[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: [PROPOSAL] Cluster RECENT-68 - 35 candidates

Subject: [PROPOSAL] Cluster RECENT-68 - 35 candidates

I am proposing cluster RECENT-68 for review and voting by the
Editorial Board.  The voting web site will be updated on Wednesday
afternoon, Eastern time.

Name: RECENT-68
Description: Candidates announced between 6/3/2001 and 8/27/2001
Size: 35

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010510
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2
Reference: MS:MS01-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
Reference: BID:2906
Reference: URL:http://www.securityfocus.com/bid/2906

Buffer overflow in Microsoft Visual Studio RAD Support sub-component
of FrontPage Server Extensions allows remote attackers to execute
arbitrary commands via a long registration request (URL) to
fp30reg.dll.

Analysis
----------------
ED_PRI CAN-2001-0341 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0346
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010516
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

Handle leak in Microsoft Windows 2000 telnet service allows attackers
to cause a denial of service by starting a large number of sessions
and terminating them.

Analysis
----------------
ED_PRI CAN-2001-0346 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0506
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: BID:3190
Reference: URL:http://www.securityfocus.com/bid/3190

Buffer overflow in IIS 5.0 and 4.0 allows local users to gain system
privileges via a Server-Side Includes (SSI) directive that includes a
file that is under a directory with a long names, aka the "SSI
privilege elevation" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0506 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0507
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp

IIS 5.0 uses relative paths to find system files that will run
in-process, which allows local users to gain privileges via a Trojan
horse file, aka the "System file listing privilege elevation"
vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0507 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0508
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0508
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of
service (restart) via a long, invalid WebDAV request.

Analysis
----------------
ED_PRI CAN-2001-0508 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0543
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:MS01-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-043.asp

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows
remote attackers to cause a denial of service (memory exhaustion) via
a large number of malformed posts.

Analysis
----------------
ED_PRI CAN-2001-0543 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0546
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp

Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security
and Acceleration (ISA) Server 2000 allows remote attackers to cause a
denial of service (resource exhaustion) via a large amount of
malformed H.323 data.

Analysis
----------------
ED_PRI CAN-2001-0546 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0547
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp

Memory leak in the proxy service in Microsoft Internet Security and
Acceleration (ISA) Server 2000 allows local attackers to cause a
denial of service (resource exhaustion).

Analysis
----------------
ED_PRI CAN-2001-0547 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0658
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0658
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010815
Category: SF
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp

Cross-site scripting (CSS) vulnerability in Microsoft Internet
Security and Acceleration (ISA) Server 2000 allows remote attackers to
cause other clients to execute certain script or read cookies via
malicious script in an invalid URL that is not properly quoted in an
error message.

Analysis
----------------
ED_PRI CAN-2001-0658 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0659
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0659
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010815
Category: SF
Reference: MS:MS01-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-046.asp

Buffer overflow in IrDA driver providing infrared data exchange on
Windows 2000 allows attackers who are physically close to the machine
to cause a denial of service (reboot) via a malformed IrDA packet.

Analysis
----------------
ED_PRI CAN-2001-0659 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0668
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010823
Category: SF
Reference: ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise93.php
Reference: HP:HPSBUX0108-163

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01
through 11.11 allows remote attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0668 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0690
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0690
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010606 lil' exim format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
Reference: DEBIAN:DSA-058
Reference: URL:http://www.debian.org/security/2001/dsa-058
Reference: CONECTIVA:CLA-2001:402
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
Reference: REDHAT:RHSA-2001:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-078.html

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in
Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote
attacker to execute arbitrary code via format strings in SMTP mail
headers.

Analysis
----------------
ED_PRI CAN-2001-0690 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0653
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0653
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010814
Category: SF
Reference: BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99841063100516&w=2
Reference: CONFIRM:http://www.sendmail.org/8.11.html
Reference: BID:3163
Reference: URL:http://www.securityfocus.com/bid/3163

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to
modify process memory and possibly gain privileges via a large value
in the 'category' part of debugger (-d) command line arguments, which
is interpreted as a negative number.

Analysis
----------------
ED_PRI CAN-2001-0653 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0685
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98339581702282&w=2
Reference: BID:2835
Reference: URL:URL:http://www.securityfocus.com/bid/2835

Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt
another user's crontab file via a symlink attack on the fcrontab
temporary file.

Analysis
----------------
ED_PRI CAN-2001-0685 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0692
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0692
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010608 WatchGuard SMTP Proxy issue
Reference: URL:http://www.securityfocus.com/archive/1/189783
Reference: BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99379787421319&w=2
Reference: XF:firebox-smtp-bypass-filter(6682)
Reference: URL:http://xforce.iss.net/static/6682.php
Reference: BID:2855
Reference: URL:http://www.securityfocus.com/bid/2855

SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a
remote attacker to bypass firewall filtering via a base64 MIME encoded
email attachment whose boundary name ends in two dashes.

Analysis
----------------
ED_PRI CAN-2001-0692 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0700
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192371
Reference: CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
Reference: XF:w3m-mime-header-bo(6725)
Reference: URL:http://xforce.iss.net/static/6725.php
Reference: BID:2895
Reference: URL:http://www.securityfocus.com/bid/2895

Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to
execute arbitrary code via a long base64 encoded MIME header.

Analysis
----------------
ED_PRI CAN-2001-0700 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0509
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0509
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: MS:MS01-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-041.asp

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000
and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT
4.0, and (4) Windows 2000 allow remote attackers to cause a denial of
service via malformed inputs.

Analysis
----------------
ED_PRI CAN-2001-0509 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

The advisory says that "The specific input values at issue here vary
from RPC server to RPC server," which could mean that there are
slightly different types of vulnerabilities in each server, e.g. an
out-of-range integer in one RPC server, and an inability to handle a
long string of null characters in another.  On the other hand, there
could be a single "central" location/code section that is called in
different ways in each server, where CD:SF-LOC would suggest combining
all items into a single candidate.  But CD:SF-EXEC suggests creating
separate candidates for each separate package.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0552
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010718
Category: SF
Reference: BUGTRAQ:20010608 HP Openview NNM6.1 ovactiond bin exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99201278704545&w=2
Reference: CERT:CA-2001-24
Reference: URL:http://www.cert.org/advisories/CA-2001-24.html
Reference: HP:HPSBUX0106-154
Reference: CERT-VN:VU#952171
Reference: URL:http://www.kb.cert.org/vuls/id/952171
Reference: BID:2845
Reference: URL:http://www.securityfocus.com/bid/2845

ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli
Netview 5.x and 6.x allows remote attackers to execute arbitrary
commands via shell metacharacters in a certain SNMP trap message.

Analysis
----------------
ED_PRI CAN-2001-0552 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0636
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0636
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010727
Category: SF
Reference: ISS:20010806 Multiple Buffer Overflow Vulnerabilities in Raytheon SilentRunner
Reference: URL:http://xforce.iss.net/alerts/advise91.php

Buffer overflows in Raytheon SilentRunner allow remote attackers to
(1) cause a denial of service in the collector (cle.exe) component of
SilentRunner 2.0 via traffic containing long passwords, or (2) execute
arbitrary commands via long HTTP queries in the Knowledge Browser
component in SilentRunner 2.0 and 2.0.1.  NOTE: It is highly likely
that this candidate will be split into multiple candidates.

Analysis
----------------
ED_PRI CAN-2001-0636 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0686
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0686
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html
Reference: BID:2819
Reference: URL:http://www.securityfocus.com/bid/2819

Buffer overflow in mail included with SunOS 5.8 for x86 allows a local
user to elevate privileges via a long HOME environmental variable.

Analysis
----------------
ED_PRI CAN-2001-0686 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0687
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0687
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/190032
Reference: XF:broker-ftp-cd-directory-traversal(6674)
Reference: URL:http://xforce.iss.net/static/6674.php
Reference: BID:2853
Reference: URL:http://www.securityfocus.com/bid/2853

Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker
to retrieve privileged web server system information by (1) issuing a
CD command (CD C:) followed by the LS command, (2) specifying
arbitrary paths in the UNC format (\\computername\sharename).

Analysis
----------------
ED_PRI CAN-2001-0687 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0688
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0688
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/190032
Reference: BID:2851
Reference: URL:http://www.securityfocus.com/bid/2851

Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial
of service by repeatedly issuing an invalid CD or CWD ("CD . .")
command.

Analysis
----------------
ED_PRI CAN-2001-0688 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0689
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0689
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010607 [SNS Advisory No.29] Trend Micro Virus Control System(VCS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0065.html

Vulnerability in TrendMicro Virus Control System 1.8 allows a remote
attacker to view configuration files and change the configuration via
a certain CGI program.

Analysis
----------------
ED_PRI CAN-2001-0689 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0691
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0691
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: MANDRAKE:MDKSA-2001:054
Reference: URL:http://www.securityfocus.com/advisories/3352
Reference: BID:2856
Reference: URL:http://www.securityfocus.com/bid/2856

Buffer overflows in Washington University imapd 2000a through 2000c
could allow local users without shell access to execute code as
themselves in certain configurations.

Analysis
----------------
ED_PRI CAN-2001-0691 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0693
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0693
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010603 Webtrends HTTP Server %20 bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99166905208903&w=2
Reference: BID:2812
Reference: URL:http://www.securityfocus.com/bid/2812
Reference: XF:webtrends-unicode-reveal-source(6639)
Reference: URL:http://xforce.iss.net/static/6639.php

WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view
script source code via a filename followed by an encoded space (%20).

Analysis
----------------
ED_PRI CAN-2001-0693 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0696
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0696
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: BID:2891
Reference: URL:http://www.securityfocus.com/bid/2891
Reference: XF:surgeftp-concon-dos(6712)
Reference: URL:http://xforce.iss.net/static/6712.php

NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a
denial of service (crash) via a CD command to a directory with an
MS-DOS device name such as con.

Analysis
----------------
ED_PRI CAN-2001-0696 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0698
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: BID:2892
Reference: URL:http://www.securityfocus.com/bid/2892
Reference: XF:surgeftp-nlist-directory-traversal(6711)
Reference: URL:http://xforce.iss.net/static/6711.php

Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b
allows a remote attacker to list arbitrary files and directories via
the 'nlist ...' command.

Analysis
----------------
ED_PRI CAN-2001-0698 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0699
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0699
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192299
Reference: BID:2893
Reference: URL:http://www.securityfocus.com/bid/2893
Reference: XF:sun-cbreset-bo(6726)
Reference: URL:http://xforce.iss.net/static/6726.php

Buffer overflow in cb_reset in the System Service Processor (SSP)
package of SunOS 5.8 allows a local user to execute arbitrary code via
a long argument.

Analysis
----------------
ED_PRI CAN-2001-0699 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0701
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192667
Reference: BID:2898
Reference: URL:http://www.securityfocus.com/bid/2898
Reference: XF:sunvts-ptexec-bo(6736)
Reference: URL:http://xforce.iss.net/static/6736.php

Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and
earlier allows a local user to gain privileges via a long -o argument.

Analysis
----------------
ED_PRI CAN-2001-0701 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0702
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0702
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 Cerberus FTP Server 1.x Remote DoS attack Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192655
Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
Reference: URL:http://www.securityfocus.com/archive/1/194914
Reference: BID:2901
Reference: URL:http://www.securityfocus.com/bid/2901
Reference: XF:cerberus-ftp-bo(6728)
Reference: URL:http://xforce.iss.net/static/6728.php

Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial
of service, and possibly execute arbitrary code, via a long (1)
username, (2) password, or (3) PASV command.

Analysis
----------------
ED_PRI CAN-2001-0702 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0703
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0703
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
Reference: URL:http://www.securityfocus.com/archive/1/192651
Reference: XF:arcadia-tradecli-dos(6739)
Reference: URL:http://xforce.iss.net/static/6739.php
Reference: BID:2905
Reference: URL:http://www.securityfocus.com/bid/2905

tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to
cause a denial of service via a URL request with an MS-DOS device name
in the template parameter.

Analysis
----------------
ED_PRI CAN-2001-0703 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0704
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0704
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
Reference: URL:http://www.securityfocus.com/archive/1/192651
Reference: XF:arcadia-tradecli-reveal-path(6738)
Reference: URL:http://xforce.iss.net/static/6738.php
Reference: BID:2904
Reference: URL:http://www.securityfocus.com/bid/2904

tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to
discover the full path to the working directory via a URL with a
template argument for a file that does not exist.

Analysis
----------------
ED_PRI CAN-2001-0704 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0705
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0705
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
Reference: URL:http://www.securityfocus.com/archive/1/192651
Reference: XF:arcadia-tradecli-directory-traversal(6737)
Reference: URL:http://xforce.iss.net/static/6737.php
Reference: BID:2902
Reference: URL:http://www.securityfocus.com/bid/2902

Directory traversal vulnerability in tradecli.dll in Arcadia Internet
Store 1.0 allows a remote attacker to read arbitrary files on the web
server via a URL with "dot dot" sequences in the template argument.

Analysis
----------------
ED_PRI CAN-2001-0705 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0706
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0706
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010612 Rumpus FTP DoS vol. 2
Reference: URL:http://www.securityfocus.com/archive/1/190932
Reference: XF:rumpus-ftp-directory-dos(6699)
Reference: URL:http://xforce.iss.net/static/6699.php
Reference: BID:2864
Reference: URL:http://www.securityfocus.com/bid/2864

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to
cause a denial of service (crash) via a mkdir command that specifies a
large number of sub-folders.

Analysis
----------------
ED_PRI CAN-2001-0706 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0709
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0709
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010622 [VIGILANTE-2001001] ASP source code retrieved with Unicode extens ion
Reference: URL:http://www.securityfocus.com/archive/1/192802
Reference: BID:2909
Reference: URL:http://www.securityfocus.com/bid/2909
Reference: XF:iis-unicode-asp-disclosure(6742)
Reference: URL:http://xforce.iss.net/static/6742.php

Microsoft IIS 4.0 and before, when installed on a FAT partition,
allows a remote attacker to obtain source code of ASP files via a URL
encoded with Unicode.

Analysis
----------------
ED_PRI CAN-2001-0709 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007