[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-67 - 25 candidates

I am proposing cluster RECENT-67 for review and voting by the
Editorial Board.  The voting web site will be updated on Wednesday
afternoon, Eastern time.

Name: RECENT-67
Description: Candidates announced between 1/4/2001 and 5/29/2001
Size: 25

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0541
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187001
Reference: MS:MS01-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-042.asp

Buffer overflow in Microsoft Windows Media Player 7.1 and earlier
allows remote attackers to execute arbitrary commands via a malformed
Windows Media Station (.NSC) file.

Analysis
----------------
ED_PRI CAN-2001-0541 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0641
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010513 RH 7.0:/usr/bin/man exploit: gid man + more
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
Reference: BUGTRAQ:20010612 man 1.5h10 + man 1.5i-4 exploits
Reference: URL:http://www.securityfocus.com/archive/1/190136
Reference: REDHAT:RHSA-2001:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-069.html
Reference: SUSE:SuSE-SA:2001:019
Reference: URL:http://www.suse.de/de/support/security/2001_019_man_txt.txt
Reference: XF:man-s-bo(6530)
Reference: URL:http://xforce.iss.net/static/6530.php
Reference: BID:2711
Reference: URL:http://www.securityfocus.com/bid/2711

Buffer overflow in man program in various distributions of Linux
allows local user to execute arbitrary code as group man via a long -S
option.

Analysis
----------------
ED_PRI CAN-2001-0641 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0650
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: CISCO:20010510 Cisco IOS BGP Attribute Corruption Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml
Reference: CERT-VN:VU#106392
Reference: URL:http://www.kb.cert.org/vuls/id/106392
Reference: CIAC:L-082
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-082.shtml
Reference: XF:cisco-ios-bgp-dos(6566)
Reference: URL:http://xforce.iss.net/static/6566.php

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a
crash, or bad route updates, via malformed BGP updates with
unrecognized transitive attribute.

Analysis
----------------
ED_PRI CAN-2001-0650 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0710
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0710
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category:
Reference: FREEBSD:FreeBSD-SA-01:52
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc
Reference: NETBSD:NetBSD-SA2001-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
Reference: XF:bsd-ip fragments-dos(6636)
Reference: URL:http://xforce.iss.net/static/6636.php
Reference: BID:2799
Reference: URL:http://www.securityfocus.com/bid/2799

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote
attacker to cause a denial of service by sending a large number of IP
fragements to the machine, exhausting the mbuf pool.

Analysis
----------------
ED_PRI CAN-2001-0710 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0648
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010508 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/184215
Reference: BID:2702
Reference: URL:http://www.securityfocus.com/bid/2702
Reference: XF:phprojekt-dot-directory-traversal(6522)
Reference: URL:http://xforce.iss.net/static/6522.php

Directory traversal vulnerability in PHProjekt 2.1 and earlier allows
a remote attacker to conduct unauthorized activities via a dot dot
(..) attack on the file module.

Analysis
----------------
ED_PRI CAN-2001-0648 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0675
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010418 SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html
Reference: BUGTRAQ:20010421 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html
Reference: BUGTRAQ:20010423 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html
Reference: XF:thebat-pop3-dos(6423)
Reference: URL:http://xforce.iss.net/static/6423.php

Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker
to cause a denial of service by sending an email to a user's account
containing a carrage return <CR> that is not followed by a line feed
<LF>.

Analysis
----------------
ED_PRI CAN-2001-0675 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0642
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010511 [eyeonsecurity.net] Incredimail allows automatic over writing offiles on your hard disk
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html
Reference: XF:incredimail-dot-overwrite-files(6529)
Reference: URL:http://xforce.iss.net/static/6529.php

Directory traversal vulnerability in IncrediMail version 1400185 and
earlier allows local users to overwrite files on the local hard drive
by appending .. (dot dot) sequences to filenames listed in the
content.ini file.

Analysis
----------------
ED_PRI CAN-2001-0642 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous
Reference: URL:http://www.securityfocus.com/archive/1/176909
Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
Reference: XF:ie-clsid-execute-files(6426)
Reference: URL:http://xforce.iss.net/static/6426.php

A type-check flaw in Internet Explorer 5.5 does not display the Class
ID (CLSID) when it is at the end of the file name, which could allow
attackers to trick the user into executing dangerous programs by
making it appear that the document is of a safe file type.

Analysis
----------------
ED_PRI CAN-2001-0643 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0644
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: BID:2718
Reference: URL:http://www.securityfocus.com/bid/2718
Reference: XF:rumpus-plaintext-passwords(6543)
Reference: URL:http://xforce.iss.net/static/6543.php

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in
plaintext in the "Rumpus User Database" file in the prefs folder,
which could allow attackers to gain privileges on the server.

Analysis
----------------
ED_PRI CAN-2001-0644 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0645
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0645
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x password restrictions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0097.html
Reference: BUGTRAQ:20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0098.html
Reference: XF:netprowler-default-odbc-password(6539)
Reference: URL:http://xforce.iss.net/static/6539.php
Reference: XF:netprowler-default-management-password(6537)
Reference: URL:http://xforce.iss.net/static/6537.php

Symantec/AXENT NetProwler 3.5.x contains several default passwords,
which could allow remote attackers to (1) access to the management
tier via the "admin" password, or (2) connect to a MySQL ODBC from the
management tier using a blank password.

Analysis
----------------
ED_PRI CAN-2001-0645 3
Vendor Acknowledgement: yes
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0646
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0646
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: BID:2716
Reference: URL:http://www.securityfocus.com/bid/2716
Reference: XF:rumpus-long-directory-dos(6542)
Reference: URL:http://xforce.iss.net/static/6542.php

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker
to perform a denial of service (hang) by creating a directory name of
a specific length.

Analysis
----------------
ED_PRI CAN-2001-0646 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0649
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0649
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010510 Personal Web Sharing remote stop
Reference: URL:http://www.securityfocus.com/archive/1/184548
Reference: XF:macos-web-sharing-dos(6536)
Reference: URL:http://xforce.iss.net/static/6536.php

Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial
of service via a long HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0649 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0674
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010417 Advisory for Viking
Reference: URL:http://www.securityfocus.com/archive/1/177231
Reference: CONFIRM:http://www.robtex.com/viking/bugs.htm
Reference: XF:viking-hex-directory-traversal(6394)
Reference: URL:http://xforce.iss.net/static/6394.php

Directory traversal vulnerability in RobTex Viking Web server before
1.07-381 allows remote attackers to read arbitrary files via a
hexidecimal encoded dot-dot attack (eg.
http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request.

Analysis
----------------
ED_PRI CAN-2001-0674 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

CD:SF-LOC applies to this and CAN-2001-0467.  These should be
distinguished because CAN-2001-0467 appears in a version (-382) that
this one does not (-381).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0676
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release)
Reference: URL:http://www.securityfocus.com/archive/1/154359
Reference: XF:thebat-attachment-directory-traversal(5871)
Reference: URL:http://xforce.iss.net/static/5871.php

Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f
and earlier allows a remote attacker to create arbitrary files via a
"dot dot" attack in the filename for an attachment.

Analysis
----------------
ED_PRI CAN-2001-0676 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0677
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010418 Eudora file leakage problem (still)
Reference: URL:http://www.securityfocus.com/archive/1/177369
Reference: XF:eudora-plain-text-attachment(6431)
Reference: URL:http://xforce.iss.net/static/6431.php

Eudora 5.0.2 allows a remote attacker to read arbitrary files via an
email with the path of the target file in the "Attachment Converted"
MIME header, which sends the file when the email is forwarded to the
attacker by the user.

Analysis
----------------
ED_PRI CAN-2001-0677 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0678
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010519 TrendMicro Interscan VirusWall RegGo.dll BOf
Reference: URL:http://www.securityfocus.com/archive/1/185383
Reference: XF:interscan-reggo-bo(6575)
Reference: URL:http://xforce.iss.net/static/6575.php

A buffer overflow in reggo.dll file used by Trend Micro InterScan
VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan
WebManager 1.2 allows a local attacker to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-0678 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0680
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0680
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/176712
Reference: XF:qpc-ftpd-directory-traversal(6375)
Reference: URL:http://xforce.iss.net/static/6375.php

Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and
AVT/Term 5.0 allows a remote attacker to traverse directories on the
web server via a "dot dot" attack in a LIST (ls) command.

Analysis
----------------
ED_PRI CAN-2001-0680 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0681
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0681
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/176712
Reference: XF:qpc-ftpd-bo(6376)
Reference: URL:http://xforce.iss.net/static/6376.php

Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a
remote attacker to cause a denial of service via a long (1) username
or (2) password.

Analysis
----------------
ED_PRI CAN-2001-0681 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0683
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0683
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010226 def-2001-08: Netscape Collabra DoS
Reference: URL:http://www.securityfocus.com/archive/1/165516
Reference: XF:netscape-collabra-kernel-dos(6158)
Reference: URL:http://xforce.iss.net/static/6158.php

Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a
remote attacker to cause a denial of service (memory exhaustion) by
repeatedly sending approximately 5K of data to TCP port 5238.

Analysis
----------------
ED_PRI CAN-2001-0683 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC suggests separating issues that describe a different
underlying problem.  The memory leak in port 5238 via a flood of data
is different enough from the CPU "spike" based on only a few bytes of
data.  Thus these 2 problems should be separate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0684
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0684
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010226 def-2001-08: Netscape Collabra DoS
Reference: URL:http://www.securityfocus.com/archive/1/165516
Reference: XF:netscape-collabra-cpu-dos(6159)
Reference: URL:http://xforce.iss.net/static/6159.php

Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to
cause a denial of service by sending seven or more characters to TCP
port 5239.

Analysis
----------------
ED_PRI CAN-2001-0684 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC suggests separating issues that describe a different
underlying problem.  The memory leak in port 5238 via a flood of data
is different enough from the CPU "spike" based on only a few bytes of
data.  Thus these 2 problems should be separate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0694
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0694
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: VULN-DEV:20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html

Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote
attacker to view arbitrary files via a dot dot attack in the CD
command.

Analysis
----------------
ED_PRI CAN-2001-0694 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0695
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0695
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010503 Potential DOS Vulnerability in WFTPD
Reference: URL:http://www.securityfocus.com/archive/1/182054
Reference: XF:wftpd-cd-dos(6496)
Reference: URL:http://xforce.iss.net/static/6496.php

WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by
making repeated requests to cd to the floppy drive (A:\).

Analysis
----------------
ED_PRI CAN-2001-0695 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0697
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010228 SurgeFTP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/165816
Reference: WIN2KSEC:20010301 SurgeFTP 1.0b Denial of Service
Reference: URL:http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200
Reference: XF:surgeftp-listing-dos(6168)
Reference: URL:http://xforce.iss.net/static/6168.php

NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a
denial of service (crash) via an 'ls ..' command.

Analysis
----------------
ED_PRI CAN-2001-0697 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0707
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0707
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010503 Denicomp REXECD/RSHD Denial of Service Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183911
Reference: XF:denicomp-rshd-dos(6523)
Reference: URL:http://xforce.iss.net/static/6523.php

Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a
denial of service (crash) via a long string to port 514.

Analysis
----------------
ED_PRI CAN-2001-0707 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

REXECD and RSHD are multiple packages with the same sort of problem,
but the packages are distributed separately (as indicated by the
vendor's download page).  Thus CD:SF-CODEBASE suggests that these
should be separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0708
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0708
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010503 Denicomp REXECD/RSHD Denial of Service Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183911
Reference: XF:denicomp-rexecd-dos(6524)
Reference: URL:http://xforce.iss.net/static/6524.php

Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a
denial of service (crash) via a long string.

Analysis
----------------
ED_PRI CAN-2001-0708 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

REXECD and RSHD are multiple packages with the same sort of problem,
but the packages are distributed separately (as indicated by the
vendor's download page).  Thus CD:SF-CODEBASE suggests that these
should be separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007