[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-62 - 46 candidates



I have proposed cluster RECENT-62 for review and voting by the
Editorial Board.

Name: RECENT-62
Description: Candidates announced between 4/21/2001 and 5/23/2001
Size: 46

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0237
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2
Reference: MS:MS01-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp

Memory leak in Microsoft 2000 domain controller allows remote
attackers to cause a denial of service by repeatedly connecting to the
Kerberos service and then disconnecting without sending any data.

Analysis
----------------
ED_PRI CAN-2001-0237 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0240
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp

Microsoft Word before Word 2002 allows attackers to automatically
execute macros without warning the user via a Rich Text Format (RTF)
document that links to a template with the embedded macro.

Analysis
----------------
ED_PRI CAN-2001-0240 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Reference: MS:MS01-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Reference: BID:2674
Reference: URL:http://www.securityfocus.com/bid/2674

Buffer overflow in Internet Printing ISAPI extension in Windows 2000
allows remote attackers to gain root privileges via a long print
request that is passed to the extension through IIS 5.0.

Analysis
----------------
ED_PRI CAN-2001-0241 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010502 Microsoft Media Player ASX Parser buffer overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/181419
Reference: BUGTRAQ:20010506 Re: Microsoft Media Player ASX Parser buffer overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183906
Reference: MS:MS01-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp
Reference: BID:2677
Reference: URL:http://www.securityfocus.com/bid/2677
Reference: BID:2686
Reference: URL:http://www.securityfocus.com/bid/2686

Buffer overflows in Microsoft Windows Media Player 7 and earlier allow
remote attackers to execute arbitrary commands via (1) a long version
tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX
Buffer Overrun" vulnerability as discussed in MS:MS00-090.

Analysis
----------------
ED_PRI CAN-2001-0242 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0243
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp

Windows Media Player 7 and earlier stores Internet shortcuts in a
user's Temporary Files folder with a fixed filename instead of in the
Internet Explorer cache, which causes the HTML in those shortcuts to
run in the Local Computer Zone instead of the Internet Zone, which
allows remote attackers to read certain files.

Analysis
----------------
ED_PRI CAN-2001-0243 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers
to execute arbitrary commands via a long search parameter.

Analysis
----------------
ED_PRI CAN-2001-0244 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in
Windows 2000, allows remote attackers to read server-side include
files via a malformed search request, aka a new variant of the
"Malformed Hit-Highlighting" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0245 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0246
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

Internet Explorer 5.5 and earlier does not properly verify the domain
of a frame within a browser window, which allows remote web site
operators to read certain files on the client by sending information
from a local frame to a frame in a different domain, aka a variant of
the "Frame Domain Verification" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0246 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010423
Category: SF
Reference: CERT:CA-2001-09
Reference: URL:http://www.cert.org/advisories/CA-2001-09.html

TCP implementations that use random increments for initial sequence
numbers (ISN) can allow remote attackers to perform session hijacking
or disruption by injecting a flood of packets with a range of ISN
values, one of which may match the expected ISN.

Analysis
----------------
ED_PRI CAN-2001-0328 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010508
Category: SF
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure	
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: SGI:20010501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in
IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary
commands.

Analysis
----------------
ED_PRI CAN-2001-0331 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0332
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: BUGTRAQ:20010330 Security bug in Internet Explorer - MSScriptControl.ScriptControl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98609031517525&w=2
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

Internet Explorer 5.5 and earlier does not properly verify the domain
of a frame within a browser window, which allows remote web site
operators to read certain files on the client by sending information
from a local frame to a frame in a different domain using
MSScriptControl.ScriptControl and GetObject, aka a variant of the
"Frame Domain Verification" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0332 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

Directory traversal vulnerability in IIS 5.0 and earlier allows remote
attackers to execute arbitrary commands by encoding .. (dot dot) and
"\" characters twice.

Analysis
----------------
ED_PRI CAN-2001-0333 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

FTP service in IIS 5.0 and earlier allows remote attackers to cause a
denial of service via a wildcard sequence that generates a long string
when it is expanded.

Analysis
----------------
ED_PRI CAN-2001-0334 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

FTP service in IIS 5.0 and earlier allows remote attackers to
enumerate Guest accounts in trusted domains by preceding the username
with a special sequence of characters.

Analysis
----------------
ED_PRI CAN-2001-0335 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an
error which allows attackers to cause a denial of service via a
malformed request.

Analysis
----------------
ED_PRI CAN-2001-0336 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier
introduce a memory leak which allows attackers to cause a denial of
service via a series of requests.

Analysis
----------------
ED_PRI CAN-2001-0337 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

Internet Explorer 5.5 and earlier does not properly validate digital
certificates when Certificate Revocation List (CRL) checking is
enabled, which could allow remote attackers to spoof trusted web
sites, aka the "Server certificate validation vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0338 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp

Internet Explorer 5.5 and earlier allows remote attackers to display a
URL in the address bar that is different than the URL that is actually
being displayed, which could be used in web site spoofing attacks, aka
the "Web page spoofing vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0339 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0488
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0104-149
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0018.html
Reference: BID:2646
Reference: URL:http://www.securityfocus.com/bid/2646

pcltotiff in HP-UX 10.x has unnecessary set group id permissions,
which allows local users to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2001-0488 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0489
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: REDHAT:RHSA-2001:053
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
Reference: MANDRAKE:MDKSA-2001-044
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0509.html

Format string vulnerability in gftp prior to 2.0.8 allows remote
malicious FTP servers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0489 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0496
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0496
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: REDHAT:RHSA-2001:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-059.html
Reference: MANDRAKE:MDKSA-2001:046
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-046.php3

kdesu creates world readable temporary files containing
authentication info, which can allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0496 1
Vendor Acknowledgement: yes advisory

It's possible that this is the same vulnerability as CVE-2001-0178,
but the description is written so differently from the others, that
it's hard to be sure.  In addition, Mandrake released a separate
advisory for CVE-2001-0178.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0366
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit
Reference: URL:http://www.securityfocus.com/archive/1/180498
Reference: BID:2662
Reference: URL:http://www.securityfocus.com/bid/2662

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the
PATH environmental variable to find and execute the expand program,
which allows local users to obtain root access by modifying the PATH
to point to a Trojan horse expand program.

Analysis
----------------
ED_PRI CAN-2001-0366 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0481
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:043
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3

Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure
temporary file handling.

Analysis
----------------
ED_PRI CAN-2001-0481 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0487
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0487
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: AIXAPAR:IY17630
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0005.html

AIX SNMP server snmpd allows remote attackers to cause a denial of
service via a RST during the TCP connection.

Analysis
----------------
ED_PRI CAN-2001-0487 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0495
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
Reference: BID:2660
Reference: URL:http://www.securityfocus.com/bid/2660

Directory traversal in DataWizard WebXQ server 1.204 allows remote
attackers to view files outside of the web root via a .. (dot dot)
attack.

Analysis
----------------
ED_PRI CAN-2001-0495 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0329
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010427
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2670
Reference: URL:http://www.securityfocus.com/bid/2670

Bugzilla 2.10 allows remote attackers to execute arbitrary commands
via shell metacharacters in a username that is then processed by (1)
the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in
process_bug.cgi.

Analysis
----------------
ED_PRI CAN-2001-0329 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

The current version of CD:SF-LOC suggests that for the same type of
vulnerability in the same software version, a single entry should be
created.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0330
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010427
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2671
Reference: URL:http://www.securityfocus.com/bid/2671

Bugzilla 2.10 allows remote attackers to access sensitive information,
including the database username and password, via an HTTP request for
the globals.pl file, which is normally returned by the web server
without being executed.

Analysis
----------------
ED_PRI CAN-2001-0330 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0367
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0367
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010428 Mirabilis ICQ WebFront Plug-in Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98847544303438&w=2
Reference: BID:2664
Reference: URL:http://www.securityfocus.com/bid/2664

Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote
attacker to create a denial of service via HTTP URL requests
containing a large number of % characters.

Analysis
----------------
ED_PRI CAN-2001-0367 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0368
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
Reference: URL:http://www.securityfocus.com/archive/1/180644
Reference: BID:2672
Reference: URL:http://www.securityfocus.com/bid/2672

Directory traversal vulnerability in BearShare 2.2.2 and earlier
allows a remote attacker to read certain files via a URL containing a
series of . characters, a variation of the .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-0368 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0442
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0442
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html
Reference: BID:2641
Reference: URL:http://www.securityfocus.com/bid/2641

Buffer overflow in Mercury MTA POP3 server for NetWare, before 1.48,
allows remote attackers to cause a denial of service, and possibly
execute arbitrary commands, via a long APOP command.

Analysis
----------------
ED_PRI CAN-2001-0442 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0452
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0452
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010428 Vulnerabilities in BRS WebWeaver
Reference: URL:http://www.securityfocus.com/archive/1/180506
Reference: CONFIRM:http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
Reference: BID:2676
Reference: URL:http://www.securityfocus.com/bid/2676

BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to
obtain the real pathname of the server via a "CD *" command followed
by an ls command.

Analysis
----------------
ED_PRI CAN-2001-0452 3
Vendor Acknowledgement: yes changelog
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0453
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0453
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010428 Vulnerabilities in BRS WebWeaver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0519.html
Reference: CONFIRM:http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
Reference: BID:2675
Reference: URL:http://www.securityfocus.com/bid/2675

Directory traversal vulnerability in BRS WebWeaver HTTP server
allows remote attackers to read arbitrary files via a .. (dot dot)
attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.

Analysis
----------------
ED_PRI CAN-2001-0453 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0462
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for perl webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
Reference: BID:2648
Reference: URL:http://www.securityfocus.com/bid/2648

Directory traversal vulnerability in Perl web server 0.3 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot) in
the URL.

Analysis
----------------
ED_PRI CAN-2001-0462 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0463
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
Reference: BID:2663
Reference: URL:http://www.securityfocus.com/bid/2663

Directory traversal vulnerability in cal_make.pl in PerlCal allows
remote attackers to read arbitrary files via a .. (dot dot) in the p0
parameter.

Analysis
----------------
ED_PRI CAN-2001-0463 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0467
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0467
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server
Reference: URL:http://www.securityfocus.com/archive/1/178935
Reference: BID:2643
Reference: URL:http://www.securityfocus.com/bid/2643

Directory traversal vulnerability in RobTex Viking Web server before
1.07-381 allows remote attackers to read arbitrary files via a \...
(modified dot dot) in an HTTP URL request.

Analysis
----------------
ED_PRI CAN-2001-0467 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0477
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010423 (SRPRE00004) WebCalendar 0.9.26
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0392.html
Reference: BID:2639
Reference: URL:http://www.securityfocus.com/bid/2639

Vulnerability in WebCalendar 0.9.26 allows remote command execution.

Analysis
----------------
ED_PRI CAN-2001-0477 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0478
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html
Reference: BID:2642
Reference: URL:http://www.securityfocus.com/bid/2642

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier
versions allows remote attackers to execute arbitrary code via a
.. (dot dot) in an argument to the sql.php script.

Analysis
----------------
ED_PRI CAN-2001-0478 3
Vendor Acknowledgement: no
Content Decisions: SF-CODEBASE

phpPgAdmin and phpMyAdmin appear to share a common codebase, and their
vulnerabilities are exactly the same based on the provided patches,
but it appears that phpPgAdmin is being actively supported by a
different group, whereas phpMyAdmin does not appear to be supported
any more.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0479
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0479
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html
Reference: CONFIRM:http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13
Reference: BID:2640
Reference: URL:http://www.securityfocus.com/bid/2640

Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier
versions allows remote attackers to execute arbitrary code via a
.. (dot dot) in an argument to the sql.php script.

Analysis
----------------
ED_PRI CAN-2001-0479 3
Vendor Acknowledgement: no
Content Decisions: SF-CODEBASE

phpPgAdmin and phpMyAdmin appear to share a common codebase, and their
vulnerabilities are exactly the same based on the provided patches,
but it appears that phpPgAdmin is being actively supported by a
different group, whereas phpMyAdmin does not appear to be supported
any more.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0480
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0480
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010428 Vulnerabilities in Alex's FTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0523.html
Reference: BID:2668
Reference: URL:http://www.securityfocus.com/bid/2668

Directory traversal vulnerability in Alex's FTP Server 0.7 allows
remote attackers to read arbitrary files via a ... (modified dot dot)
in the (1) GET or (2) CD commands.

Analysis
----------------
ED_PRI CAN-2001-0480 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0484
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0484
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010425 Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0482.html

Tektronix PhaserLink 850 does not require authentication for access to
configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml,
which allows remote attackers to modify configuration information and
cause a denial of service by accessing the pages.

Analysis
----------------
ED_PRI CAN-2001-0484 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html

Vulnerability in netprint in IRIX 6.2, and possibly other versions,
allows local users with lp privileges attacker to execute arbitrary
commands via the -n option.

Analysis
----------------
ED_PRI CAN-2001-0485 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0490
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010429 Winamp 2.6x / 2.7x buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html

Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute
arbitrary code via a long string in an AIP file.

Analysis
----------------
ED_PRI CAN-2001-0490 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0491
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0491
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010425 Vulnerabilities in RaidenFTPD Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0465.html

Directory traversal vulnerability in RaidenFTPD Server 2.1 build 947
allows attackers to access files outside the ftp root via dot dot
attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.

Analysis
----------------
ED_PRI CAN-2001-0491 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0492
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0492
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for Netcruiser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0427.html
Reference: BID:2650
Reference: URL:http://www.securityfocus.com/bid/2650

Netcruiser Web server version 0.1.2.8 and earlier allows remote
attackers to determine the physical path of the server via a URL
containing (1) con, (2) com2, or (3) com3.

Analysis
----------------
ED_PRI CAN-2001-0492 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0493
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for Small HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
Reference: BID:2649
Reference: URL:http://www.securityfocus.com/bid/2649

Small HTTP server 2.03 allows remote attackers to cause a denial of
service via a specially crafted URL requesting the aux device name.

Analysis
----------------
ED_PRI CAN-2001-0493 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0494
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html

Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior
versions allows remote attackers to execute arbitrary code via a long
From: header.

Analysis
----------------
ED_PRI CAN-2001-0494 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007