|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-66 - 34 candidates
I have proposed cluster RECENT-66 for review and voting by the Editorial Board. Name: RECENT-66 Description: Candidates announced between 6/4/2001 and 7/24/2001 Size: 34 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0340 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010510 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. Analysis ---------------- ED_PRI CAN-2001-0340 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0344 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. Analysis ---------------- ED_PRI CAN-2001-0344 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0345 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. Analysis ---------------- ED_PRI CAN-2001-0345 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0347 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine Guest accounts. Analysis ---------------- ED_PRI CAN-2001-0347 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0348 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Microsoft Windows 2000 telnet service allows attackers to cause a denial of service via a malformed logon command. Analysis ---------------- ED_PRI CAN-2001-0348 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0351 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. Analysis ---------------- ED_PRI CAN-2001-0351 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0353 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010523 Category: SF Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. Analysis ---------------- ED_PRI CAN-2001-0353 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0497 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010604 Category: SF Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. Analysis ---------------- ED_PRI CAN-2001-0497 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0500 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS01-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-033.asp Reference: CERT:CA-2001-13 Reference: URL:http://www.cert.org/advisories/CA-2001-13.html Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files. Analysis ---------------- ED_PRI CAN-2001-0500 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0501 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99325144322224&w=2 Reference: MS:MS01-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-034.asp Reference: BID:2876 Reference: URL:http://www.securityfocus.com/bid/2876 Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. Analysis ---------------- ED_PRI CAN-2001-0501 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0502 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS01-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. Analysis ---------------- ED_PRI CAN-2001-0502 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0503 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0503 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS00-077 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0503 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0504 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS01-037 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. Analysis ---------------- ED_PRI CAN-2001-0504 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0513 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20010619 Oracle Redirect Denial of Service Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. Analysis ---------------- ED_PRI CAN-2001-0513 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0514 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Analysis ---------------- ED_PRI CAN-2001-0514 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0517 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. Analysis ---------------- ED_PRI CAN-2001-0517 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0518 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. Analysis ---------------- ED_PRI CAN-2001-0518 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0529 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010604 SSH allows deletion of other users files... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html Reference: NETBSD:NetBSD-SA2001-010 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc Reference: CALDERA:CSSA-2001-023.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt Reference: BID:2825 Reference: URL:http://www.securityfocus.com/bid/2825 OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-0529 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0533 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010619 Category: SF/CF/MP/SA/AN/unknown Reference: IBM:MSS-OAR-E01-2001:271.1 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable. Analysis ---------------- ED_PRI CAN-2001-0533 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0537 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010628 Category: SF Reference: CISCO:20010627 IOS HTTP authorization vulnerability Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html Reference: CERT:CA-2001-14 Reference: URL:http://www.cert.org/advisories/CA-2001-14.html HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, via a .... (modified dot dot) in the URL. Analysis ---------------- ED_PRI CAN-2001-0537 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0538 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010710 Category: SF Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2 Reference: MS:MS01-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. Analysis ---------------- ED_PRI CAN-2001-0538 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0554 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0554 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010724 Category: SF Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability Reference: URL:http://www.securityfocus.com/archive/1/197804 Reference: CERT:CA-2000-21 Reference: URL:http://www.cert.org/advisories/CA-2001-21.html Reference: FREEBSD:FreeBSD-SA-01:49 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc Reference: NETBSD:NetBSD-SA2001-012 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc Reference: BID:3064 Reference: URL:http://www.securityfocus.com/bid/3064 Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. Analysis ---------------- ED_PRI CAN-2001-0554 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0349 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. Analysis ---------------- ED_PRI CAN-2001-0349 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Microsoft identifies two separate vulnerabilities that are extremely similar, but the security bulletin states that "The two vulnerabilities differ primarily in the way they exploit the underlying problem regarding named pipe creation." So, it may be necessary to merge CAN-2001-0350 with CAN-2001-0349. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0350 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010516 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. Analysis ---------------- ED_PRI CAN-2001-0350 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Microsoft identifies two separate vulnerabilities that are extremely similar, but the security bulletin states that "The two vulnerabilities differ primarily in the way they exploit the underlying problem regarding named pipe creation." So, it may be necessary to merge CAN-2001-0350 with CAN-2001-0349. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0352 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010523 Category: SF Reference: ISS:20010620 Wired-side SNMP WEP key exposure in 802.11b Access Points SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB. Analysis ---------------- ED_PRI CAN-2001-0352 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0498 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010605 Category: SF Reference: NAI:20010627 Oracle 8i SQLNet Header Vulnerability Reference: URL:http://www.pgp.com/research/covert/advisories/049.asp Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension. Analysis ---------------- ED_PRI CAN-2001-0498 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC This is clearly a different type of vulnerability than CAN-2001-0499, so CD:SF-LOC suggests keeping these two candidates separate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0499 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0499 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010605 Category: SF Reference: NAI:20010627 Vulnerability in Oracle 8i TNS Listener Reference: URL:http://www.pgp.com/research/covert/advisories/050.asp Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. Analysis ---------------- ED_PRI CAN-2001-0499 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC This is clearly a different type of vulnerability than CAN-2001-0498, so CD:SF-LOC suggests keeping these two candidates separate. But since the long STATUS, PING, and other commands all exhibit the same type of problem (i.e. buffer overflow), then CD:SF-LOC suggests combining them into the same candidate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0515 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. Analysis ---------------- ED_PRI CAN-2001-0515 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC One might argue that CAN-2001-0515 and CAN-2001-0516 contain the same basic type of problem (related to bad offsets), and thus CD:SF-LOC would suggest merging them. However, CAN-2001-0516 appears in Oracle 8.0 and later, and CAN-2001-0515 appears in Oracle 7.3 and 8i but *NOT* 8.0. In this case, because the bugs appear in different software versions, CD:SF-LOC says that they must remain split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0516 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data. Analysis ---------------- ED_PRI CAN-2001-0516 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC One might argue that CAN-2001-0515 and CAN-2001-0516 contain the same basic type of problem (related to bad offsets), and thus CD:SF-LOC would suggest merging them. However, CAN-2001-0516 appears in Oracle 8.0 and later, and CAN-2001-0515 appears in Oracle 7.3 and 8i but *NOT* 8.0. In this case, because the bugs appear in different software versions, CD:SF-LOC says that they must remain split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0534 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010626 Category: SF Reference: ISS:20010705 Remote Buffer Overflow in Multiple RADIUS Implementations Reference: URL:http://xforce.iss.net/alerts/alerts.php Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2001-0534 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010717 Category: SF Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2 Buffer overflow in dtmail in Solaris 2.6 and 7, and possibly other operating systems, allows local users to gain privileges via the MAIL environmental variable. Analysis ---------------- ED_PRI CAN-2001-0548 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0549 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010718 Category: SF Reference: CERT-VN:VU#814187 Reference: URL:http://www.kb.cert.org/vuls/id/814187 Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. Analysis ---------------- ED_PRI CAN-2001-0549 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0553 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010724 Category: SF Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. Analysis ---------------- ED_PRI CAN-2001-0553 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0555 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0555 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010613 ScreamingMedia SITEWare source code disclosure vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html Reference: BUGTRAQ:20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html Reference: CONFIRM:http://www01.screamingmedia.com/en/security/sms1001.php ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. Analysis ---------------- ED_PRI CAN-2001-0555 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
