveX controls and malicious code within IMG tags.

Analysis
----------------
ED_PRI CAN-2001-0365 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0378
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010320 readline patch available
Reference: URL:http://archives.neohapsis.com/archives/openbsd/2001-03/1627.html
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch

readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history
files with insecure permissions, which allows a local attacker to
recover potentially sensitive information via readline history files.

Analysis
----------------
ED_PRI CAN-2001-0378 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0407
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html

Directory traversal vulnerability in MySQL before 3.23.36 allows local
users to modify arbitrary files and gain privileges by creating a
database whose name starts with .. (dot dot).

Analysis
----------------
ED_PRI CAN-2001-0407 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0461
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0461
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html
Reference: XF:foldoc-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/6217.php

template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows
remote attackers to read files and execute commands via shell
metacharacters in the argument to template.cgi.

Analysis
----------------
ED_PRI CAN-2001-0461 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0474
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:029
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
Reference: XF:mesa-utahglx-symlink
Reference: URL:http://xforce.iss.net/static/6231.php

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local
users to overwrite arbitrary files via a symlink attack on the
/tmp/glxmemory file.

Analysis
----------------
ED_PRI CAN-2001-0474 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0475
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Reference: BID:2474
Reference: URL:http://www.securityfocus.com/bid/2474
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Reference: XF:vbulletin-php-elevate-privileges
Reference: URL:http://xforce.iss.net/static/6237.php

index.php in Jelsoft vBulletin does not properly initialize a PHP
variable that is used to store template information, which allows
remote attackers to execute arbitrary PHP code via special characters
in the templatecache parameter.

Analysis
----------------
ED_PRI CAN-2001-0475 2
Vendor Acknowledgement: yes bulletin-board

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0355
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010210 Novell Groupwise Client Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98185226715517&w=2

Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access
arbitrary files via an implementation error in Groupwise system
policies.

Analysis
----------------
ED_PRI CAN-2001-0355 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0358
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html
Reference: XF:halflife-config-file-bo
Reference: URL:http://xforce.iss.net/static/6221.php
Reference: XF:halflife-map-bo
Reference: URL:http://xforce.iss.net/static/6218.php

Buffer overflows in Sierra Half-Life build 1573 and earlier allow
remote attackers to execute arbitrary code via (1) a long map command,
(2) a long exec command, or (3) long input in a configuration file.

Analysis
----------------
ED_PRI CAN-2001-0358 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html
Reference: XF:halflife-map-format-string
Reference: URL:http://xforce.iss.net/static/6220.php

Format string vulnerability in Sierra Half-Life build 1573 and earlier
allows a remote attacker to execute arbitrary code via the map
command.

Analysis
----------------
ED_PRI CAN-2001-0359 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0360
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010311 Ikonboard v2.1.7b "show files" vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0124.html
Reference: BID:2471
Reference: URL:http://www.securityfocus.com/bid/2471
Reference: XF:ikonboard-cgi-read-files
Reference: URL:http://xforce.iss.net/static/6216.php

Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and
earlier allows a remote attacker to read arbitary files via a .. (dot
dot) attack in the helpon parameter.

Analysis
----------------
ED_PRI CAN-2001-0360 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0369
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010319 DGUX lpsched buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98511407131984&w=2
Reference: XF:dgux-lpsched-bo
Reference: URL:http://xforce.iss.net/static/6258.php

Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a
local attacker to obtain root access via a long command line argument
(non-existent printer name).

Analysis
----------------
ED_PRI CAN-2001-0369 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0370
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0370
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010320 fcheck prior to 2.07.59 - vulnerability - improper use of perl 'magic open'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98521301510554&w=2
Reference: XF:fcheck-open-execute-commands
Reference: URL:http://xforce.iss.net/static/6256.php

fcheck prior to 2.57.59 calls the file signature checking program
insecurely, which can allow a local user to run arbitrary commands via
a file name that contains shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0370 3
Vendor Acknowledgement: unknown

This is similar to CVE-2000-0296, but the affected source code looks
different, and version 2.57.59 source code doesn't have the problem as
reported in CVE-2000-0296.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0381
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0381
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010319 Have they found a serious PGP vulnerability?!
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0252.html
Reference: BUGTRAQ:20010320 Yes, they have found a serious PGP vulnerability...sort of
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0274.html
Reference: BUGTRAQ:20010322 Re: Yes, they have found a serious PGP vulnerability...sort of
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0311.html

The OpenPGP PGP standard allows an attacker to determine the private
signature key via a cryptanalytic attack in which the attacker alters
the encrypted private key file and captures a single message signed
with the signature key.

Analysis
----------------
ED_PRI CAN-2001-0381 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0415
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0415
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010320 Password stored in clear text vulnerability in real time stock trading program
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html
Reference: BID:2495
Reference: URL:http://www.securityfocus.com/bid/2495
Reference: XF:rediplus-weak-security
Reference: URL:http://xforce.iss.net/static/6276.php

REDIPlus program, REDI.exe, stores passwords and user names in
cleartext in the StartLog.txt log file, which allows local users to
gain access to other accounts.

Analysis
----------------
ED_PRI CAN-2001-0415 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0425
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0425
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010219 Adcycle 0.78b Authentication
Reference: URL:http://www.securityfocus.com/archive/1/163942
Reference: BID:2393
Reference: URL:http://www.securityfocus.com/bid/2393

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain
privileges to AdCycle via a malformed Agent: header in the HTTP
request, which is inserted into a resulting SQL query that is used to
verify login information.

Analysis
----------------
ED_PRI CAN-2001-0425 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0449
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0449
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/166211
Reference: XF:winzip-zipandemail-bo
Reference: URL:http://xforce.iss.net/static/6191.php

Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary
commands via a long file name that is processed by the /zipandemail
command line option.

Analysis
----------------
ED_PRI CAN-2001-0449 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0450
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0450
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010303 Broker Ftp Server 5.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0533.html
Reference: CONFIRM:http://www.ftp-broker.com/cgibin/Pageexe.exe?H=4143&P=0&C=0
Reference: XF:broker-ftp-delete-files
Reference: URL:http://xforce.iss.net/static/6190.php
Reference: XF:broker-ftp-list-directories
Reference: URL:http://xforce.iss.net/static/6189.php

Directory traversal vulnerability in Transsoft FTP Broker before 5.5
allows attackers to (1) delete arbitrary files via DELETE, or (2) list
arbitrary directories via LIST, via a .. (dot dot) in the file name.

Analysis
----------------
ED_PRI CAN-2001-0450 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0451
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0451
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010307 INDEXU Authentication By-Pass
Reference: URL:http://www.securityfocus.com/archive/1/167172
Reference: XF:indexu-gain-access
Reference: URL:http://xforce.iss.net/static/6202.php

INDEXU 2.0 beta and earlier allows remote attackers to bypass
authentication and gain privileges by setting the
cookie_admin_authenticated cookie value to 1.

Analysis
----------------
ED_PRI CAN-2001-0451 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0454
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0454
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010303 SlimServe HTTPd ver. 1.1a Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0532.html
Reference: XF:slimserve-httpd-directory-traversal
Reference: URL:http://xforce.iss.net/static/6186.php

Directory traversal vulnerability in SlimServe HTTPd 1.1a allows
remote attackers to read arbitrary files via a ... (modified dot dot)
in the HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0454 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0458
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0458
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-034
Reference: URL:http://www.debian.org/security/2001/dsa-034
Reference: MANDRAKE:MDKSA-2001:027
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-027.php3
Reference: SUSE:SuSE-SA:2001:08
Reference: URL:http://www.suse.de/de/support/security/2001_008_eperl.txt
Reference: BID:2464
Reference: URL:http://www.securityfocus.com/bid/2464
Reference: XF:linux-eperl-bo
Reference: URL:http://xforce.iss.net/static/6198.php

Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and
remote attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0458 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0459
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0459
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010308 ascdc Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98408897106411&w=2
Reference: XF:ascdc-afterstep-bo
Reference: URL:http://xforce.iss.net/static/6204.php

Buffer overflows in ascdc Afterstep while running setuid allows local
users to gain root privileges via a long (1) -d option, (2) -m option,
or (3) -f option.

Analysis
----------------
ED_PRI CAN-2001-0459 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0460
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0460
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010308 def-2001-10: Websweeper Infinite HTTP Request DoS
Reference: URL:http://www.securityfocus.com/archive/1/167406
Reference: XF:websweeper-http-dos
Reference: URL:http://xforce.iss.net/static/6214.php

Websweeper 4.0 does not limit the length of certain HTTP headers,
which allows remote attackers to cause a denial of service (memory
exhaustion) via an extremely large HTTP Referrer: header.

Analysis
----------------
ED_PRI CAN-2001-0460 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0468
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0468
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010313 Buffer oveflow in FTPFS (linux kernel module)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0163.html
Reference: XF:ftpfs-bo
Reference: URL:http://xforce.iss.net/static/6234.php

Buffer overflow in FTPFS allows local users to gain root privileges
via a long user name.

Analysis
----------------
ED_PRI CAN-2001-0468 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0470
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0470
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010313 Solaris 5.8 snmpd Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0160.html
Reference: BUGTRAQ:20010315 Re: Solaris 5.8 snmpd Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0181.html
Reference: XF:snmpd-argv-bo
Reference: URL:http://xforce.iss.net/static/6239.php

Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local
users to gain root privileges by calling snmpd with a long program
name.

Analysis
----------------
ED_PRI CAN-2001-0470 3
Vendor Acknowledgement: unknown

A followup indicates that this might not be exploitable, as a static
variable is overflowed.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0471
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0471
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010205 SSHD-1 Logging Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/160648
Reference: BID:2345
Reference: URL:http://www.securityfocus.com/bid/2345

SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not
log repeated login attempts, which could allow remote attackers to
compromise accounts without detection via a brute force attack.

Analysis
----------------
ED_PRI CAN-2001-0471 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0472
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010320 def-2001-12: Hursley Software Laboratories Consumer Transaction Framework DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0243.html
Reference: XF:hslctf-http-dos
Reference: URL:http://xforce.iss.net/static/6250.php

Hursley Software Laboratories Consumer Transaction Framework (HSLCTF)
HTTP object allows remote attackers to cause a denial of service
(crash) via an extremely long HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0472 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0476
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0476
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010318 Aspseek Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0233.html
Reference: BID:2492
Reference: URL:http://www.securityfocus.com/bid/2492
Reference: CONFIRM:http://www.aspseek.org/changes.html
Reference: XF:aspseek-scgi-bo
Reference: URL:http://xforce.iss.net/static/6248.php

Multiple buffer overflows in s.cgi program in Aspseek search engine
1.03 and earlier allow remote attackers to execute arbitrary commands
via (1) a long HTTP query string, or (2) a long tmpl paramater.

Analysis
----------------
ED_PRI CAN-2001-0476 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [CVEPRI] CVE version 20010507 to be released (1510 entries)
Next by Date: [PROPOSAL] Cluster RECENT-60 - 43 candidates
Prev by thread: [CVEPRI] CVE version 20010507 to be released (1510 entries)
Next by thread: [PROPOSAL] Cluster RECENT-60 - 43 candidates
Index(es):
- Date
- Thread