[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[INTERIM] ACCEPT 98 candidates (Final 9/14)
- To: cve-editorial-board-list@lists.mitre.org
- Subject: [INTERIM] ACCEPT 98 candidates (Final 9/14)
- From: "Steven M. Christey" <coley@linus.mitre.org>
- Date: Mon, 10 Sep 2001 21:19:11 -0400 (EDT)
- Delivery-Date: Mon Sep 10 21:19:24 2001
- Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following 98 candidates, most of which are from various RECENT-XX clusters. I will make a Final Decision on September 14. I don't think I've ever seen such a large set of different voters. Thanks to everyone for contributing! Voters: Renaud ACCEPT(18) NOOP(8) Ozancin NOOP(4) LeBlanc NOOP(4) Magdych ACCEPT(11) NOOP(7) Cole ACCEPT(71) NOOP(19) Balinsky ACCEPT(13) MODIFY(1) NOOP(3) Blake ACCEPT(2) Foat ACCEPT(6) NOOP(1) Williams ACCEPT(25) MODIFY(1) Oliver ACCEPT(11) NOOP(6) Christey NOOP(17) Wall ACCEPT(23) NOOP(61) Ziese ACCEPT(65) NOOP(20) Levy ACCEPT(6) Dik ACCEPT(3) Frech ACCEPT(25) MODIFY(69) Mell ACCEPT(2) Stracener ACCEPT(7) Bollinger ACCEPT(1) NOOP(1) Baker ACCEPT(81) Collins ACCEPT(5) Lawler ACCEPT(10) NOOP(1) Bishop ACCEPT(2) Prosser ACCEPT(2) Armstrong ACCEPT(2) NOOP(6) ACCEPT --> 94 ACCEPT_ACK --> 4 ====================================================== Candidate: CAN-1999-0756 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0756 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010214 Assigned: 19991125 Category: SF Reference: ALLAIRE:ASB99-07 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full Reference: XF:coldfusion-admin-dos(2207) Reference: URL:http://xforce.iss.net/static/2207.php ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-1999-0756 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Frech NOOP(1) Cole Voter Comments: Frech> XF:coldfusion-admin-dos ====================================================== Candidate: CAN-2000-0243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0243 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at: Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-exception-dos(4189) Reference: URL:http://xforce.iss.net/static/4189.php Reference: BID:1076 Reference: URL:http://www.securityfocus.com/bid/1076 AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin. Modifications: DESC Remove "buffer overflow" CHANGEREF [normalize] XF:simpleserver-exception-dos(4189) INFERRED ACTION: CAN-2000-0243 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Baker NOOP(3) Cole, Magdych, Christey Voter Comments: Christey> Change description: this is a buffer *underflow*, now overflow. CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0568 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se Reference: XF:sybergen-routing-table-modify Reference: BID:1417 Reference: URL:http://www.securityfocus.com/bid/1417 Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes. INFERRED ACTION: CAN-2000-0568 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Baker, Frech NOOP(6) Wall, Cole, Armstrong, Magdych, LeBlanc, Ozancin Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0569 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html Reference: BID:1420 Reference: URL:http://www.securityfocus.com/bid/1420 Reference: XF:sygate-udp-packet-dos(5049) Reference: URL:http://xforce.iss.net/static/5049.php Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface. Modifications: CHANGEREF Change MISC reference to WIN2KSEC ADDREF XF:sygate-udp-packet-dos(5049) INFERRED ACTION: CAN-2000-0569 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Baker, Cole MODIFY(1) Frech NOOP(5) Wall, Armstrong, Magdych, LeBlanc, Ozancin Voter Comments: Frech> XF:sygate-udp-packet-dos(5049) CHANGE> [Cole changed vote from NOOP to ACCEPT] CHANGE> [Armstrong changed vote from REVIEWING to NOOP] CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0576 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0576 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html Reference: BID:1427 Reference: URL:http://www.securityfocus.com/bid/1427 Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. INFERRED ACTION: CAN-2000-0576 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Levy, Baker, Cole, Blake, Collins MODIFY(1) Frech NOOP(6) Wall, Bollinger, Armstrong, Magdych, LeBlanc, Ozancin Voter Comments: Frech> XF:oracle-web-listener-dos(4874) CHANGE> [Cole changed vote from NOOP to ACCEPT] CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0620 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0620 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2 Reference: BID:1409 Reference: URL:http://www.securityfocus.com/bid/1409 Reference: XF:libx11-infinite-loop-dos(4996) Reference: URL:http://xforce.iss.net/static/4996.php libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. Modifications: ADDREF BUGTRAQ:20000619 XFree86: Various nasty libX11 holes ADDREF XF:libx11-infinite-loop-dos(4996) INFERRED ACTION: CAN-2000-0620 ACCEPT (7 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Levy, Baker, Cole, Armstrong, Blake, Collins MODIFY(1) Frech NOOP(4) Wall, Magdych, LeBlanc, Ozancin Voter Comments: Frech> XF:libx11-infinite-loop-dos(4996) See also http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-22%26msg%3DPine.LNX.4.21.0006192251480.9945-100000@ferret.lmh.ox.ac.uk, specifically flaw #2. CHANGE> [Cole changed vote from NOOP to ACCEPT] CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0799 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0799 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20001101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I Reference: BID:1530 Reference: URL:http://www.securityfocus.com/bid/1530 Reference: XF:irix-inpview-symlink(5065) Reference: URL:http://xforce.iss.net/static/5065.php inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file. Modifications: ADDREF XF:irix-inpview-symlink(5065) ADDREF SGI:20001101-01-I Add "InPerson" to facilitate search; add details for affected file. INFERRED ACTION: CAN-2000-0799 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Baker NOOP(3) Wall, Cole, Christey Voter Comments: Christey> XF:irix-inpview-symlink http://xforce.iss.net/static/5065.php Christey> ADDREF SGI:20001101-01-I URL:http://archives.neohapsis.com/archives/vendor/2000-q4/0072.html Christey> Add "InPerson" to description to facilitate search, and describe the affected file as ".ilmpAAA" A brief allusion to this problem is also in: BUGTRAQ:19970507 Irix: misc http://www.securityfocus.com/archive/1/6702 ====================================================== Candidate: CAN-2000-0877 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0877 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html Reference: BID:1670 Reference: URL:http://www.securityfocus.com/bid/1670 Reference: XF:mailform-attach-file Reference: URL:http://xforce.iss.net/static/5224.php mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. INFERRED ACTION: CAN-2000-0877 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Collins, Baker NOOP(4) Wall, Cole, Armstrong, Magdych ====================================================== Candidate: CAN-2000-0897 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0897 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20001219 Assigned: 20001114 Category: SF Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2 Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm Reference: BID:1941 Reference: URL:http://www.securityfocus.com/bid/1941 Reference: XF:small-http-nofile-dos(5524) Reference: URL:http://xforce.iss.net/static/5524.php Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. Modifications: ADDREF XF:small-http-nofile-dos(5524) ADDREF CONFIRM:http://home.lanck.net/mf/srv/index.htm DESC Change version to "before 2.03" based on vendor acknowledgement. INFERRED ACTION: CAN-2000-0897 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Balinsky MODIFY(1) Frech NOOP(3) Wall, Cole, Armstrong Voter Comments: Frech> XF:small-http-nofile-dos(5524) Balinsky> Vendor acknowledges problem in version 2.03 comments at this URL: http://home.lanck.net/mf/srv/index.htm ====================================================== Candidate: CAN-2000-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0945 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html Reference: BUGTRAQ:20001113 Re: 3500XL Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html Reference: XF:cisco-catalyst-remote-commands(5415) Reference: URL:http://xforce.iss.net/static/5415.php Reference: BID:1846 Reference: URL:http://www.securityfocus.com/bid/1846 The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. Modifications: CHANGEREF [normalize] XF:cisco-catalyst-remote-commands ADDREF BID:1846 ADDREF BUGTRAQ:20001113 Re: 3500XL DESC added "when enable password is not set" based on Cisco followup INFERRED ACTION: CAN-2000-0945 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Cole, Frech, Ziese, Renaud, Mell, Baker NOOP(2) Christey, Balinsky Voter Comments: Christey> See Cisco's response at: http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html It also references BID:1846 CHANGE> [Balinsky changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1047 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server Reference: URL:http://www.securityfocus.com/archive/1/143071 Reference: BID:1905 Reference: URL:http://www.securityfocus.com/bid/1905 Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. INFERRED ACTION: CAN-2000-1047 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Mell, Baker, Collins NOOP(2) Cole, Wall Voter Comments: Collins> SPR CDOY4GFP35 @ http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=CDOY4GFP35&SearchMax=0&Start=1&Count=25 ====================================================== Candidate: CAN-2001-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0004 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-02 Proposed: 20010202 Assigned: 20010104 Category: SF Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2 Reference: MS:MS01-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp Reference: BID:2313 Reference: URL:http://www.securityfocus.com/bid/2313 Reference: XF:iis-read-files(5903) Reference: URL:http://xforce.iss.net/static/5903.php IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. Modifications: ADDREF XF:iis-read-files(5903) ADDREF BID:2313 INFERRED ACTION: CAN-2001-0004 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Baker, Cole, Collins, Ziese, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:microsoft-iis-read-files(5903) Christey> Change XF:microsoft-iis-read-files to XF:iis-read-files Christey> XF:iis-read-files(5903) BID:2313 Christey> XF:iis-isapi-obtain-code URL:http://xforce.iss.net/static/6032.php Christey> OK, the proper XF reference to use is iis-read-files(5903). ====================================================== Candidate: CAN-2001-0020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0020 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010202 Assigned: 20010131 Category: SF Reference: ATSTAKE:A013101-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml Reference: XF:cisco-ccs-file-access(6031) Reference: URL:http://xforce.iss.net/static/6031.php Reference: BID:2331 Reference: URL:http://www.securityfocus.com/bid/2331 Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:cisco-ccs-file-access(6031) ADDREF BID:2331 INFERRED ACTION: CAN-2001-0020 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Ziese MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:cisco-ccs-file-access(6031) Christey> XF:cisco-ccs-file-access Christey> BID:2331 URL:http://www.securityfocus.com/bid/2331 ====================================================== Candidate: CAN-2001-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0077 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010202 Assigned: 20010201 Category: Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html Reference: XF:clustmon-no-authentication(6123) Reference: URL:http://xforce.iss.net/static/6123.php The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. Modifications: ADDREF XF:clustmon-no-authentication(6123) INFERRED ACTION: CAN-2001-0077 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Dik MODIFY(1) Frech NOOP(3) Cole, Ziese, Wall Voter Comments: Frech> XF:clustmon-no-authentication(6123) ====================================================== Candidate: CAN-2001-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0078 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html Reference: XF:ha-nfs-symlink(6125) Reference: URL:http://xforce.iss.net/static/6125.php in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. Modifications: ADDREF XF:ha-nfs-symlink(6125) INFERRED ACTION: CAN-2001-0078 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Dik MODIFY(1) Frech NOOP(3) Cole, Ziese, Wall Voter Comments: Frech> XF:ha-nfs-symlink(6125) ====================================================== Candidate: CAN-2001-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0095 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html Reference: SUNBUG:4392144 Reference: XF:solaris-catman-symlink(5788) Reference: URL:http://xforce.iss.net/static/5788.php catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. Modifications: ADDREF SUNBUG:4392144 CHANGEREF [normalize] XF:solaris-catman-symlink(5788) INFERRED ACTION: CAN-2001-0095 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Frech, Dik NOOP(3) Cole, Ziese, Wall Voter Comments: Dik> Sun bug 4392144 ====================================================== Candidate: CAN-2001-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0108 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://www.securityfocus.com/archive/1/156202 Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: XF:php-htaccess-unauth-access(5940) Reference: URL:http://xforce.iss.net/static/5940.php Reference: BID:2206 Reference: URL:http://www.securityfocus.com/bid/2206 PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. Modifications: ADDREF MANDRAKE:MDKSA-2001:013 ADDREF CONECTIVA:CLA-2001:373 ADDREF DEBIAN:DSA-020 ADDREF XF:php-htaccess-unauth-access(5940) INFERRED ACTION: CAN-2001-0108 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Oliver MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2001:013 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Note that a second PHP problem is described here, but I don't think it's been given a CAN yet. CONECTIVA:CLA-2001:373 DEBIAN:DSA-020 http://www.debian.org/security/2001/dsa-020 XF:php-htaccess-unauth-access http://xforce.iss.net/static/5940.php Frech> XF:php-htaccess-unauth-access(5940) Oliver> Multiple vendor acknowledgement ====================================================== Candidate: CAN-2001-0121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0121 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html Reference: XF:storagesoft-imagecast-dos(5901) Reference: URL:http://xforce.iss.net/static/5901.php Reference: BID:2174 Reference: URL:http://www.securityfocus.com/bid/2174 ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. Modifications: ADDREF XF:storagesoft-imagecast-dos(5901) INFERRED ACTION: CAN-2001-0121 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Oliver MODIFY(1) Frech NOOP(4) Wall, Cole, Magdych, Christey Voter Comments: Frech> XF:storagesoft-imagecast-dos(5901) Christey> XF:storagesoft-imagecast-dos URL:http://xforce.iss.net/static/5901.php Baker> An email to Storagesoft technical support resulted in an answer, confirming the existance of the vulnerability, and that it has not yet been patched, and it is unknown if the newer version 4.5, due for release will address it either. Subject: ImageCast IC3 v 4.1 [Incident:main 010420-0020] Date: Fri, 20 Apr 2001 15:42:55 -0600 (Mountain Daylight Time) From: support@storagesoft.com To: bakerd@mitre.org Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response. If we do not hear from you within 3 business days we will assume your issue has been resolved. Thank you for allowing us to be of service to you. ------------------------------------------------------------- Summary: ImageCast IC3 v 4.1 Suggested Solution: At 04/20/2001 03:38 PM we wrote - Has this been fixed in release 4.2? No, the 4.2 control console is very similiar(in code) to 4.1. We are currently releasing 4.5 version - this is re-written code. It is available for evaluation on our downloads section, heres a link: http://www.storagesoft.com/support/updates.asp This (Security Issue) has not been tested however on 4.5. Keith J. STorageSoft technical Services Incident Details: Reference #: 010420-0020 Product (R): ImageCast Sub-Product: Control Center Category (R): General Contact: bakerd@mitre.org Date Created: 04/20/2001 10:15 AM Last Updated: 04/20/2001 03:42 PM Elapsed Time: 5 Hours, 27 Minutes Status: Unresolved Description: ImageCast IC3 is subject to a denial of service. By sending unusually long strings to the ICCC service listening on port 12002, the program will consume all available CPU usage refusing any new connections. Additionally, sending multiple packets containing long strings to port 8081 will cause the ICCC service (ICCC.exe) to crash completely. A restart of the application is required in order to gain normal functionality. Has this been fixed in release 4.2? I have reviewed the change notes on your site at : http://www.storagesoft.com/support/docs/currentversion/ReleaseNotes.htm but it does not mention the fix for these problems. Can you either confirm that this has been repaired or tell me when the problem will be repaired in a released version of the product? ====================================================== Candidate: CAN-2001-0136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0136 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service Reference: URL:http://www.securityfocus.com/archive/1/152206 Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html Reference: MANDRAKE:MDKSA-2001:021 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3 Reference: DEBIAN:DSA-029 Reference: URL:http://www.debian.org/security/2001/dsa-029 Reference: CONECTIVA:CLA-2001:380 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380 Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html Reference: XF:proftpd-size-memory-leak Reference: URL:http://xforce.iss.net/static/5801.php Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. Modifications: ADDREF MANDRAKE:MDKSA-2001:021 ADDREF DEBIAN:DSA-029 ADDREF CONECTIVA:CLA-2001:380 ADDREF BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel INFERRED ACTION: CAN-2001-0136 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Magdych, Frech NOOP(3) Wall, Cole, Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2001:021 ADDREF DEBIAN:DSA-029 ADDREF CONECTIVA:CLA-2001:380 Christey> BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html ====================================================== Candidate: CAN-2001-0155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0155 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010216 Category: SF Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. Modifications: ADDREF CONFIRM:http://www.vandyke.com/products/vshell/security102.html DESC Change "long user name," which implies an overflow. INFERRED ACTION: CAN-2001-0155 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Baker MODIFY(1) Frech NOOP(2) Cole, Ziese Voter Comments: Frech> XF:vshell-username-bo(6146) CONFIRM:http://www.vandyke.com/products/vshell/security102.html ====================================================== Candidate: CAN-2001-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0164 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010307 Category: SF Reference: ATSTAKE:A030701-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt Reference: XF:netscape-directory-server-bo(6233) Reference: URL:http://xforce.iss.net/static/6233.php Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. Modifications: ADDREF XF:netscape-directory-server-bo(6233) INFERRED ACTION: CAN-2001-0164 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Lawler, Baker, Cole, Ziese MODIFY(1) Frech Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:netscape-directory-server-bo(6233) ====================================================== Candidate: CAN-2001-0174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0174 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html Reference: XF:virusbuster-mua-bo(6034) Reference: URL:http://xforce.iss.net/static/6034.php Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address. Modifications: CHANGEREF [normalize] XF:virusbuster-mua-bo(6034) INFERRED ACTION: CAN-2001-0174 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Baker, Frech NOOP(1) Ziese Voter Comments: Lawler> Upgrade to 8.01 or later. ====================================================== Candidate: CAN-2001-0175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0175 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2 Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2 Reference: BID:2273 Reference: URL:http://www.securityfocus.com/bid/2273 Reference: XF:netscape-fasttrack-cache-dos(5985) Reference: URL:http://xforce.iss.net/static/5985.php The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. Modifications: DESC Fix typo: "URL's" should be "URLs" CHANGEREF [normalize] XF:netscape-fasttrack-cache-dos(5985) INFERRED ACTION: CAN-2001-0175 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Baker, Frech NOOP(1) Ziese Voter Comments: Frech> In description, consider changing possessive "URL's" to plural "URLs". ====================================================== Candidate: CAN-2001-0176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0176 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html Reference: BID:2125 Reference: URL:http://www.securityfocus.com/bid/2125 Reference: XF:sonata-command-execute(5787) Reference: URL:http://xforce.iss.net/static/5787.php The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. Modifications: ADDREF XF:sonata-command-execute(5787) INFERRED ACTION: CAN-2001-0176 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Baker MODIFY(1) Frech NOOP(1) Ziese Voter Comments: Lawler> This doroot command appears to be a "feature" to the vendor. Frech> XF:sonata-command-execute(5787) ====================================================== Candidate: CAN-2001-0182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0182 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html Reference: XF:fw1-limited-license-dos Reference: URL:http://xforce.iss.net/static/5966.php Reference: BID:2238 Reference: URL:http://www.securityfocus.com/bid/2238 FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. Modifications: DESC Fix typo INFERRED ACTION: CAN-2001-0182 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Baker, Frech NOOP(1) Ziese Voter Comments: Lawler> Checkpoint is fixing this in the next service release. A work around is available. Frech> In description, product name is FireWall-1. ====================================================== Candidate: CAN-2001-0189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0189 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html Reference: BID:2268 Reference: URL:http://www.securityfocus.com/bid/2268 Reference: XF:localweb2k-directory-traversal Reference: URL:http://xforce.iss.net/static/5982.php Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. INFERRED ACTION: CAN-2001-0189 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Baker, Frech NOOP(1) Ziese Voter Comments: Lawler> Will be fixed in a future release. ====================================================== Candidate: CAN-2001-0203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0203 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html Reference: BID:2284 Reference: URL:http://www.securityfocus.com/bid/2284 Reference: XF:watchguard-firebox-obtain-passphrase Reference: URL:http://xforce.iss.net/static/5979.php Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication. INFERRED ACTION: CAN-2001-0203 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Frech, Oliver NOOP(1) Ziese Voter Comments: Oliver> Vendor acknowledged and commented in hotfix ====================================================== Candidate: CAN-2001-0207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0207 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010119 Buffer overflow in bing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0333.html Reference: XF:linux-bing-bo Reference: URL:http://xforce.iss.net/static/6036.php Reference: BID:2279 Reference: URL:http://www.securityfocus.com/bid/2279 Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function. Modifications: DESC Fix typo: "toe xecute" INFERRED ACTION: CAN-2001-0207 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Oliver NOOP(2) Lawler, Ziese Voter Comments: Frech> In description, normalize spelling of "toe xecute" ====================================================== Candidate: CAN-2001-0215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0215 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html Reference: XF:roads-search-view-files(6097) Reference: URL:http://xforce.iss.net/static/6097.php Reference: BID:2371 Reference: URL:http://www.securityfocus.com/bid/2371 ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Modifications: ADDREF XF:roads-search-view-files(6097) ADDREF CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html INFERRED ACTION: CAN-2001-0215 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Lawler, Baker MODIFY(1) Frech NOOP(3) Cole, Christey, Ziese Voter Comments: Frech> XF:roads-search-view-files(6097) CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html Christey> CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html ====================================================== Candidate: CAN-2001-0235 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0235 Final-Decision: Interim-Decision: 20010911 Modified: 20010430-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: DEBIAN:DSA-024 Reference: URL:http://www.debian.org/security/2001/dsa-024 Reference: FREEBSD:FreeBSD-SA-01:09 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc Reference: XF:crontab-read-files(6225) Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. Modifications: ADDREF XF:crontab-read-files(6225) INFERRED ACTION: CAN-2001-0235 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Lawler, Baker, Ziese MODIFY(1) Frech Voter Comments: Lawler> Recommend maintaining reference to CVE-2000-0972 Frech> XF:crontab-read-files(6225) ====================================================== Candidate: CAN-2001-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0237 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2 Reference: MS:MS01-024 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp Reference: CIAC:L-079 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml Reference: XF:win2k-kerberos-dos(6506) Reference: URL:http://xforce.iss.net/static/6506.php Reference: BID:2707 Reference: URL:http://www.securityfocus.com/bid/2707 Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. Modifications: ADDREF XF:win2k-kerberos-dos(6506) ADDREF CIAC:L-079 ADDREF BID:2707 INFERRED ACTION: CAN-2001-0237 ACCEPT (9 accept, 2 ack, 0 review) Current Votes: ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese MODIFY(1) Frech NOOP(1) Christey Voter Comments: Balinsky> Although Microsoft does not specify that the memory leak is in the LSA subsystem, the behavior they describe is identical to that in the Bugtraq post. Frech> XF:win2k-kerberos-dos(6506) Christey> BID:2707 URL:http://www.securityfocus.com/bid/2707 ====================================================== Candidate: CAN-2001-0238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0238 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: MS:MS01-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-022.asp Reference: CIAC:L-074 Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml Reference: XF:ms-dacipp-webdav-access(6405) Reference: URL:http://xforce.iss.net/static/6405.php Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. Modifications: ADDREF XF:ms-dacipp-webdav-access(6405) ADDREF CIAC:L-074 INFERRED ACTION: CAN-2001-0238 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Wall, Renaud, Baker, Cole, Williams, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:ms-dacipp-webdav-access(6405) ====================================================== Candidate: CAN-2001-0239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0239 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/176912 Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/179986 Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/177160 Reference: MS:MS01-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-021.asp Reference: CIAC:L-073 Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml Reference: BID:2600 Reference: URL:http://www.securityfocus.com/bid/2600 Reference: XF:isa-web-proxy-dos(6383) Reference: URL:http://xforce.iss.net/static/6383.php Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. Modifications: DESC Remove "possibly execute arbitrary commands" ADDREF XF:isa-web-proxy-dos(6383) ADDREF CIAC:L-073 INFERRED ACTION: CAN-2001-0239 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Wall, Renaud, Baker, Cole, Ziese MODIFY(2) Williams, Frech Voter Comments: Frech> XF:isa-web-proxy-dos(6383) Williams> get rid of "execute arbitrary commands" part of description. preliminary analyis initially suggested that an exploitable overflow may have been present. subsequent source code analysis by Microsoft indicated that only a heap overflow is present, and therefore that this vulnerability is not exploitable beyond DoS. ====================================================== Candidate: CAN-2001-0240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0240 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: MS:MS01-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp Reference: XF:word-rtf-macro-execution(6571) Reference: URL:http://xforce.iss.net/static/6571.php Reference: BID:2753 Reference: URL:http://www.securityfocus.com/bid/2753 Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. Modifications: ADDREF XF:word-rtf-macro-execution(6571) ADDREF BID:2753 INFERRED ACTION: CAN-2001-0240 ACCEPT (7 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese MODIFY(1) Frech NOOP(2) Renaud, Christey Voter Comments: Frech> XF:word-rtf-macro-execution(6571) Christey> BID:2753 URL:http://www.securityfocus.com/bid/2753 ====================================================== Candidate: CAN-2001-0241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2 Reference: MS:MS01-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp Reference: CERT:CA-2001-10 Reference: URL:http://www.cert.org/advisories/CA-2001-10.html Reference: BID:2674 Reference: URL:http://www.securityfocus.com/bid/2674 Reference: XF:iis-isapi-printer-bo(6485) Reference: URL:http://xforce.iss.net/static/6485.php Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. Modifications: ADDREF XF:iis-isapi-printer-bo(6485) ADDREF CERT:CA-2001-10 INFERRED ACTION: CAN-2001-0241 ACCEPT (9 accept, 2 ack, 0 review) Current Votes: ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese MODIFY(1) Frech Voter Comments: Balinsky> The advisory authors reference the vendor acknowledgement, and agree with its accuracy. Frech> XF:iis-isapi-printer-bo(6485) ====================================================== Candidate: CAN-2001-0243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0243 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: MS:MS01-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp Reference: XF:mediaplayer-html-shortcut(6584) Reference: URL:http://xforce.iss.net/static/6584.php Reference: BID:2765 Reference: URL:http://www.securityfocus.com/bid/2765 Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. Modifications: ADDREF XF:mediaplayer-html-shortcut(6584) ADDREF BID:2765 INFERRED ACTION: CAN-2001-0243 ACCEPT (7 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese MODIFY(1) Frech NOOP(2) Renaud, Christey Voter Comments: Frech> XF:mediaplayer-html-shortcut(6584) Christey> BID:2765 URL:http://www.securityfocus.com/bid/2765 ====================================================== Candidate: CAN-2001-0244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0244 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: MS:MS01-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp Reference: BID:2709 Reference: URL:http://www.securityfocus.com/bid/2709 Reference: XF:winnt-indexserver-search-bo(6517) Reference: URL:http://xforce.iss.net/static/6517.php Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. Modifications: ADDREF XF:winnt-indexserver-search-bo(6517) ADDREF BID:2709 INFERRED ACTION: CAN-2001-0244 ACCEPT (9 accept, 1 ack, 0 review) Current Votes: ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:winnt-indexserver-search-bo(6517) ====================================================== Candidate: CAN-2001-0245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0245 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010319 Category: SF Reference: MS:MS01-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp Reference: XF:win-indexserver-view-files(6518) Reference: URL:http://xforce.iss.net/static/6518.php Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. Modifications: ADDREF XF:win-indexserver-view-files(6518) INFERRED ACTION: CAN-2001-0245 ACCEPT (9 accept, 1 ack, 0 review) Current Votes: ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:win-indexserver-view-files(6518) ====================================================== Candidate: CAN-2001-0248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0248 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010322 Category: SF Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp Reference: CERT:CA-2001-07 Reference: URL:http://www.cert.org/advisories/CA-2001-07.html Reference: BID:2552 Reference: URL:http://www.securityfocus.com/bid/2552 Reference: XF:ftp-glob-expansion(6332) Reference: URL:http://xforce.iss.net/static/6332.php Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. Modifications: ADDREF XF:ftp-glob-expansion(6332) CONTENT-DECISIONS: SF-LOC, SF-CODEBASE INFERRED ACTION: CAN-2001-0248 ACCEPT (5 accept, 2 ack, 0 review) HAS_CDS Current Votes: ACCEPT(4) Renaud, Baker, Cole, Ziese MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ftp-glob-expansion(6332) ====================================================== Candidate: CAN-2001-0249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0249 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010322 Category: SF Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp Reference: CERT:CA-2001-07 Reference: URL:http://www.cert.org/advisories/CA-2001-07.html Reference: BID:2550 Reference: URL:http://www.securityfocus.com/bid/2550 Reference: XF:ftp-glob-expansion(6332) Reference: URL:http://xforce.iss.net/static/6332.php Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. Modifications: ADDREF XF:ftp-glob-expansion(6332) CONTENT-DECISIONS: SF-LOC, SF-CODEBASE INFERRED ACTION: CAN-2001-0249 ACCEPT (5 accept, 2 ack, 0 review) HAS_CDS Current Votes: ACCEPT(4) Renaud, Baker, Cole, Ziese MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ftp-glob-expansion(6332) ====================================================== Candidate: CAN-2001-0330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0330 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010427 Category: SF Reference: ATSTAKE:A043001-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt Reference: BID:2671 Reference: URL:http://www.securityfocus.com/bid/2671 Reference: XF:bugzilla-gobalpl-gain-information(6489) Reference: URL:http://xforce.iss.net/static/6489.php Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. Modifications: ADDREF XF:bugzilla-gobalpl-gain-information(6489) INFERRED ACTION: CAN-2001-0330 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Renaud, Baker, Cole, Williams MODIFY(1) Frech NOOP(3) Ziese, Wall, Oliver Voter Comments: Frech> XF:bugzilla-gobalpl-gain-information(6489) ====================================================== Candidate: CAN-2001-0331 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010508 Category: SF Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure Reference: URL:http://xforce.iss.net/alerts/advise76.php Reference: SGI:20010501-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P Reference: XF:irix-espd-bo(6502) Reference: URL:http://xforce.iss.net/static/6502.php Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. Modifications: ADDREF XF:irix-espd-bo(6502) INFERRED ACTION: CAN-2001-0331 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Renaud, Baker, Cole, Magdych, Williams MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:irix-espd-bo(6502) ====================================================== Candidate: CAN-2001-0333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2 Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: CERT:CA-2001-12 Reference: URL:http://www.cert.org/advisories/CA-2001-12.html Reference: XF:iis-url-decoding(6534) Reference: URL:http://xforce.iss.net/static/6534.php Reference: BID:2708 Reference: URL:http://www.securityfocus.com/bid/2708 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. Modifications: ADDREF XF:iis-url-decoding(6534) ADDREF BID:2708 ADDREF CERT:CA-2001-12 INFERRED ACTION: CAN-2001-0333 ACCEPT (8 accept, 2 ack, 0 review) Current Votes: ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-url-decoding(6534) Christey> BID:2708 URL:http://www.securityfocus.com/bid/2708 ====================================================== Candidate: CAN-2001-0334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0334 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-ftp-wildcard-dos(6535) Reference: URL:http://xforce.iss.net/static/6535.php FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. Modifications: ADDREF XF:iis-ftp-wildcard-dos(6535) INFERRED ACTION: CAN-2001-0334 ACCEPT (8 accept, 1 ack, 0 review) Current Votes: ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams MODIFY(1) Frech Voter Comments: Frech> XF:iis-ftp-wildcard-dos(6535) ====================================================== Candidate: CAN-2001-0335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0335 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-ftp-domain-authentication(6545) Reference: URL:http://xforce.iss.net/static/6545.php Reference: BID:2719 Reference: URL:http://www.securityfocus.com/bid/2719 FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. Modifications: ADDREF XF:iis-ftp-domain-authentication(6545) INFERRED ACTION: CAN-2001-0335 ACCEPT (8 accept, 1 ack, 0 review) Current Votes: ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-ftp-domain-authentication(6545) Christey> BID:2719 URL:http://www.securityfocus.com/bid/2719 ====================================================== Candidate: CAN-2001-0336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0336 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: MS:MS01-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp Reference: XF:iis-crosssitescripting-patch-dos(6858) Reference: URL:http://xforce.iss.net/static/6858.php The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. Modifications: ADDREF XF:iis-crosssitescripting-patch-dos(6858) INFERRED ACTION: CAN-2001-0336 ACCEPT (7 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Wall, Renaud, Baker, Cole, Williams MODIFY(1) Frech Voter Comments: Frech> XF:iis-crosssitescripting-patch-dos(6858) ====================================================== Candidate: CAN-2001-0338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0338 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: MS:MS01-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp Reference: CIAC:L-087 Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml Reference: XF:ie-crl-certificate-spoofing(6555) Reference: URL:http://xforce.iss.net/static/6555.php Reference: BID:2735 Reference: URL:http://www.securityfocus.com/bid/2735 Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." Modifications: ADDREF XF:ie-crl-certificate-spoofing(6555) ADDREF BID:2735 ADDREF CIAC:L-087 INFERRED ACTION: CAN-2001-0338 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Wall, Baker, Balinsky, Cole, Williams MODIFY(1) Frech NOOP(2) Ziese, Renaud Voter Comments: Frech> XF:ie-crl-certificate-spoofing(6555) ====================================================== Candidate: CAN-2001-0339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0339 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010510 Category: SF Reference: MS:MS01-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp Reference: CIAC:L-087 Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml Reference: XF:ie-html-url-spoofing(6556) Reference: URL:http://xforce.iss.net/static/6556.php Reference: BID:2737 Reference: URL:http://www.securityfocus.com/bid/2737 Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." Modifications: ADDREF XF:ie-html-url-spoofing(6556) ADDREF BID:2737 ADDREF CIAC:L-087 INFERRED ACTION: CAN-2001-0339 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Baker, Balinsky, Williams MODIFY(1) Frech NOOP(3) Ziese, Renaud, Cole Voter Comments: Frech> XF:ie-html-url-spoofing(6556) ====================================================== Candidate: CAN-2001-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0340 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010510 Category: SF Reference: MS:MS01-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp Reference: CIAC:L-091 Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml Reference: XF:exchange-owa-script-execution(6652) Reference: URL:http://xforce.iss.net/static/6652.php An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. Modifications: ADDREF XF:exchange-owa-script-execution(6652) ADDREF CIAC:L-091 INFERRED ACTION: CAN-2001-0340 ACCEPT (8 accept, 2 ack, 0 review) Current Votes: ACCEPT(7) Ziese, Prosser, Stracener, Wall, Balinsky, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:exchange-owa-script-execution(6652) Prosser> MS01-030 ====================================================== Candidate: CAN-2001-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0341 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20010829 Assigned: 20010510 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2 Reference: MS:MS01-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp Reference: BID:2906 Reference: URL:http://www.securityfocus.com/bid/2906 Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. INFERRED ACTION: CAN-2001-0341 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Bishop, Ziese, Wall, Cole NOOP(1) Armstrong ====================================================== Candidate: CAN-2001-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0344 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-032 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp Reference: CIAC:L-095 Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml Reference: XF:mssql-cached-connection-access(6684) Reference: URL:http://xforce.iss.net/static/6684.php An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. Modifications: ADDREF XF:mssql-cached-connection-access(6684) ADDREF CIAC:L-095 INFERRED ACTION: CAN-2001-0344 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:mssql-cached-connection-access(6684) ====================================================== Candidate: CAN-2001-0345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0345 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: BID:2843 Reference: URL:http://www.securityfocus.com/bid/2843 Reference: XF:win2k-telnet-idle-sessions-dos(6667) Reference: URL:http://xforce.iss.net/static/6667.php Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. Modifications: ADDREF XF:win2k-telnet-idle-sessions-dos(6667) ADDREF BID:2843 INFERRED ACTION: CAN-2001-0345 ACCEPT (7 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:win2k-telnet-idle-sessions-dos(6667) ====================================================== Candidate: CAN-2001-0346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0346 Final-Decision: Interim-Decision: 20010911 Modified: Proposed: 20010829 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. INFERRED ACTION: CAN-2001-0346 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Bishop, Ziese, Wall, Cole, Armstrong ====================================================== Candidate: CAN-2001-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0347 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: BID:2847 Reference: URL:http://www.securityfocus.com/bid/2847 Reference: XF:win2k-telnet-domain-authentication(6665) Reference: URL:http://xforce.iss.net/static/6665.php Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Modifications: ADDREF XF:win2k-telnet-domain-authentication(6665) DESC Added details. INFERRED ACTION: CAN-2001-0347 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Stracener, Wall, Foat, Cole MODIFY(2) Balinsky, Frech Voter Comments: Balinsky> Instead of "determine Guest accounts" say "access accounts, such as Guest, for which they know the password" Frech> XF:win2k-telnet-domain-authentication(6665) ====================================================== Candidate: CAN-2001-0348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0348 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010516 Category: SF Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: XF:win2k-telnet-username-dos(6666) Reference: URL:http://xforce.iss.net/static/6666.php Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. Modifications: ADDREF XF:win2k-telnet-username-dos(6666) ADDREF BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server ADDREF CIAC:L-092 INFERRED ACTION: CAN-2001-0348 ACCEPT (7 accept, 3 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:win2k-telnet-username-dos(6666) ====================================================== Candidate: CAN-2001-0351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0351 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010516 Category: SF Reference: MS:MS01-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp Reference: CIAC:L-092 Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml Reference: XF:win2k-telnet-system-call-dos(6669) Reference: URL:http://xforce.iss.net/static/6669.php Reference: BID:2846 Reference: URL:http://www.securityfocus.com/bid/2846 Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. Modifications: ADDREF XF:win2k-telnet-system-call-dos(6669) ADDREF BID:2846 ADDREF CIAC:L-092 INFERRED ACTION: CAN-2001-0351 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:win2k-telnet-system-call-dos(6669) ====================================================== Candidate: CAN-2001-0353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0353 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010727 Assigned: 20010523 Category: SF Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon Reference: URL:http://xforce.iss.net/alerts/advise80.php Reference: SUN:00206 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206 Reference: CERT:CA-2001-15 Reference: URL:http://www.cert.org/advisories/CA-2001-15.html Reference: XF:solaris-lpd-bo(6718) Reference: URL:http://xforce.iss.net/static/6718.php Reference: BID:2894 Reference: URL:http://www.securityfocus.com/bid/2894 Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. Modifications: ADDREF XF:solaris-lpd-bo(6718) ADDREF BID:2894 ADDREF CERT:CA-2001-15 ADDREF SUN:00206 INFERRED ACTION: CAN-2001-0353 ACCEPT (3 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Stracener, Cole MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:solaris-lpd-bo(6718) Christey> BID:2894 http://www.securityfocus.com/bid/2894 Christey> CERT:CA-2001-15 URL:http://www.cert.org/advisories/CA-2001-15.html SUN:00206 ====================================================== Candidate: CAN-2001-0361 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0361 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2 Reference: CIAC:L-047 Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml Reference: FREEBSD:FreeBSD-SA-01:24 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc Reference: DEBIAN:DSA-027 Reference: URL:http://www.debian.org/security/2001/dsa-027 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: URL:http://www.cisc.com/warp/public/707/SSH-multiple-pub.html Reference: SUSE:SuSE-SA:2001:04 Reference: URL:http://www.suse.de/de/support/security/adv004_ssh.txt Reference: XF:ssh-session-key-recovery(6082) Reference: URL:http://xforce.iss.net/static/6082.php Reference: BID:2344 Reference: URL:http://www.securityfocus.com/bid/2344 Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. Modifications: DESC Shortened (slightly) ADDREF XF:ssh-session-key-recovery(6082) CHANGEREF [fix] BUGTRAQ ADDREF DEBIAN:DSA-027 ADDREF CIAC:L-047 ADDREF FREEBSD:FreeBSD-SA-01:24 ADDREF CISCO:20010627 Multiple SSH Vulnerabilities ADDREF SUSE:SuSE-SA:2001:04 INFERRED ACTION: CAN-2001-0361 ACCEPT (4 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Oliver MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ssh-session-key-recovery(6082) ====================================================== Candidate: CAN-2001-0368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0368 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal) Reference: URL:http://www.securityfocus.com/archive/1/180644 Reference: BID:2672 Reference: URL:http://www.securityfocus.com/bid/2672 Reference: XF:bearshare-dot-download-files(6481) Reference: URL:http://xforce.iss.net/static/6481.php Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack. Modifications: ADDREF XF:bearshare-dot-download-files(6481) INFERRED ACTION: CAN-2001-0368 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Renaud, Baker, Cole, Williams MODIFY(1) Frech NOOP(3) Ziese, Wall, Oliver Voter Comments: Frech> XF:bearshare-dot-download-files(6481) ====================================================== Candidate: CAN-2001-0377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0377 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html Reference: XF:inframail-post-dos(6297) Reference: URL:http://xforce.iss.net/static/6297.php Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string. Modifications: CHANGEREF [normalize] XF:inframail-post-dos(6297) INFERRED ACTION: CAN-2001-0377 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-2001-0378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0378 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch Reference: XF:bsd-readline-permissions(6586) Reference: URL:http://xforce.iss.net/static/6586.php readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. Modifications: DELREF BUGTRAQ ADDREF XF:bsd-readline-permissions(6586) INFERRED ACTION: CAN-2001-0378 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ziese, Cole MODIFY(1) Frech NOOP(2) Wall, Oliver Voter Comments: Frech> XF:bsd-readline-permissions(6586) BUGTRAQ reference is actually from OpenBSD-Security mailing list. ====================================================== Candidate: CAN-2001-0379 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0379 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: HP:HPSBUX0103-147 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html Reference: XF:hp-newgrp-additional-privileges(6282) Reference: URL:http://xforce.iss.net/static/6282.php Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. Modifications: ADDREF XF:hp-newgrp-additional-privileges(6282) INFERRED ACTION: CAN-2001-0379 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:hp-newgrp-additional-privileges(6282) ====================================================== Candidate: CAN-2001-0383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0383 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010401 Php-nuke exploit... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes Reference: XF:php-nuke-url-redirect(6342) Reference: URL:http://xforce.iss.net/static/6342.php Reference: BID:2544 Reference: URL:http://www.securityfocus.com/bid/2544 banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. Modifications: DESC fix typo: "URL's" ADDREF XF:php-nuke-url-redirect(6342) ADDREF BID:2544 INFERRED ACTION: CAN-2001-0383 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:php-nuke-url-redirect(6342) In description, URL's should be URLs (it is not possessive). Christey> I'll "own up" to the URL's typo (pun intended). ====================================================== Candidate: CAN-2001-0387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0387 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010412 HylaFAX vulnerability Reference: URL:http://www.securityfocus.com/archive/1/175963 Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html Reference: FREEBSD:FreeBSD-SA-01:34 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html Reference: SUSE:SuSE-SA:2001:15 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html Reference: MANDRAKE:MDKSA-2001:041 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3 Reference: BID:2574 Reference: URL:http://www.securityfocus.com/bid/2574 Reference: XF:hylafax-hfaxd-format-string(6377) Reference: URL:http://xforce.iss.net/static/6377.php Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. Modifications: ADDREF XF:hylafax-hfaxd-format-string(6377) INFERRED ACTION: CAN-2001-0387 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Baker, Cole, Williams MODIFY(1) Frech NOOP(2) Wall, Renaud Voter Comments: Frech> XF:hylafax-hfaxd-format-string(6377) ====================================================== Candidate: CAN-2001-0388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0388 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: FREEBSD:FreeBSD-SA-01:28 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc Reference: MANDRAKE:MDKSA-2001:034 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3 Reference: SUSE:SuSE-SA:2001:07 Reference: URL:http://www.suse.de/de/support/security/2001_007_nkitserv.txt Reference: XF:timed-remote-dos(6228) Reference: URL:http://xforce.iss.net/static/6228.php time server daemon timed allows remote attackers to cause a denial of service via malformed packets. Modifications: CHANGEREF [normalize] XF:timed-remote-dos(6228) INFERRED ACTION: CAN-2001-0388 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Baker, Cole, Frech, Oliver NOOP(1) Wall ====================================================== Candidate: CAN-2001-0402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0402 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2 Reference: FREEBSD:FreeBSD-SA-01:32 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html Reference: XF:ipfilter-access-ports(6331) Reference: URL:http://xforce.iss.net/static/6331.php IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. Modifications: ADDREF XF:ipfilter-access-ports(6331) INFERRED ACTION: CAN-2001-0402 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ipfilter-access-ports(6331) ====================================================== Candidate: CAN-2001-0405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0405 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html Reference: REDHAT:RHSA-2001:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html Reference: MANDRAKE:MDKSA-2001:071 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3 Reference: BID:2602 Reference: URL:http://www.securityfocus.com/bid/2602 Reference: XF:linux-netfilter-iptables(6390) Reference: URL:http://xforce.iss.net/static/6390.php ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. Modifications: ADDREF XF:linux-netfilter-iptables(6390) ADDREF MANDRAKE:MDKSA-2001:071 INFERRED ACTION: CAN-2001-0405 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Prosser, Baker, Cole, Williams MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-netfilter-iptables(6390) Prosser> http://www.linux-mandrake.com/en/security/mdk-updates.php3?dis=8.0 Additional reference: http://www.tempest.com.br/advisories/01-2001.html ====================================================== Candidate: CAN-2001-0408 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0408 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: MANDRAKE:MDKSA-2001:035 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3 Reference: REDHAT:RHSA-2001:008 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html Reference: SUSE:SuSE-SA:2001:12 Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt Reference: CALDERA:CSSA-2001-014.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt Reference: BUGTRAQ:20010329 Immunix OS Security update for vim Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2 Reference: BID:2510 Reference: URL:http://www.securityfocus.com/bid/2510 Reference: XF:vim-elevate-privileges(6259) Reference: URL:http://xforce.iss.net/static/6259.php vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0408 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0409 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0409 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: SUSE:SuSE-SA:2001:12 Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt Reference: CALDERA:CSSA-2001-014.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt Reference: XF:vim-tmp-symlink(6628) Reference: URL:http://xforce.iss.net/static/6628.php vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. Modifications: ADDREF XF:vim-tmp-symlink(6628) DESC fix typo INFERRED ACTION: CAN-2001-0409 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:vim-tmp-symlink(6628) In description, writeable should be writable. ====================================================== Candidate: CAN-2001-0412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0412 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml Reference: BID:2559 Reference: URL:http://www.securityfocus.com/bid/2559 Reference: XF:cisco-css-elevate-privileges(6322) Reference: URL:http://xforce.iss.net/static/6322.php Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. Modifications: ADDREF XF:cisco-css-elevate-privileges(6322) ADDREF BID:2559 INFERRED ACTION: CAN-2001-0412 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-css-elevate-privileges(6322) ====================================================== Candidate: CAN-2001-0413 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0413 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2 Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2 Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html Reference: BUGTRAQ:20010409 BINTEC X1200 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2 Reference: XF:bintec-x4000-nmap-dos(6323) Reference: URL:http://xforce.iss.net/static/6323.php BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang. Modifications: ADDREF XF:bintec-x4000-nmap-dos(6323) INFERRED ACTION: CAN-2001-0413 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bintec-x4000-nmap-dos(6323) ====================================================== Candidate: CAN-2001-0414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0414 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2 Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2 Reference: REDHAT:RHSA-2001:045 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html Reference: CALDERA:CSSA-2001-013 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt Reference: MANDRAKE:MDKSA-2001:036 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3 Reference: DEBIAN:DSA-045 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2 Reference: NETBSD:NetBSD-SA2001-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc Reference: SUSE:SuSE-SA:2001:10 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html Reference: CONECTIVA:CLA-2001:392 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392 Reference: FREEBSD:FreeBSD-SA-01:31 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc Reference: SCO:SSE073 Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr Reference: SCO:SSE074 Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2 Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2 Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2 Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2 Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html Reference: BID:2540 Reference: URL:http://www.securityfocus.com/bid/2540 Reference: XF:ntpd-remote-bo(6321) Reference: URL:http://xforce.iss.net/static/6321.php Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. Modifications: ADDREF XF:ntpd-remote-bo(6321) INFERRED ACTION: CAN-2001-0414 ACCEPT (5 accept, 6 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Baker, Bollinger, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ntpd-remote-bo(6321) ====================================================== Candidate: CAN-2001-0427 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0427 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml Reference: XF:cisco-vpn-telnet-dos(6298) Reference: URL:http://xforce.iss.net/static/6298.php Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0427 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0428 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0428 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml Reference: BID:2573 Reference: URL:http://www.securityfocus.com/bid/2573 Reference: XF:cisco-vpn-ip-dos(6360) Reference: URL:http://xforce.iss.net/static/6360.php Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. Modifications: ADDREF XF:cisco-vpn-ip-dos(6360) INFERRED ACTION: CAN-2001-0428 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-vpn-ip-dos(6360) ====================================================== Candidate: CAN-2001-0429 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0429 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml Reference: CIAC:L-072 Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml Reference: BID:2604 Reference: URL:http://www.securityfocus.com/bid/2604 Reference: XF:cisco-catalyst-8021x-dos(6379) Reference: URL:http://xforce.iss.net/static/6379.php Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. Modifications: ADDREF XF:cisco-catalyst-8021x-dos(6379) ADDREF CIAC:L-072 INFERRED ACTION: CAN-2001-0429 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-catalyst-8021x-dos(6379) ====================================================== Candidate: CAN-2001-0430 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0430 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: DEBIAN:DSA-046 Reference: URL:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html Reference: XF:exuberant-ctags-symlink(6388) Reference: URL:http://xforce.iss.net/static/6388.php Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. Modifications: ADDREF XF:exuberant-ctags-symlink(6388) DESC slight rewording INFERRED ACTION: CAN-2001-0430 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:exuberant-ctags-symlink(6388) In description, a more proper grammar would be "insecurely creates temporary files." ====================================================== Candidate: CAN-2001-0434 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0434 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: COMPAQ:SSRT0716 Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml Reference: XF:compaq-activex-dos(6355) Reference: URL:http://xforce.iss.net/static/6355.php The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service. Modifications: ADDREF XF:compaq-activex-dos(6355) INFERRED ACTION: CAN-2001-0434 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:compaq-activex-dos(6355) ====================================================== Candidate: CAN-2001-0436 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0436 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html Reference: CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html Reference: XF:dcforum-az-expr(6392) Reference: URL:http://xforce.iss.net/static/6392.php Reference: BID:2611 Reference: URL:http://www.securityfocus.com/bid/2611 dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. Modifications: ADDREF XF:dcforum-az-expr(6392) CONTENT-DECISIONS: SF-LOC INFERRED ACTION: CAN-2001-0436 ACCEPT_ACK (2 accept, 1 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Ziese, Wall, Cole Voter Comments: Frech> XF:dcforum-az-expr(6392) ====================================================== Candidate: CAN-2001-0437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0437 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html Reference: CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html Reference: BID:2611 Reference: URL:http://www.securityfocus.com/bid/2611 Reference: XF:dcforum-az-file-upload(6393) Reference: URL:http://xforce.iss.net/static/6393.php upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. Modifications: ADDREF XF:dcforum-az-file-upload(6393) CONTENT-DECISIONS: SF-LOC INFERRED ACTION: CAN-2001-0437 ACCEPT (4 accept, 1 ack, 0 review) HAS_CDS Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:dcforum-az-file-upload(6393) ====================================================== Candidate: CAN-2001-0439 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0439 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CONECTIVA:CLA-2001:389 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389 Reference: MANDRAKE:MDKSA-2001:032 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3 Reference: FREEBSD:FreeBSD-SA-01:35 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html Reference: XF:licq-url-execute-commands(6261) Reference: URL:http://xforce.iss.net/static/6261.php licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0439 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0440 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0440 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CONECTIVA:CLA-2001:389 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389 Reference: MANDRAKE:MDKSA-2001:032 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3 Reference: FREEBSD:FreeBSD-SA-01:35 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html Reference: REDHAT:RHSA-2001:022 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html Reference: XF:licq-logging-bo(6645) Reference: URL:http://xforce.iss.net/static/6645.php Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. Modifications: ADDREF XF:licq-logging-bo(6645) ADDREF REDHAT:RHSA-2001:022 INFERRED ACTION: CAN-2001-0440 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:licq-logging-bo(6645) ====================================================== Candidate: CAN-2001-0455 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0455 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml Reference: XF:cisco-aironet-web-access(6200) Reference: URL:http://xforce.iss.net/static/6200.php Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0455 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(2) Oliver, Wall ====================================================== Candidate: CAN-2001-0456 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0456 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: CF Reference: DEBIAN:DSA-032 Reference: URL:http://www.debian.org/security/2001/dsa-032 Reference: XF:proftpd-postinst-root(6208) Reference: URL:http://xforce.iss.net/static/6208.php postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0456 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0457 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0457 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: Reference: DEBIAN:DSA-035 Reference: URL:http://www.debian.org/security/2001/dsa-035 Reference: XF:man2html-remote-dos(6211) Reference: URL:http://xforce.iss.net/static/6211.php man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0457 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0462 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0462 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010424 Advisory for perl webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html Reference: XF:perl-webserver-directory-traversal(6451) Reference: URL:http://xforce.iss.net/static/6451.php Reference: BID:2648 Reference: URL:http://www.securityfocus.com/bid/2648 Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Modifications: ADDREF XF:perl-webserver-directory-traversal(6451) INFERRED ACTION: CAN-2001-0462 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Williams MODIFY(1) Frech NOOP(3) Ziese, Wall, Balinsky Voter Comments: Frech> XF:perl-webserver-directory-traversal(6451) ====================================================== Candidate: CAN-2001-0465 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0465 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010405 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2 Reference: CONFIRM:http://www.turbotax.com/atr/update/ Reference: XF:turbotax-save-passwords(6622) Reference: URL:http://xforce.iss.net/static/6622.php TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. Modifications: ADDREF XF:turbotax-save-passwords(6622) INFERRED ACTION: CAN-2001-0465 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:turbotax-save-passwords(6622) ====================================================== Candidate: CAN-2001-0467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0467 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server Reference: URL:http://www.securityfocus.com/archive/1/178935 Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt Reference: BID:2643 Reference: URL:http://www.securityfocus.com/bid/2643 Reference: XF:viking-dot-directory-traversal(6450) Reference: URL:http://xforce.iss.net/static/6450.php Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. Modifications: ADDREF CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt ADDREF XF:viking-dot-directory-traversal(6450) INFERRED ACTION: CAN-2001-0467 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Baker, Balinsky, Williams MODIFY(1) Frech NOOP(3) Ziese, Wall, Cole Voter Comments: Balinsky> http://www.robtex.com/files/viking/beta/chglog.txt Beta change logs acknowledge the exploit (and its author). Frech> XF:viking-dot-directory-traversal(6450) CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt (specifically: "-382 \...\-exploit fix (thanks to Joe Testa http://hogs.rit.edu/~joet )") ====================================================== Candidate: CAN-2001-0469 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0469 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: FREEBSD:FreeBSD-SA-01:29 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html Reference: BID:2473 Reference: URL:http://www.securityfocus.com/bid/2473 Reference: XF:rwhod-remote-dos(6229) Reference: URL:http://xforce.iss.net/static/6229.php rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0469 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(2) Oliver, Wall ====================================================== Candidate: CAN-2001-0473 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0473 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: MANDRAKE:MDKSA-2001-031 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3 Reference: REDHAT:RHSA-2001:029 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2 Reference: CONECTIVA:CLA-2001:385 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385 Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html Reference: XF:mutt-imap-format-string(6235) Reference: URL:http://xforce.iss.net/static/6235.php Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0473 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0474 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0474 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: MANDRAKE:MDKSA-2001:029 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3 Reference: XF:mesa-utahglx-symlink(6231) Reference: URL:http://xforce.iss.net/static/6231.php Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0474 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Ziese, Baker, Cole NOOP(2) Oliver, Wall ====================================================== Candidate: CAN-2001-0475 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0475 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html Reference: BID:2474 Reference: URL:http://www.securityfocus.com/bid/2474 Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839 Reference: XF:vbulletin-php-elevate-privileges(6237) Reference: URL:http://xforce.iss.net/static/6237.php index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. Modifications: CHANGEREF [normalize] XF INFERRED ACTION: CAN-2001-0475 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Oliver, Ziese, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2001-0481 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0481 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: MANDRAKE:MDKSA-2001:043 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3 Reference: XF:linux-rpmdrake-temp-file(6494) Reference: URL:http://xforce.iss.net/static/6494.php Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. Modifications: ADDREF XF:linux-rpmdrake-temp-file(6494) INFERRED ACTION: CAN-2001-0481 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Ziese, Renaud, Baker, Cole, Williams MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-rpmdrake-temp-file(6494) ====================================================== Candidate: CAN-2001-0482 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0482 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: CF Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0485.html Reference: XF:pitbull-lx-modify-kernel(6623) Reference: URL:http://xforce.iss.net/static/6623.php Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl. Modifications: ADDREF XF:pitbull-lx-modify-kernel(6623) INFERRED ACTION: CAN-2001-0482 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ziese, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:pitbull-lx-modify-kernel(6623) ====================================================== Candidate: CAN-2001-0486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0486 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: VULN-DEV:20010402 (no subject) Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2 Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html Reference: BID:2623 Reference: URL:http://www.securityfocus.com/bid/2623 Reference: XF:bordermanager-vpn-syn-dos(6429) Reference: URL:http://xforce.iss.net/static/6429.php Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. Modifications: ADDREF XF:bordermanager-vpn-syn-dos(6429) INFERRED ACTION: CAN-2001-0486 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bordermanager-vpn-syn-dos(6429) ====================================================== Candidate: CAN-2001-0488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0488 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: HP:HPSBUX0104-149 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0018.html Reference: BID:2646 Reference: URL:http://www.securityfocus.com/bid/2646 Reference: XF:hp-pcltotiff-insecure-permissions(6447) Reference: URL:http://xforce.iss.net/static/6447.php pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. Modifications: ADDREF XF:hp-pcltotiff-insecure-permissions(6447) INFERRED ACTION: CAN-2001-0488 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Baker, Cole, Williams MODIFY(1) Frech NOOP(3) Wall, Renaud, Balinsky Voter Comments: Balinsky> Ziese already voted for Cisco, but the bugtraq link is a vendor acknowledgement. Frech> XF:hp-pcltotiff-insecure-permissions(6447) ====================================================== Candidate: CAN-2001-0489 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0489 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: VULN-DEV:20010417 gftp exploitable? Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html Reference: REDHAT:RHSA-2001:053 Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html Reference: MANDRAKE:MDKSA-2001-044 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0509.html Reference: DEBIAN:DSA-057 Reference: URL:http://www.debian.org/security/2001/dsa-057 Reference: BID:2657 Reference: URL:http://www.securityfocus.com/bid/2657 Reference: XF:gftp-format-string(6478) Reference: URL:http://xforce.iss.net/static/6478.php Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands. Modifications: ADDREF XF:gftp-format-string(6478) ADDREF DEBIAN:DSA-057 ADDREF BID:2657 ADDREF VULN-DEV:20010417 gftp exploitable? INFERRED ACTION: CAN-2001-0489 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Baker, Cole, Williams MODIFY(1) Frech NOOP(3) Wall, Renaud, Christey Voter Comments: Christey> Add VULN-DEV reference? http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html Frech> XF:gftp-format-string(6478) ====================================================== Candidate: CAN-2001-0494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0494 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html Reference: XF:ipswitch-imail-smtp-bo(6445) Reference: URL:http://xforce.iss.net/static/6445.php Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. Modifications: ADDREF XF:ipswitch-imail-smtp-bo(6445) INFERRED ACTION: CAN-2001-0494 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Oliver, Renaud, Baker, Williams MODIFY(1) Frech NOOP(3) Ziese, Wall, Cole Voter Comments: Oliver> Identified in news section of vendor's home page. Frech> XF:ipswitch-imail-smtp-bo(6445) ====================================================== Candidate: CAN-2001-0495 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0495 Final-Decision: Interim-Decision: 20010911 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html Reference: BID:2660 Reference: URL:http://www.securityfocus.com/bid/2660 Reference: XF:webxq-dot-directory-traversal(6466) Reference: URL:http://xforce.iss.net/static/6466.php Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. Modifications: ADDREF XF:webxq-dot-directory-traversal(6466) INFERRED ACTION: CAN-2001-0495 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Baker, Cole, Williams MODIFY(1) Frech NOOP(2) Wall, Renaud Voter Comments: Frech> XF:webxq-dot-directory-traversal(6466)
- Prev by Date: [CVEPRI] CVE Editorial Board Roles, Tasks, and Qualifications
- Next by Date: [PROPOSAL] Cluster LEGACY-CERT - 53 candidates
- Prev by thread: [CVEPRI] CVE Editorial Board Roles, Tasks, and Qualifications
- Next by thread: [PROPOSAL] Cluster LEGACY-CERT - 53 candidates
- Index(es):
