[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-65 - 40 candidates



I have proposed cluster RECENT-65 for review and voting by the
Editorial Board.

Name: RECENT-65
Description: Candidates announced between 5/2/2001 and 5/31/2001
Size: 40

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0559
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0559
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Vixie cron vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183029
Reference: DEBIAN:DSA-054
Reference: URL:http://www.debian.org/security/2001/dsa-054
Reference: MANDRAKE:MDKSA-2001:050
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
Reference: SUSE:SuSE-SA:2001:17
Reference: URL:http://www.suse.de/de/support/security/2001_017_cron_txt.txt
Reference: BID:2687
Reference: URL:http://www.securityfocus.com/bid/2687
Reference: XF:vixie-cron-gain-privileges
Reference: URL:http://xforce.iss.net/static/6508.php

crontab in Vixie cron 3.0.1 and earlier does not properly drop
privileges after the failed parsing of a modification operation, which
could allow a local attacker to gain additional privileges when an
editor is called to correct the error.

Analysis
----------------
ED_PRI CAN-2001-0559 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0567
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0567
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
Reference: DEBIAN:DSA-055
Reference: URL:http://www.debian.org/security/2001/dsa-055
Reference: MANDRAKE:MDKSA-2001:049
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
Reference: REDHAT:RHSA-2001:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html

Digital Creations Zope 2.3.2 and earlier allows a local attacker
to gain additional privileges via the changing of ZClass permission
mappings for objects and methods in the ZClass.

Analysis
----------------
ED_PRI CAN-2001-0567 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0621
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
Reference: XF:cisco-css-ftp-commands(6557)
Reference: URL:http://xforce.iss.net/static/6557.php

The FTP server on Cisco Content Service 11000 series switches (CSS)
before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an
FTP user to read and write arbitrary files via GET or PUT commands.

Analysis
----------------
ED_PRI CAN-2001-0621 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0622
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0622
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml

The web management service on Cisco Content Service series 11000
switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote
attacker to gain additional privileges by directly requesting the the
web management URL instead of navigating through the interface.

Analysis
----------------
ED_PRI CAN-2001-0622 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0628
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: MSKB:Q274228
Reference: URL:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp
Reference: BID:2760
Reference: URL:http://www.securityfocus.com/bid/2760
Reference: XF:word-asd-macro-execution(6614)
Reference: URL:http://xforce.iss.net/static/6614.php

Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros.  This
can allow a local attacker to execute arbitrary macros with the user ID of
the Word user.

Analysis
----------------
ED_PRI CAN-2001-0628 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0629
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0629
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: HP:HPSBUX0107-158
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0006.html
Reference: BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html
Reference: BID:2761
Reference: URL:http://www.securityfocus.com/bid/2761
Reference: XF:openview-nnm-ecsd-bo(6582)
Reference: URL:http://xforce.iss.net/static/6582.php

HP Event Correlation Service (ecsd) as included with OpenView Network Node
Manager 6.1 allows a remote attacker to gain addition privileges via
a buffer overflow attack in the '-restore_config' command line parameter.

Analysis
----------------
ED_PRI CAN-2001-0629 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0635
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0635
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: REDHAT:RHSA-2001:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-058.html

Red Hat Linux 7.1 sets insecure permissions on swap files created
during installation, which can allow a local attacker to gain
additional privileges by reading sensitive information from the swap
file, such as passwords.

Analysis
----------------
ED_PRI CAN-2001-0635 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0522
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0281.html
Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
Reference: MANDRAKE:MDKSA-2001:053
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3

Gnu Privacy Guard (GnuPG, aka gpg) 1.05 and earlier can allow an
attacker to gain additional privileges via a format string attack in a
maliciously encrypted file.  The format string used is the name of the
original, encrypted file.

Analysis
----------------
ED_PRI CAN-2001-0522 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0523
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
Reference: BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
Reference: XF:eeye-secureiis-bypass-detection
Reference: URL:http://xforce.iss.net/static/6563.php
Reference: XF:eeye-secureiis-directory-traversal
Reference: URL:http://xforce.iss.net/static/6564.php

eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to
bypass filtering of requests made to SecureIIS via the escaping of
HTML characters within the request, which could allow a remote
attacker to use restricted variables and perform directory traversal
attacks on vulnerable programs that would otherwise be protected by
SecureIIS.

Analysis
----------------
ED_PRI CAN-2001-0523 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0524
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0524
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
Reference: BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
Reference: XF:eeye-secureiis-http-header-bo(6574)
Reference: URL:http://xforce.iss.net/static/6574.php

eEye SecureIIS versions 1.0.3 and earlier does not perform length
checking on individual HTTP headers, which allows a remote attacker to
send arbitrary length strings to IIS, contrary to an advertised
feature of SecureIIS versions 1.0.3 and earlier.

Analysis
----------------
ED_PRI CAN-2001-0524 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0525
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
Reference: XF:dqs-dsh-bo
Reference: URL:http://xforce.iss.net/static/6577.php

dsh program in dqs version 3.2.7 in SuSE Linux 7.0 and earlier, and
possibly other operating systems, allows a local attacker to gain
privileges via a buffer overflow in the first command line argument.

Analysis
----------------
ED_PRI CAN-2001-0525 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0527
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0527
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAG:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
Reference: XF:dcforum-cgi-admin-access(6538)
Reference: URL:http://xforce.iss.net/static/6538.php

DCScripts DCForum versions 2000 and earlier allow a remote attacker to
gain additional privileges by inserting pipe symbols (|) and newlines
into the last name in the registration form, which will create an
extra entry in the registration database.

Analysis
----------------
ED_PRI CAN-2001-0527 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0528
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
Reference: BID:2694
Reference: URL:http://www.securityfocus.com/bid/2694
Reference: XF:oracle-adi-plaintext-passwords(6501)
Reference: URL:http://xforce.iss.net/static/6501.php

Oracle E-Business Suite Release 11i Applications Desktop Integrator
(ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which
logs the APPS schema password in cleartext in a debug file, which
allows local users to obtain the password and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0528 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0530
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
Reference: BUGTRAQ:20010607 SpearHead Security NetGAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
Reference: BID:2798
Reference: URL:http://www.securityfocus.com/bid/2798
Reference: XF:netgap-unicode-bypass-filter
Reference: URL:http://xforce.iss.net/static/6625.php

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker
to bypass file blocking and content inspection via specially encoded
URLs which include '%' characters.

Analysis
----------------
ED_PRI CAN-2001-0530 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0574
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for MP3Mystic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
Reference: XF:mp3mystic-dot-directory-traversal(6504)
Reference: URL:http://xforce.iss.net/static/6504.php
Reference: BID:2699
Reference: URL:http://www.securityfocus.com/bid/2699

Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows
a remote attacker to download arbitrary files via a '..' (dot dot) in
the URL.

Analysis
----------------
ED_PRI CAN-2001-0574 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0611
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0611
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
Reference: BID:2723
Reference: URL:http://www.securityfocus.com/bid/2723
Reference: XF:becky-mail-message-bo(6531)
Reference: URL:http://xforce.iss.net/static/6531.php

Becky! 2.00.05 and earlier can allow a remote attacker to gain
additional privileges via a buffer overflow attack on long messages
without newline characters.

Analysis
----------------
ED_PRI CAN-2001-0611 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0615
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2776
Reference: URL:http://www.securityfocus.com/bid/2776
Reference: XF:freestyle-chat-directory-traversal(6601)
Reference: URL:http://xforce.iss.net/static/6601.php

Directory traversal vulnerability in Faust Informatics Freestyle Chat
server prior to 4.1 SR3 allows a remote attacker to read arbitrary
files via a specially crafted URL which includes variations of a '..'
(dot dot) attack such as '...' or '....'.

Analysis
----------------
ED_PRI CAN-2001-0615 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0616
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0616
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2777
Reference: URL:http://www.securityfocus.com/bid/2777
Reference: XF:freestyle-chat-device-dos(6602)
Reference: URL:http://xforce.iss.net/static/6602.php

Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a
remote attacker to create a denial of service via a URL request which
includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).

Analysis
----------------
ED_PRI CAN-2001-0616 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0519
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0519
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Filter Bypass - Updated Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0282.html
Reference: XF:esafe-gateway-bypass-filtering(6580)
Reference: URL:http://xforce.iss.net/static/6580.php

Aladdin eSafe Gateway versions 2.x allows a remote attacker to
circumvent HTML SCRIPT filtering via a special arrangement of HTML
tags which includes SCRIPT tags embedded within other SCRIPT tags.

Analysis
----------------
ED_PRI CAN-2001-0519 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CF:SF-LOC suggests creating separate candidates for problems that
appear in different versions, which argues for keeping CAN-2001-0519
separate from CAN-2001-0520 and CAN-2001-0521 (which themselves are
separated by a different application of CD:SF-LOC).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0520
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through HTML tags
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html
Reference: XF:esafe-gateway-bypass-filtering(6580)
Reference: URL:http://xforce.iss.net/static/6580.php

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote
attacker to circumvent filtering of SCRIPT tags by embedding the
scripts within certain HTML tags including (1) onload in the BODY tag,
(2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5)
any other tag in which scripts can be defined.

Analysis
----------------
ED_PRI CAN-2001-0520 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CF:SF-LOC suggests creating separate candidates for problems that
appear in different versions, which argues for keeping CAN-2001-0519
separate from CAN-2001-0520 and CAN-2001-0521.  CD:SF-LOC also
suggests separating problems of different types within the same
version.  CAN-2001-0520 is information hiding by manipulating tag
values, while CAN-2001-0521 involves obfuscation by encoding, which
"seems" like a different vulnerability type.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0521
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through Unicode Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html
Reference: XF:esafe-gateway-bypass-filtering(6580)
Reference: URL:http://xforce.iss.net/static/6580.php

Aladdin eSafe Gateway versions 3.0 and earlier allows a remote
attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding
of SCRIPT tags within the HTML document.

Analysis
----------------
ED_PRI CAN-2001-0521 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CF:SF-LOC suggests creating separate candidates for problems that
appear in different versions, which argues for keeping CAN-2001-0519
separate from CAN-2001-0520 and CAN-2001-0521.  CD:SF-LOC also
suggests separating problems of different types within the same
version.  CAN-2001-0520 is information hiding by manipulating tag
values, while CAN-2001-0521 involves obfuscation by encoding, which
"seems" like a different vulnerability type.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0526
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0526
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
Reference: XF:solaris-mailtool-openwinhome-bo(6626)
Reference: URL:http://xforce.iss.net/static/6626.php

Buffer overflow in mailtool in Solaris 8 and earlier versions can
allow a local attacker to gain privileges via the OPENWINHOME
environmental variable.

Analysis
----------------
ED_PRI CAN-2001-0526 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0557
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0557
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Jana server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
Reference: XF:jana-server-directory-traversal(6513)
Reference: URL:http://xforce.iss.net/static/6513.php
Reference: BID:2703
Reference: URL:http://www.securityfocus.com/bid/2703

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to
view arbitrary files via a '..' (dot dot) attack which is URL encoded
(%2e%2e).

Analysis
----------------
ED_PRI CAN-2001-0557 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0558
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0558
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Jana server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
Reference: XF:jana-server-device-dos(6521)
Reference: URL:http://xforce.iss.net/static/6521.php
Reference: BID:2704
Reference: URL:http://www.securityfocus.com/bid/2704

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote
attacker to create a denial of service via a URL request which
includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

Analysis
----------------
ED_PRI CAN-2001-0558 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0561
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0561
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for A1Stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
Reference: BID:2705
Reference: URL:http://www.securityfocus.com/bid/2705
Reference: XF:a1stats-dot-directory-traversal(6503)
Reference: URL:http://xforce.iss.net/static/6503.php

Directory traversal vulnerability in Drummond Miles A1Stats prior to
1.6 allows a remote attacker to read arbitrary files via a '..' (dot
dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.

Analysis
----------------
ED_PRI CAN-2001-0561 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0562
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0562
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for A1Stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
Reference: BID:2705
Reference: URL:http://www.securityfocus.com/bid/2705
Reference: XF:a1stats-a1admin-dos(6505)
Reference: URL:http://xforce.iss.net/static/6505.php

a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a
remote attacker to execute commands via a specially crafted URL which
includes shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0562 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0563
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0563
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
Reference: XF:electrocomm-telnet-dos(6514)
Reference: URL:http://xforce.iss.net/static/6514.php
Reference: BID:2706
Reference: URL:http://www.securityfocus.com/bid/2706

ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a
remote attacker to create a denial of service via large (> 160000
character) strings sent to port 23.

Analysis
----------------
ED_PRI CAN-2001-0563 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0565
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
Reference: XF:mailx-bo(6181)
Reference: URL:http://xforce.iss.net/static/6181.php

Buffer overflow in mailx in Solaris 8 and earlier allows a local
attacker to gain additional privileges via a long '-F' command line
option.

Analysis
----------------
ED_PRI CAN-2001-0565 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0566
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0566
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010503 Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html
Reference: XF:cisco-catalyst-udp-dos(6515)
Reference: URL:http://xforce.iss.net/static/6515.php

Cisco Catalyst 2900XL switch allows a remote attacker to create a denial
of service via an empty UDP packet sent to port 161 (SNMP) when SNMP
is disabled.

Analysis
----------------
ED_PRI CAN-2001-0566 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0570
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0570
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010503 minicom exploit
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-067.html
Reference: REDHAT:RHSA-2001:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-067.html
Reference: CALDERA:CSSA-2001-016.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-016.0.txt
Reference: BUGTRAQ:20010517 Immunix OS Security update for minicom
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99014300904714&w=2
Reference: XF:minicom-xmodem-format-string(6498)
Reference: URL:http://xforce.iss.net/static/6498.php

minicom 1.83.1 and earlier allows a local attacker to gain additional
privileges via numerous format string attacks.

Analysis
----------------
ED_PRI CAN-2001-0570 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0580
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0580
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:200105007 Advisory for Vdns
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html

Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote
attacker to create a denial of service by connecting to port 6070,
sending some data, and closing the connection.

Analysis
----------------
ED_PRI CAN-2001-0580 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0581
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0581
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Spynet Chat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0051.html
Reference: XF:spynet-connection-dos(6509)
Reference: URL:http://xforce.iss.net/static/6509.php
Reference: BID:2701
Reference: URL:http://www.securityfocus.com/bid/2701

Spytech Spynet Chat Server 6.5 allows a remote attacker to create a
denial of service (crash) via a large amount (> 100) of connections to
port 6387.

Analysis
----------------
ED_PRI CAN-2001-0581 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0582
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0582
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010503 Vulnerabilities in CrushFTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html
Reference: XF:crushftp-directory-traversal(6495)
Reference: URL:http://xforce.iss.net/static/6495.php

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local
attacker to access arbtrary files via a '..' (dot dot) attack, or
variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.

Analysis
----------------
ED_PRI CAN-2001-0582 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0612
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010516 Remote Desktop DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
Reference: XF:remote-desktop-dos(6547)
Reference: URL:http://xforce.iss.net/static/6547.php
Reference: BID:2726
Reference: URL:http://www.securityfocus.com/bid/2726

McAfee Remote Desktop 3.0 and earlier allows a remote attacker to
create a denial of service (crash) via large amounts of packets to
port 5045.

Analysis
----------------
ED_PRI CAN-2001-0612 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0613
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0613
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
Reference: XF:omnihttpd-post-dos(6540)
Reference: URL:http://xforce.iss.net/static/6540.php
Reference: BID:2730
Reference: URL:http://www.securityfocus.com/bid/2730

Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a
remote attacker to create a denial of service via a long (>4111 bytes)
POST URL request.

Analysis
----------------
ED_PRI CAN-2001-0613 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0614
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0614
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010514 def-2001-25: Carello E-Commerce Arbitrary Command Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98991352402073&w=2
Reference: XF:carello-url-code-execution(6532)
Reference: URL:http://xforce.iss.net/static/6532.php

Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain
additional privileges and execute arbitrary commands via a specially
constructed URL.

Analysis
----------------
ED_PRI CAN-2001-0614 3
Vendor Acknowledgement: unknown

No specifics about the URL are really mentioned.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0617
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0617
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010514 Cable-Router AR220e Portmapper Security-Flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html
Reference: XF:telesyn-portmapper-access-services(6560)
Reference: URL:http://xforce.iss.net/static/6560.php

Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the
portmapper and the 'Virtual Server' enabled can allow a remote
attacker to gain access to mapped services even though the single
portmappings may be disabled.

Analysis
----------------
ED_PRI CAN-2001-0617 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0625
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0625
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html
Reference: XF:inoculateit-ftpdownload-symlink(6607)
Reference: URL:http://xforce.iss.net/static/6607.php
Reference: BID:2778
Reference: URL:http://www.securityfocus.com/bid/2778

ftpdownload in Computer Associates InoculateIT 6.0 allows a local
attacker to overwrite arbitrary files via a symlink attack on
/tmp/ftpdownload.log .

Analysis
----------------
ED_PRI CAN-2001-0625 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0627
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html
Reference: BID:2752
Reference: URL:http://www.securityfocus.com/bid/2752

vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker
to overwrite arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-0627 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0630
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010523 Vulnerability in viewsrc.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
Reference: BID:2762
Reference: URL:http://www.securityfocus.com/bid/2762

Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a
remote attacker to read arbitrary files via a '..' (dot dot) attack in
the 'loc' variable.

Analysis
----------------
ED_PRI CAN-2001-0630 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007