[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1998-B - 54 candidates

I am proposing cluster LEGACY-MISC-1998-B for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1998-B
Description: Legacy candidates announced between 7/3/1998 and 12/29/1998
Size: 54

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: XF:pcm-dos-execute(1430)
Reference: URL:http://xforce.iss.net/static/1430.php

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows
remote attackers to execute arbitrary commands via a long string to
the Agent port (1827), which is handled by smaxagent.exe.

Analysis
----------------
ED_PRI CAN-1999-1147 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2
Reference: XF:ssh-privileged-port-forward(1471)
Reference: URL:http://xforce.iss.net/static/1471.php

SSH 2.0.11 and earlier allows local users to request remote forwarding
from privileged ports without being root.

Analysis
----------------
ED_PRI CAN-1999-1159 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2
Reference: XF:mysql-readable-log-files(1568)
Reference: URL:http://xforce.iss.net/static/1568.php

mysqld in MySQL 3.21 creates log files with world-readable
permissions, which allows local users to obtain passwords for users
who are added to the user database.

Analysis
----------------
ED_PRI CAN-1999-1188 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980807 YA Apache DoS attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2
Reference: BUGTRAQ:19980808 Debian Apache Security Update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2
Reference: BUGTRAQ:19980810 Apache DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2
Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a
denial of service (resource exhaustion) via a large number of MIME
headers with the same name, aka the "sioux" vulnerability.

Analysis
----------------
ED_PRI CAN-1999-1199 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980922 Re: WARNING! SMTP Denial of Service in SLmail ver 3.1
Reference: BUGTRAQ:19980922 WARNING! SMTP Denial of Service in SLmail ver 3.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90649892424117&w=2
Reference: NTBUGTRAQ:19980922 WARNING! SMTP Denial of Service in SLmail ver 3.1
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90650438826447&w=2
Reference: XF:slmail-parens-overload(1664)
Reference: URL:http://xforce.iss.net/static/1664.php

SMTP server in SLmail 3.1 and earlier allows remote attackers to cause
a denial of service via malformed commands whose arguments begin with
a "(" (parenthesis) character, such as (1) SEND, (2) VRFY, (3) EXPN,
(4) MAIL FROM, (5) RCPT TO.

Analysis
----------------
ED_PRI CAN-1999-1265 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: ISS:19980901 Remote Buffer Overflow in the Kolban Webcam32 Program
Reference: URL:http://xforce.iss.net/alerts/advise7.php
Reference: XF:webcam32-buffer-overflow(1366)
Reference: URL:http://xforce.iss.net/static/1366.php

Buffer overflow in web administration feature of Kolban Webcam32 4.8.3
and earlier allows remote attackers to execute arbitrary commands via
a long URL.

Analysis
----------------
ED_PRI CAN-1999-1292 2
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814

Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could
allow remote attackers to cause a denial of service or execute
arbitrary commands via a long DNS hostname that is not properly
handled during TGT ticket passing.

Analysis
----------------
ED_PRI CAN-1999-1321 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1432
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1432
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2
Reference: BID:160
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=160

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not
start the xlock process until after the sys-suspend has completed,
which allows an attacker with physical access to input characters to
the last active application from the keyboard for a short period after
the system is restoring, which could lead to increased privileges.

Analysis
----------------
ED_PRI CAN-1999-1432 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1433
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1433
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980715 JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2
Reference: BID:157
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=157

HP JetAdmin D.01.09 on Solaris allows local users to change the
permissions of arbitrary files via a symlink attack on the
/tmp/jetadmin.log file.

Analysis
----------------
ED_PRI CAN-1999-1433 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1437
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2
Reference: BID:151
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=151

ePerl 2.2.12 allows remote attackers to read arbitrary files and
possibly execute certain commands by specifying a full pathname of the
target file as an argument to bar.phtml.

Analysis
----------------
ED_PRI CAN-1999-1437 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1447
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1447
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980728 Object tag crashes Internet Explorer 4.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526169&w=2

Internet Explorer 4.0 allows remote attackers to cause a denial of
service (crash) via HTML code that contains a long CLASSID parameter
in an OBJECT tag.

Analysis
----------------
ED_PRI CAN-1999-1447 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1020
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980918 NMRC Advisory - Default NDS Rights
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90613355902262&w=2
Reference: BID:484
Reference: URL:http://www.securityfocus.com/bid/484
Reference: XF:novell-nds(1364)
Reference: URL:http://xforce.iss.net/static/1364.php

The installation of Novell Netware NDS 5.99 provides an
unauthenticated client with Read access for the tree, which allows
remote attackers to access sensitive information such as users,
groups, and readable objects via CX.EXE and NLIST.EXE.

Analysis
----------------
ED_PRI CAN-1999-1020 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980925 Globetrotter  FlexLM 'lmdown' bogosity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90675672323825&w=2

The default configuration of FLEXlm license manager 6.0d, and possibly
other versions, allows remote attackers to shut down the server via
the lmdown command.

Analysis
----------------
ED_PRI CAN-1999-1054 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980725 Annex DoS
Reference: URL:http://www.securityfocus.com/archive/1/10021

Buffer overflow in ping CGI program in Xylogics Annex terminal service
allows remote attackers to cause a denial of service via a long query
parameter.

Analysis
----------------
ED_PRI CAN-1999-1070 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2
Reference: XF:excite-world-write(1417)
Reference: URL:http://xforce.iss.net/static/1417.php

Excite for Web Servers (EWS) 1.1 installs the Architext.conf
authentication file with world-writeable permissions, which allows
local users to gain access to Excite accounts by modifying the file.

Analysis
----------------
ED_PRI CAN-1999-1071 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2

Excite for Web Servers (EWS) 1.1 allows local users to gain privileges
by obtaining the encrypted password from the world-readable
Architext.conf authentication file and replaying the encrypted
password in an HTTP request to AT-generated.cgi or AT-admin.cgi.

Analysis
----------------
ED_PRI CAN-1999-1072 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2

Excite for Web Servers (EWS) 1.1 records the first two characters of a
plaintext password in the beginning of the encrypted password, which
makes it easier for an attacker to guess passwords via a brute force
or dictionary attack.

Analysis
----------------
ED_PRI CAN-1999-1073 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-kppp-path-bo(1650)
Reference: URL:http://xforce.iss.net/static/1650.php

Buffer overflow in kppp in KDE allows local users to gain root access
via a long PATH environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1107 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

The kppp/long PATH and kppp/-c parameter may need to be merged per
CD:SF-LOC, but they were discovered 6 months apart, and may have been
patched in the interim.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-kppp-path-bo(1650)
Reference: URL:http://xforce.iss.net/static/1650.php

Buffer overflow in kppp in KDE allows local users to gain root access
via a long PATH environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1108 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

The kppp/long PATH and kppp/-c parameter may need to be merged per
CD:SF-LOC, but they were discovered 6 months apart, and may have been
patched in the interim.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1124
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://packetstorm.securify.com/mag/phrack/phrack54/P54-08

HTTP Client application in ColdFusion allows remote attackers to
bypass access restrictions for web pages on other ports by providing
the target page to the mainframeset.cfm application, which requests
the page from the server, making it look like the request is coming
from the local host.

Analysis
----------------
ED_PRI CAN-1999-1124 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1149
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980716 S.A.F.E.R. Security Bulletin 980708.DOS.1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525993&w=2
Reference: XF:csm-proxy-dos(1422)
Reference: URL:http://xforce.iss.net/static/1422.php

Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a
denial of service (crash) via a long string to the FTP port.

Analysis
----------------
ED_PRI CAN-1999-1149 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/11175
Reference: XF:cgi-perl-mail-programs(1400)
Reference: URL:http://xforce.iss.net/static/1400.php

HAMcards Postcard CGI script 1.0 allows remote attackers to execute
arbitrary commands via shell metacharacters in the recipient email
address.

Analysis
----------------
ED_PRI CAN-1999-1153 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/11175
Reference: MISC:http://lakeweb.com/scripts/
Reference: XF:cgi-perl-mail-programs(1400)
Reference: URL:http://xforce.iss.net/static/1400.php

LakeWeb Filemail CGI script allows remote attackers to execute
arbitrary commands via shell metacharacters in the recipient email
address.

Analysis
----------------
ED_PRI CAN-1999-1154 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1155
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/11175
Reference: MISC:http://lakeweb.com/scripts/
Reference: XF:cgi-perl-mail-programs(1400)
Reference: URL:http://xforce.iss.net/static/1400.php

LakeWeb Mail List CGI script allows remote attackers to execute
arbitrary commands via shell metacharacters in the recipient email
address.

Analysis
----------------
ED_PRI CAN-1999-1155 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1173
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981218 wordperfect 8 for linux security
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91404045014047&w=2

Corel Word Perfect 8 for Linux creates a temporary working directory
with world-writable permissions, which allows local users to (1)
modify Word Perfect behavior by modifying files in the working
directory, or (2) modify files of other users via a symlink attack.

Analysis
----------------
ED_PRI CAN-1999-1173 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1174
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.counterpane.com/crypto-gram-9812.html#doghouse

ZIP drive for Iomega ZIP-100 disks allows attackers with physical
access to the drive to bypass password protection by inserting a known
disk with a known password, waiting for the ZIP drive to power down,
manually replacing the known disk with the target disk, and using the
known password to access the target disk.

Analysis
----------------
ED_PRI CAN-1999-1174 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1200
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19980720 DOS in Vintra systems Mailserver software.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131610&w=2
Reference: XF:vintra-mail-dos(1617)
Reference: URL:http://xforce.iss.net/static/1617.php

Vintra SMTP MailServer allows remote attackers to cause a denial of
service via a malformed "EXPN *@" command.

Analysis
----------------
ED_PRI CAN-1999-1200 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1202
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1202
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980703 Windows95 Proxy DoS Vulnerabilites
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525873&w=2
Reference: XF:startech-pop3-overflow(2088)
Reference: URL:http://xforce.iss.net/static/2088.php

StarTech (1) POP3 proxy server and (2) telnet server allows remote
attackers to cause a denial of service via a long USER command.

Analysis
----------------
ED_PRI CAN-1999-1202 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1228
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1228
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980927 1+2=3, +++ATH0=Old school DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90695973308453&w=2
Reference: MISC:http://www.macintouch.com/modemsecurity.html
Reference: XF:global-village-modem-dos(3320)
Reference: URL:http://xforce.iss.net/static/3320.php

Various modems that do not implement a guard time, or are configured
with a guard time of 0, can allow remote attackers to execute
arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence
that appears in ICMP packets, the subject of an e-mail message, IRC
commands, and others.

Analysis
----------------
ED_PRI CAN-1999-1228 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://lists.kde.org/?l=kde-devel&m=90221974029738&w=2
Reference: XF:kde-kmail-passphrase-leak(1639)
Reference: URL:http://xforce.iss.net/static/1639.php

KMail in KDE 1.0 provides a PGP passphrase as a command line argument
to other programs, which could allow local users to obtain the
passphrase and compromise the PGP keys of other users by viewing the
arguments via programs that list process information, such as ps.

Analysis
----------------
ED_PRI CAN-1999-1270 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19981224 BackWeb - Password issue (used by NAI for Corporate customer notification).
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91487886514546&w=2
Reference: XF:backweb-cleartext-passwords(1565)
Reference: URL:http://xforce.iss.net/static/1565.php

BackWeb client stores the username and password in cleartext for proxy
authentication in the Communication registry key, which could allow
other local users to gain privileges by reading the password.

Analysis
----------------
ED_PRI CAN-1999-1277 3
Vendor Acknowledgement:

A followup indicates thata nother person was not able to replicate the
problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981225 Re: Nlog v1.0 Released - Nmap 2.x log management / analyzing tool
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91470326629357&w=2
Reference: BUGTRAQ:19981226 Nlog 1.1b released - security holes fixed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91471400632145&w=2
Reference: XF:http-cgi-nlog-netbios(1550)
Reference: URL:http://xforce.iss.net/static/1550.php
Reference: XF:http-cgi-nlog-metachars(1549)

nlog CGI scripts do not properly filter shell metacharacters from the
IP address argument, which could allow remote attackers to execute
certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl.

Analysis
----------------
ED_PRI CAN-1999-1278 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-EXEC, SF-LOC

The notes for version 1.1 say "Fixed all the IP checking routines by
calling checkip()," but a followup poster described an incomplete
cleansing operation that didn't filter out ";" characters; if that
code appeared in checkip() and checkip() was newly created for version
1.1, then one could argue that 1.1 contained an incompletely fixed
bug, so the problem fixed in 1.1b was really the same as in 1.1.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1280
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981203 Remote Tools w/Exceed v.6.0.1.0 fer 95
Reference: URL:http://www.securityfocus.com/archive/1/11512
Reference: XF:exceed-cleartext-passwords(1547)
Reference: URL:http://xforce.iss.net/static/1547.php

Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant
for development and testing, which logs user names and passwords in
cleartext in the test.log file.

Analysis
----------------
ED_PRI CAN-1999-1280 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981226 Breeze Network Server remote reboot and other bogosity.
Reference: URL:http://www.securityfocus.com/archive/1/11720
Reference: XF:breeze-remote-reboot(1544)
Reference: URL:http://xforce.iss.net/static/1544.php

Development version of Breeze Network Server allows remote attackers
to cause the system to reboot by accessing the configbreeze CGI
program.

Analysis
----------------
ED_PRI CAN-1999-1281 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

A followup by the vendor indicates that the affected version of the
product was done under a limited release within the development and
testing cycle. As such, it was effectively a beta product that did not
reach wide distribution. Thus CD:EX-BETA says that this item should
not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981210 RealSystem passwords
Reference: URL:http://www.securityfocus.com/archive/1/11543
Reference: XF:realsystem-readable-conf-file(1542)
Reference: URL:http://xforce.iss.net/static/1542.php

RealSystem G2 server stores the administrator password in cleartext in
a world-readable configuration file, which allows local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-1999-1282 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980814 URL exploit to crash Opera Browser
Reference: URL:http://www.securityfocus.com/archive/1/10320
Reference: XF:opera-slash-crash(1541)
Reference: URL:http://xforce.iss.net/static/1541.php

Opera 3.2.1 allows remote attackers to cause a denial of service
(application crash) via a URL that contains an extra / in the http://
tag.

Analysis
----------------
ED_PRI CAN-1999-1283 3
Vendor Acknowledgement:
Content Decisions: EX-CLIENT-DOS

CD:EX-CLIENT-DOS states that a denial-of-service problem that only
extends to the client itself, which requires a passive attack, should
not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Reference: URL:http://www.securityfocus.com/archive/1/11131
Reference: XF:nukenabber-timeout-dos(1540)
Reference: URL:http://xforce.iss.net/static/1540.php

NukeNabber allows remote attackers to cause a denial of service by
connecting to the NukeNabber port (1080) without sending any data,
which causes the CPU usage to rise to 100% from the report.exe program
that is executed upon the connection.

Analysis
----------------
ED_PRI CAN-1999-1284 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981227 [patch] fix for urandom read(2) not interruptible
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495921611500&w=2
Reference: XF:linux-random-read-dos(1472)
Reference: URL:http://xforce.iss.net/static/1472.php

Linux 2.1.132 and earlier allows local users to cause a denial of
service (resource exhaustion) by reading a large buffer from a random
device (e.g. /dev/urandom), which cannot be interrupted until the read
has completed.

Analysis
----------------
ED_PRI CAN-1999-1285 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981111 WARNING: Another ICQ IP address vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/11233
Reference: XF:icq-ip-info(1398)
Reference: URL:http://xforce.iss.net/static/1398.php

ICQ 98 beta on Windows NT leaks the internal IP address of a client in
the TCP data segment of an ICQ packet instead of the public address
(e.g. through NAT), which provides remote attackers with potentially
sensitive information about the client or the internal network
configuration.

Analysis
----------------
ED_PRI CAN-1999-1289 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981005 New Windows Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/10789
Reference: XF:nt-brkill(1383)
Reference: URL:http://xforce.iss.net/static/1383.php

TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and
possibly others, allows remote attackers to reset connections by
forcing a reset (RST) via a PSH ACK or other means, obtaining the
target's last sequence number from the resulting packet, then spoofing
a reset to the target.

Analysis
----------------
ED_PRI CAN-1999-1291 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19981112 exchverify.log
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91096758513985&w=2
Reference: NTBUGTRAQ:19981117 Re: exchverify.log - update #1
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91133714919229&w=2
Reference: NTBUGTRAQ:19981125 Re: exchverify.log - update #2
Reference: NTBUGTRAQ:19981216 Arcserve Exchange Client security issue being fixed
Reference: NTBUGTRAQ:19990305 Cheyenne InocuLAN for Exchange plain text password still there
Reference: NTBUGTRAQ:19990426 ArcServe Exchange Client Security Issue still unresolved

The installation of 1ArcServe Backup and Inoculan AV client modules
for Exchange create a log file, exchverify.log, which contains
usernames and passwords in plaintext.

Analysis
----------------
ED_PRI CAN-1999-1322 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1381
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1381
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981008 buffer overflow in dbadmin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90786656409618&w=2

Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote
attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-1999-1381 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1403
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981002 Several potential security problems in IBM/Tivoli OPC Tracker Age nt
Reference: URL:http://www.securityfocus.com/archive/1/10771
Reference: BID:382
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=382

IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files,
directories, and IPC message queues with insecure permissions
(world-readable and world-writable), which could allow local users to
disrupt operations and possibly gain privileges by modifying or
deleting files.

Analysis
----------------
ED_PRI CAN-1999-1403 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1404
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1404
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981002 Several potential security problems in IBM/Tivoli OPC Tracker Age nt
Reference: URL:http://www.securityfocus.com/archive/1/10771
Reference: BID:382
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=382

IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote
attackers to cause a denial of service (resource exhaustion) via
malformed data to the localtracker client port (5011), which prevents
the connection from being closed properly.

Analysis
----------------
ED_PRI CAN-1999-1404 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1406
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1406
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980729 Crash a redhat 5.1 linux box
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526185&w=2
Reference: BUGTRAQ:19980730 FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526192&w=2
Reference: BID:372
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=372

dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which
allows local users to cause a denial of service (crash) by redirecting
fd 1 (stdout) to the kernel.

Analysis
----------------
ED_PRI CAN-1999-1406 3
Vendor Acknowledgement:

OpenBSD solved the general risk of setuid/setgid programs mis-handling
file descriptors; see
MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch
This is a specific instance. Which one is "correct" and should be in
CVE?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1416
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1416
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980823 Solaris ab2 web server is junk
Reference: URL:http://www.securityfocus.com/archive/1/10383
Reference: BID:253
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=253

AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to
cause a denial of service (resource exhaustion) via an HTTP POST
request with a large content-length.

Analysis
----------------
ED_PRI CAN-1999-1416 3
Vendor Acknowledgement:

It is uncertain from the post whether the MIME content-length header
merely has to have a large number in it, or if the POST must actually
send a large amount of data.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1417
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1417
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980823 Solaris ab2 web server is junk
Reference: URL:http://www.securityfocus.com/archive/1/10383
Reference: BID:253
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=253

Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd
3.1a4 allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via encoded % characters in an
HTTP request, which is improperly logged.

Analysis
----------------
ED_PRI CAN-1999-1417 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1420
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1420
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980720 N-Base Vulnerability Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2
Reference: BUGTRAQ:19980722 N-Base Vulnerability Advisory Followup
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2
Reference: BID:212
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=212

NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door
password that cannot be disabled, which allows remote attackers to
modify the switch's configuration.

Analysis
----------------
ED_PRI CAN-1999-1420 3
Vendor Acknowledgement: yes followup
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1421
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1421
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980720 N-Base Vulnerability Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2
Reference: BUGTRAQ:19980722 N-Base Vulnerability Advisory Followup
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2
Reference: BID:212
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=212

NBase switches NH208 and NH215 run a TFTP server which allows remote
attackers to send software updates to modify the switch or cause a
denial of service (crash) by guessing the target filenames, which have
default names.

Analysis
----------------
ED_PRI CAN-1999-1421 3
Vendor Acknowledgement: yes followup
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1434
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1434
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980713 Slackware Shadow Insecurity
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525951&w=2
Reference: BID:155
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=155

login in Slackware Linux 3.2 through 3.5 does not properly check for
an error when the /etc/group file is missing, which prevents it from
dropping privileges, causing it to assign root privileges to any local
user who logs on to the server.

Analysis
----------------
ED_PRI CAN-1999-1434 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1435
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1435
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980710 socks5 1.0r5 buffer overflow..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525933&w=2
Reference: BID:154
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=154

Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows
local users to gain privileges via long environmental variables.

Analysis
----------------
ED_PRI CAN-1999-1435 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1436
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1436
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980708 WWW Authorization Gateway
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525905&w=2
Reference: BID:152
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=152

Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote
attackers to execute arbitrary commands via shell metacharacters in
the "user" parameter.

Analysis
----------------
ED_PRI CAN-1999-1436 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1448
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1448
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980729 Eudora exploit (was Microsoft Security Bulletin (MS98-008))
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526168&w=2

Eudora and Eudora Light before 3.05 allows remote attackers to cause a
crash and corrupt the user's mailbox via an e-mail message with
certain dates, such as (1) dates before 1970, which cause a Divide By
Zero error, or (2) dates that are 100 years after the current date,
which causes a segmentation fault.

Analysis
----------------
ED_PRI CAN-1999-1448 3
Vendor Acknowledgement:

While the bulk of this problem is related to a client-side DoS, in
some cases the mailbox is corrupted. This problem is therefore beyond
the scope of CD:EX-CLIENT-DOS, which only covers DoS problems that can
be fixed with a restart of the application.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1459
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1459
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: ISS:19981102 BMC PATROL File Creation Vulnerability
Reference: URL:http://xforce.iss.net/alerts/advise10.php
Reference: XF:bmc-patrol-file-create(1388)
Reference: URL:http://xforce.iss.net/static/1388.php
Reference: BID:534
Reference: URL:http://www.securityfocus.com/bid/534

BMC PATROL Agent before 3.2.07 allows local users to gain root
privileges via a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1459 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007