|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Subject: [PROPOSAL] Cluster RECENT-68 - 35 candidates
Subject: [PROPOSAL] Cluster RECENT-68 - 35 candidates I am proposing cluster RECENT-68 for review and voting by the Editorial Board. The voting web site will be updated on Wednesday afternoon, Eastern time. Name: RECENT-68 Description: Candidates announced between 6/3/2001 and 8/27/2001 Size: 35 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0341 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010510 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2 Reference: MS:MS01-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp Reference: BID:2906 Reference: URL:http://www.securityfocus.com/bid/2906 Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. Analysis ---------------- ED_PRI CAN-2001-0341 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0346 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010516 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. Analysis ---------------- ED_PRI CAN-2001-0346 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0506 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: BID:3190 Reference: URL:http://www.securityfocus.com/bid/3190 Buffer overflow in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive that includes a file that is under a directory with a long names, aka the "SSI privilege elevation" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0506 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0507 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010608 Category: SF Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0507 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0508 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010608 Category: SF Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Analysis ---------------- ED_PRI CAN-2001-0508 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0543 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:MS01-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-043.asp Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. Analysis ---------------- ED_PRI CAN-2001-0543 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0546 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. Analysis ---------------- ED_PRI CAN-2001-0546 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0547 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). Analysis ---------------- ED_PRI CAN-2001-0547 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0658 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0658 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010815 Category: SF Reference: MS:MS01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. Analysis ---------------- ED_PRI CAN-2001-0658 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0659 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0659 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010815 Category: SF Reference: MS:MS01-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-046.asp Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. Analysis ---------------- ED_PRI CAN-2001-0659 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0668 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010823 Category: SF Reference: ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon Reference: URL:http://xforce.iss.net/alerts/advise93.php Reference: HP:HPSBUX0108-163 Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2001-0668 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0690 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0690 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010606 lil' exim format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html Reference: DEBIAN:DSA-058 Reference: URL:http://www.debian.org/security/2001/dsa-058 Reference: CONECTIVA:CLA-2001:402 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402 Reference: REDHAT:RHSA-2001:078 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-078.html Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. Analysis ---------------- ED_PRI CAN-2001-0690 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0653 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0653 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010814 Category: SF Reference: BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99841063100516&w=2 Reference: CONFIRM:http://www.sendmail.org/8.11.html Reference: BID:3163 Reference: URL:http://www.securityfocus.com/bid/3163 Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number. Analysis ---------------- ED_PRI CAN-2001-0653 2 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0685 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0685 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98339581702282&w=2 Reference: BID:2835 Reference: URL:URL:http://www.securityfocus.com/bid/2835 Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file. Analysis ---------------- ED_PRI CAN-2001-0685 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0692 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010608 WatchGuard SMTP Proxy issue Reference: URL:http://www.securityfocus.com/archive/1/189783 Reference: BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99379787421319&w=2 Reference: XF:firebox-smtp-bypass-filter(6682) Reference: URL:http://xforce.iss.net/static/6682.php Reference: BID:2855 Reference: URL:http://www.securityfocus.com/bid/2855 SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes. Analysis ---------------- ED_PRI CAN-2001-0692 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0700 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192371 Reference: CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html Reference: XF:w3m-mime-header-bo(6725) Reference: URL:http://xforce.iss.net/static/6725.php Reference: BID:2895 Reference: URL:http://www.securityfocus.com/bid/2895 Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. Analysis ---------------- ED_PRI CAN-2001-0700 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0509 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0509 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010608 Category: SF Reference: MS:MS01-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-041.asp Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. Analysis ---------------- ED_PRI CAN-2001-0509 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC The advisory says that "The specific input values at issue here vary from RPC server to RPC server," which could mean that there are slightly different types of vulnerabilities in each server, e.g. an out-of-range integer in one RPC server, and an inability to handle a long string of null characters in another. On the other hand, there could be a single "central" location/code section that is called in different ways in each server, where CD:SF-LOC would suggest combining all items into a single candidate. But CD:SF-EXEC suggests creating separate candidates for each separate package. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0552 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010718 Category: SF Reference: BUGTRAQ:20010608 HP Openview NNM6.1 ovactiond bin exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99201278704545&w=2 Reference: CERT:CA-2001-24 Reference: URL:http://www.cert.org/advisories/CA-2001-24.html Reference: HP:HPSBUX0106-154 Reference: CERT-VN:VU#952171 Reference: URL:http://www.kb.cert.org/vuls/id/952171 Reference: BID:2845 Reference: URL:http://www.securityfocus.com/bid/2845 ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. Analysis ---------------- ED_PRI CAN-2001-0552 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0636 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0636 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010727 Category: SF Reference: ISS:20010806 Multiple Buffer Overflow Vulnerabilities in Raytheon SilentRunner Reference: URL:http://xforce.iss.net/alerts/advise91.php Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. Analysis ---------------- ED_PRI CAN-2001-0636 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0686 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0686 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html Reference: BID:2819 Reference: URL:http://www.securityfocus.com/bid/2819 Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to elevate privileges via a long HOME environmental variable. Analysis ---------------- ED_PRI CAN-2001-0686 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0687 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0687 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/190032 Reference: XF:broker-ftp-cd-directory-traversal(6674) Reference: URL:http://xforce.iss.net/static/6674.php Reference: BID:2853 Reference: URL:http://www.securityfocus.com/bid/2853 Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). Analysis ---------------- ED_PRI CAN-2001-0687 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0688 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0688 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/190032 Reference: BID:2851 Reference: URL:http://www.securityfocus.com/bid/2851 Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command. Analysis ---------------- ED_PRI CAN-2001-0688 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0689 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0689 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010607 [SNS Advisory No.29] Trend Micro Virus Control System(VCS) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0065.html Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program. Analysis ---------------- ED_PRI CAN-2001-0689 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0691 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0691 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: MANDRAKE:MDKSA-2001:054 Reference: URL:http://www.securityfocus.com/advisories/3352 Reference: BID:2856 Reference: URL:http://www.securityfocus.com/bid/2856 Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations. Analysis ---------------- ED_PRI CAN-2001-0691 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0693 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0693 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010603 Webtrends HTTP Server %20 bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99166905208903&w=2 Reference: BID:2812 Reference: URL:http://www.securityfocus.com/bid/2812 Reference: XF:webtrends-unicode-reveal-source(6639) Reference: URL:http://xforce.iss.net/static/6639.php WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). Analysis ---------------- ED_PRI CAN-2001-0693 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0696 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/191916 Reference: BID:2891 Reference: URL:http://www.securityfocus.com/bid/2891 Reference: XF:surgeftp-concon-dos(6712) Reference: URL:http://xforce.iss.net/static/6712.php NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. Analysis ---------------- ED_PRI CAN-2001-0696 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0698 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0698 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/191916 Reference: BID:2892 Reference: URL:http://www.securityfocus.com/bid/2892 Reference: XF:surgeftp-nlist-directory-traversal(6711) Reference: URL:http://xforce.iss.net/static/6711.php Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. Analysis ---------------- ED_PRI CAN-2001-0698 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0699 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0699 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192299 Reference: BID:2893 Reference: URL:http://www.securityfocus.com/bid/2893 Reference: XF:sun-cbreset-bo(6726) Reference: URL:http://xforce.iss.net/static/6726.php Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument. Analysis ---------------- ED_PRI CAN-2001-0699 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0701 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192667 Reference: BID:2898 Reference: URL:http://www.securityfocus.com/bid/2898 Reference: XF:sunvts-ptexec-bo(6736) Reference: URL:http://xforce.iss.net/static/6736.php Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. Analysis ---------------- ED_PRI CAN-2001-0701 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0702 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0702 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 Cerberus FTP Server 1.x Remote DoS attack Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192655 Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd Reference: URL:http://www.securityfocus.com/archive/1/194914 Reference: BID:2901 Reference: URL:http://www.securityfocus.com/bid/2901 Reference: XF:cerberus-ftp-bo(6728) Reference: URL:http://xforce.iss.net/static/6728.php Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. Analysis ---------------- ED_PRI CAN-2001-0702 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0703 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0703 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities. Reference: URL:http://www.securityfocus.com/archive/1/192651 Reference: XF:arcadia-tradecli-dos(6739) Reference: URL:http://xforce.iss.net/static/6739.php Reference: BID:2905 Reference: URL:http://www.securityfocus.com/bid/2905 tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. Analysis ---------------- ED_PRI CAN-2001-0703 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0704 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0704 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities. Reference: URL:http://www.securityfocus.com/archive/1/192651 Reference: XF:arcadia-tradecli-reveal-path(6738) Reference: URL:http://xforce.iss.net/static/6738.php Reference: BID:2904 Reference: URL:http://www.securityfocus.com/bid/2904 tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. Analysis ---------------- ED_PRI CAN-2001-0704 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0705 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0705 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities. Reference: URL:http://www.securityfocus.com/archive/1/192651 Reference: XF:arcadia-tradecli-directory-traversal(6737) Reference: URL:http://xforce.iss.net/static/6737.php Reference: BID:2902 Reference: URL:http://www.securityfocus.com/bid/2902 Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. Analysis ---------------- ED_PRI CAN-2001-0705 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0706 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0706 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010612 Rumpus FTP DoS vol. 2 Reference: URL:http://www.securityfocus.com/archive/1/190932 Reference: XF:rumpus-ftp-directory-dos(6699) Reference: URL:http://xforce.iss.net/static/6699.php Reference: BID:2864 Reference: URL:http://www.securityfocus.com/bid/2864 Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. Analysis ---------------- ED_PRI CAN-2001-0706 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0709 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0709 Final-Decision: Interim-Decision: Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010622 [VIGILANTE-2001001] ASP source code retrieved with Unicode extens ion Reference: URL:http://www.securityfocus.com/archive/1/192802 Reference: BID:2909 Reference: URL:http://www.securityfocus.com/bid/2909 Reference: XF:iis-unicode-asp-disclosure(6742) Reference: URL:http://xforce.iss.net/static/6742.php Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. Analysis ---------------- ED_PRI CAN-2001-0709 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
