[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1999-C - 77 candidates



I am proposing cluster LEGACY-MISC-1999-C for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1999-C
Description: Legacy candidates announced between 9/1/1999 and 12/31/1999
Size: 77

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2
Reference: XF:gauntlet-bsdi-bypass

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular
order, Gauntlet allows remote attackers to bypass firewall access
restrictions, and does not log the activities.

Analysis
----------------
ED_PRI CAN-1999-1047 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1109
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2
Reference: BID:904
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=904

Sendmail before 8.10.0 allows remote attackers to cause a denial of
service by sending a series of ETRN commands then disconnecting from
the server, while Sendmail continues to process the commands after the
connection has been terminated.

Analysis
----------------
ED_PRI CAN-1999-1109 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2
Reference: BID:786
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=786
Reference: XF:immunix-stackguard-bo(3524)
Reference: URL:http://xforce.iss.net/static/3524.php

Vulnerability in StackGuard before 1.21 allows remote attackers to
bypass the Random and Terminator Canary security mechanisms by using a
non-linear attack which directly modifies a pointer to a return
address instead of using a buffer overflow to reach the return address
entry itself.

Analysis
----------------
ED_PRI CAN-1999-1111 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991022 Local user can send forged packets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options,
allows local unprivileged users to forge IP packets via the TIOCSETD
option on tty devices.

Analysis
----------------
ED_PRI CAN-1999-1341 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1351
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990924 Kvirc bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the
"Listen to !nick <soundname> requests" option enabled allows remote
attackers to read arbitrary files via a .. (dot dot) in a DCC GET
request.

Analysis
----------------
ED_PRI CAN-1999-1351 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1356
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2

Compaq Integration Maintenance Utility as used in Compaq Insight
Manager agent before SmartStart 4.50 modifies the legal notice caption
(LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which
could produce a legal notice that is in violation of the security
policy.

Analysis
----------------
ED_PRI CAN-1999-1356 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1530
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2
Reference: BID:777
Reference: URL:http://www.securityfocus.com/bid/777

cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly
identify the user for running certain scripts, which allows a
malicious site administrator to view or modify data located at another
virtual site on the same system.

Analysis
----------------
ED_PRI CAN-1999-1530 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1531
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2
Reference: BID:763
Reference: URL:http://www.securityfocus.com/bid/763

Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a
malicious Web site to execute arbitrary code on a viewer's system via
a long IMG_SRC HTML tag.

Analysis
----------------
ED_PRI CAN-1999-1531 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1542
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2
Reference: XF:linux-rh-rpmmail(3353)
Reference: URL:http://xforce.iss.net/static/3353.php

RPMMail before 1.4 allows remote attackers to execute commands via an
e-mail message with shell metacharacters in the "MAIL FROM" command.

Analysis
----------------
ED_PRI CAN-1999-1542 2
Vendor Acknowledgement: yes remote

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1548
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BINDVIEW:19991124 Cabletron SmartSwitch Router 8000 Firmware v2.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_Cabletron.html
Reference: BID:821
Reference: URL:http://www.securityfocus.com/bid/841

Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle
200 ARP requests per second allowing a denial of service attack to
succeed with a flood of ARP requests exceeding that limit.

Analysis
----------------
ED_PRI CAN-1999-1548 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1550
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2
Reference: BUGTRAQ:19991109
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2
Reference: BID:778
Reference: URL:http://www.securityfocus.com/bid/778

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to
read arbitrary files by specifying the target file in the "file"
parameter.

Analysis
----------------
ED_PRI CAN-1999-1550 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0679
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010829
Category: SF
Reference: NTBUGTRAQ:19991108 Interscan VirusWall NT 3.23/3.3 buffer overflow.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9911&L=NTBUGTRAQ&P=R2331
Reference: NTBUGTRAQ:19991109 InterScan VirusWall 3.23/3.3 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94216491202063&w=2
Reference: BUGTRAQ:19991108 Patch for VirusWall 3.23.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94204166130782&w=2
Reference: NTBUGTRAQ:19991108 Patch for VirusWall 3.23.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94208143007829&w=2
Reference: XF:viruswall-helo-bo(3465)
Reference: URL:http://xforce.iss.net/static/3465.php

A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote
attacker to execute arbitrary code by sending a long HELO command to
the server.

Analysis
----------------
ED_PRI CAN-2001-0679 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0926
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html

Apache allows remote attackers to conduct a denial of service via a
large number of MIME headers.

Analysis
----------------
ED_PRI CAN-1999-0926 3
Vendor Acknowledgement: yes
Content Decisions: SF-CODEBASE

Followups indicate that people were able to cause the server to slow
down, but not to crash.  So, this may not be a "real" vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BID:673
Reference: URL:http://www.securityfocus.com/bid/673
Reference: BUGTRAQ:19990923 named-xfer hole on AIX (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837026726954&w=2

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group
to overwrite system files to gain root access via the -f parameter and
a malformed zone file.

Analysis
----------------
ED_PRI CAN-1999-1013 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1014
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: URL:http://xforce.iss.net/static/3297.php
Reference: BID:672
Reference: URL:http://www.securityfocus.com/bid/672

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local
users to gain privileges via a long -m argument.

Analysis
----------------
ED_PRI CAN-1999-1014 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991112 FormHandler.cgi
Reference: URL:http://www.securityfocus.com/archive/1/34600
Reference: BUGTRAQ:19991116 Re: FormHandler.cgi
Reference: URL:http://www.securityfocus.com/archive/1/34939
Reference: BID:798
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=798
Reference: BID:799
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=799
Reference: XF:formhandler-cgi-absolute-path(3550)
Reference: URL:http://xforce.iss.net/static/3550.php

Directory traversal vulnerability in Matt Wright FormHandler.cgi
script allows remote attackers to read arbitrary files via (1) a ..
(dot dot) in the reply_message_attach attachment parameter, or (2) by
specifying the filename as a template.

Analysis
----------------
ED_PRI CAN-1999-1050 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19991116 Re: FormHandler.cgi
Reference: URL:http://www.securityfocus.com/archive/1/34939

Default configuration in Matt Wright FormHandler.cgi script allows
arbitrary directories to be used for attachments, and only restricts
access to the /etc/ directory, which allows remote attackers to read
arbitrary files via the reply_message_attach attachment parameter.

Analysis
----------------
ED_PRI CAN-1999-1051 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: VULN-DEV:19990913 Guestbook perl script (long)
Reference: URL:http://www.securityfocus.com/archive/82/27296
Reference: VULN-DEV:19990916 Re: Guestbook perl script (error fix)
Reference: URL:http://www.securityfocus.com/archive/82/27560
Reference: BUGTRAQ:19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2)
Reference: URL:http://www.securityfocus.com/archive/1/33674
Reference: BID:776
Reference: URL:http://www.securityfocus.com/bid/776

guestbook.pl cleanses user-inserted SSI commands by removing text
between "<!--" and "-->" separators, which allows remote attackers to
execute arbitrary commands when guestbook.pl is run on Apache 1.3.9
and possibly other versions, since Apache allows other closing
sequences besides "-->".

Analysis
----------------
ED_PRI CAN-1999-1053 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19991122 Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94337185023159&w=2
Reference: BUGTRAQ:19991122 Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94329968617085&w=2
Reference: XF:vermillion-ftp-cwd-overflow(3543)
Reference: URL:http://xforce.iss.net/static/3543.php
Reference: BID:818
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=818

Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via several long CWD commands.

Analysis
----------------
ED_PRI CAN-1999-1058 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991104 Palm Hotsync vulnerable to DoS attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94175465525422&w=2

Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers
to cause a denial of service, and possibly execute arbitrary commands,
via a long string to port 14238 while the manager is in network mode.

Analysis
----------------
ED_PRI CAN-1999-1065 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991222 Quake "smurf" - Quake War Utils
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94589559631535&w=2

Quake 1 server responds to an initial UDP game connection request with
a large amount of traffic, which allows remote attackers to use the
server as an amplifier in a "Smurf" style attack on another host, by
spoofing the connection request.

Analysis
----------------
ED_PRI CAN-1999-1066 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1076
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991026 Mac OS 9 Idle Lock Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94096348604173&w=2
Reference: BID:745
Reference: URL:http://www.securityfocus.com/bid/745

Idle locking function in MacOS 9 allows local users to bypass the
password protection of idled sessions by selecting the "Log Out"
option and selecting a "Cancel" option in the dialog box for an
application that attempts to verify that the user wants to log out,
which returns the attacker into the locked session.

Analysis
----------------
ED_PRI CAN-1999-1076 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991101 Re: Mac OS 9 Idle Lock Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94149318124548&w=2
Reference: BID:756
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=756

Idle locking function in MacOS 9 allows local attackers to bypass the
password protection of idled sessions via the programmer's switch or
CMD-PWR keyboard sequence, which brings up a debugger that the
attacker can use to disable the lock.

Analysis
----------------
ED_PRI CAN-1999-1077 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1082
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991008 Jana webserver exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93941794201059&w=2
Reference: BID:699
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=699

Directory traversal vulnerability in Jana proxy web server 1.40 allows
remote attackers to ready arbitrary files via a "......" (modified dot
dot) attack.

Analysis
----------------
ED_PRI CAN-1999-1082 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1083
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000502 Security Bug in Jana HTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95730430727064&w=2
Reference: BID:699
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=699

Directory traversal vulnerability in Jana proxy web server 1.45 allows
remote attackers to ready arbitrary files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-1999-1083 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

This is a slightly different exploit than the ...... one for 1.40, but
the versions are different; however, it may be the same bug.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: unknown
Reference: BUGTRAQ:19991117 default permissions for tin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286179032648&w=2

tin 1.40 creates the .tin directory with insecure permissions, which
allows local users to read passwords from the .inputhistory file.

Analysis
----------------
ED_PRI CAN-1999-1092 3
Vendor Acknowledgement:

It's possible that tin inherited the umask of the user; this is not
addressed by the discloser.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories
Reference: URL:http://www.securityfocus.com/archive/1/34675
Reference: BID:793
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=793

Windows Media Player ActiveX object as used in Internet Explorer 5.0
returns a specific error code when a file does not exist, which allows
remote malicious web sites to determine the existence of files on the
client.

Analysis
----------------
ED_PRI CAN-1999-1110 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1112
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991109 Irfan view 3.07 buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/34066
Reference: MISC:http://stud4.tuwien.ac.at/~e9227474/main2.html
Reference: XF:irfan-view32-bo(3549)
Reference: URL:http://xforce.iss.net/static/3549.php
Reference: BID:781
Reference: URL:http://www.securityfocus.com/bid/781

Buffer overflow in IrfanView32 3.07 and earlier allows attackers to
execute arbitrary commands via a long string after the "8BPS" image
type in a Photo Shop image header.

Analysis
----------------
ED_PRI CAN-1999-1112 3
Vendor Acknowledgement: unknown

Under version 3.10, the vendor says "Some PSD bugs are fixed," and
another page indicates that PSD is Photo Shop.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990901 VLAN Security
Reference: URL:http://www.securityfocus.com/archive/1/26008
Reference: MISC:http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm
Reference: XF:cisco-catalyst-vlan-frames(3294)
Reference: URL:http://xforce.iss.net/static/3294.php
Reference: BID:615
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=615

Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers
to inject 802.1q frames into another VLAN by forging the VLAN
identifier in the trunking tag.

Analysis
----------------
ED_PRI CAN-1999-1129 3
Vendor Acknowledgement: unknown

There is some extensive discussion on Bugtraq as to whether the
problem is due to implementation, configuration, or a design flaw in
802.1q itself.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36306
Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36608
Reference: BID:822
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=822

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95
and Windows 98 allows remote attackers to cause a denial of service,
and possibly execute arbitrary commands, via a long argument after the
? character in a URL that references an .asp, .cgi, .html, or .pl
file.

Analysis
----------------
ED_PRI CAN-1999-1189 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html
Reference: BID:801
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=801

Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05
allows remote attackers to execute arbitrary commands via a long
"From" header in an e-mail message.

Analysis
----------------
ED_PRI CAN-1999-1190 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1226
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1226
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
Reference: XF:netscape-huge-key-dos(3436)
Reference: URL:http://xforce.iss.net/static/3436.php

Netscape Communicator 4.7 and earlier allows remote attackers to cause
a denial of service, and possibly execute arbitrary commands, via a
long certificate key.

Analysis
----------------
ED_PRI CAN-1999-1226 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1234
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1234
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991026 Re: LSA vulnerability on NT40 SP5
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94096671308565&w=2
Reference: XF:msrpc-samr-open-dos(3293)
Reference: URL:http://xforce.iss.net/static/3293.php

LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a
denial of service via a NULL policy handle in a call to (1)
SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo.

Analysis
----------------
ED_PRI CAN-1999-1234 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19991001 Vulnerabilities in the Internet Anywhere Mail Server
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9910&L=ntbugtraq&F=&S=&P=662
Reference: BID:731
Reference: URL:http://www.securityfocus.com/bid/731
Reference: XF:iams-passwords-plaintext(3285)
Reference: URL:http://xforce.iss.net/static/3285.php

Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in
the msgboxes.dbf file, which could allow local users to gain
privileges by extracting the passwords from msgboxes.dbf.

Analysis
----------------
ED_PRI CAN-1999-1236 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1340
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991104 hylafax-4.0.2 local exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94173799532589&w=2
Reference: BID:765
Reference: URL:http://www.securityfocus.com/bid/765

Buffer overflow in faxalter in hylafax 4.0.2 allows local users to
gain privileges via a long -m command line argument.

Analysis
----------------
ED_PRI CAN-1999-1340 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1342
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1342
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19991017 ICQ ActiveList Server Exploit...
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94042342010662&w=2

ICQ ActiveList Server allows remote attackers to cause a denial of
service (crash) via malformed packets to the server's UDP port.

Analysis
----------------
ED_PRI CAN-1999-1342 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1343
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1343
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991013 Xerox DocuColor 4 LP D.O.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93986405412867&w=2

HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause
a denial of service (hang) via a long URL that contains a large number
of . characters.

Analysis
----------------
ED_PRI CAN-1999-1343 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1344
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991005 Auto_FTP v0.02 Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923873006014&w=2

Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in
plaintext in the auto_ftp.conf configuration file.

Analysis
----------------
ED_PRI CAN-1999-1344 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1345
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991005 Auto_FTP v0.02 Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923873006014&w=2

Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared
directory with insecure permissions, which allows local users to (1)
send arbitrary files to the remote server by placing them in the
directory, and (2) view files that are being transferred.

Analysis
----------------
ED_PRI CAN-1999-1345 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1346
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991007 Problems with redhat 6 Xsession and pam.d/rlogin.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942774609925&w=2

PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier
includes a less restrictive rule before a more restrictive one, which
allows users to access the host via rlogin even if rlogin has been
explicitly disabled using the /etc/nologin file.

Analysis
----------------
ED_PRI CAN-1999-1346 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1347
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991007 Problems with redhat 6 Xsession and pam.d/rlogin.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942774609925&w=2

Xsession in Red Hat Linux 6.1 and earlier can allow local users with
restricted accounts to bypass execution of the .xsession file by
starting kde, gnome or anotherlevel from kdm.

Analysis
----------------
ED_PRI CAN-1999-1347 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991006 Omni-NFS/X Enterprise  (nfsd.exe) DOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923679004325&w=2

NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to
cause a denial of service (resource exhaustion) via certain packets,
possibly with the Urgent (URG) flag set, to port 111.

Analysis
----------------
ED_PRI CAN-1999-1349 3
Vendor Acknowledgement:

One followup indicated that the problem could not be reproduced.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1350
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990929 Multiple Vendor ARCAD permission problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93871933521519&w=2

ARCAD Systemhaus 0.078-5 installs critical programs and files with
world-writeable permissions, which could allow local users to gain
privileges by replacing a program with a Trojan horse.

Analysis
----------------
ED_PRI CAN-1999-1350 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1352
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1352
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990928 Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93855134409747&w=2

mknod in Linux 2.2 follows symbolic links, which could allow local
users to overwrite files or gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1352 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1353
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1353
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990907 MsgCore mailserver stores passwords in clear text
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93698162708211&w=2

Nosque MsgCore 2.14 stores passwords in cleartext: (1) the
administrator password in the AdmPasswd registry key, and (2) user
passwords in the Userbase.dbf data file, which could allow local users
to gain privielges.

Analysis
----------------
ED_PRI CAN-1999-1353 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1357
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991005 Time to update those CGIs again
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915331626185&w=2

Netscape Communicator 4.04 through 4.7 (and possibly other versions)
in various UNIX operating systems converts the 0x8b character to a "<"
sign, and the 0x9b character to a ">" sign, which could allow remote
attackers to attack other clients via cross-site scripting (CSS) in
CGI programs that do not filter these characters.

Analysis
----------------
ED_PRI CAN-1999-1357 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1377
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://pulhas.org/phrack/55/P55-07.html

Matt Wright's download.cgi 1.0 allows remote attackers to read
arbitrary files via a .. (dot dot) in the f parameter.

Analysis
----------------
ED_PRI CAN-1999-1377 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1454
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1454
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991004 Weakness In "The Matrix" Screensaver For Windows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915027622690&w=2

Macromedia "The Matrix" screen saver on Windows 95 with the "Password
protected" option enabled allows attackers with physical access to the
machine to bypass the password prompt by pressing the ESC (Escape)
key.

Analysis
----------------
ED_PRI CAN-1999-1454 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1469
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990930 mini-sql Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93871926821410&w=2

Buffer overflow in w3-auth CGI program in miniSQL package allows
remote attackers to execute arbitrary commands via an HTTP request
with (1) a long URL, or (2) a long User-Agent MIME header.

Analysis
----------------
ED_PRI CAN-1999-1469 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1475
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991119 ProFTPd - mod_sqlpw.c
Reference: URL:http://www.securityfocus.com/archive/1/35483
Reference: BID:812
Reference: URL:http://www.securityfocus.com/bid/812

ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords
in the wtmp log file, which allows local users to obtain the passwords
and gain privileges by reading wtmp, e.g. via the last command.

Analysis
----------------
ED_PRI CAN-1999-1475 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1477
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990923 Linux GNOME exploit
Reference: URL:http://www.securityfocus.com/archive/1/28717
Reference: BID:663
Reference: URL:http://www.securityfocus.com/bid/663
Reference: XF:gnome-espeaker-local-bo(3349)
Reference: URL:http://xforce.iss.net/static/3349.php

Buffer overflow in GNOME libraries 1.0.8 allows local user to gain
root access via a long --espeaker argument in programs such as
nethack.

Analysis
----------------
ED_PRI CAN-1999-1477 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1484
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1484
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990924 Several ActiveX Buffer Overruns
Reference: URL:http://www.securityfocus.com/archive/1/28719
Reference: XF:msn-setup-bbs-activex-bo(3310)
Reference: URL:http://xforce.iss.net/static/3310.php
Reference: BID:668
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=668

Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control
(setupbbs.ocx) allows a remote attacker to execute arbitrary commands
via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.

Analysis
----------------
ED_PRI CAN-1999-1484 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1497
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991221 [w00giving '99 #11] IMail's password encryption scheme
Reference: URL:http://www.securityfocus.com/archive/1/39329
Reference: BID:880
Reference: URL:http://www.securityfocus.com/bid/880

Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in
registry keys, which allows local attackers to to read passwords for
e-mail accounts.

Analysis
----------------
ED_PRI CAN-1999-1497 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1500
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1500
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19991001 Vulnerabilities in the Internet Anywhere Mail Server
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93880357530599&w=2
Reference: BID:733
Reference: URL:http://www.securityfocus.com/bid/733

Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to
cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL
commands using letters as arguments.

Analysis
----------------
ED_PRI CAN-1999-1500 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1508
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1508
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991116 [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286041430870&w=2
Reference: BID:806
Reference: URL:http://www.securityfocus.com/bid/806

Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a
remote attacker to gain administrator access by directly calling
undocumented URLs such as ncl_items.html and ncl_subjects.html.

Analysis
----------------
ED_PRI CAN-1999-1508 3
Vendor Acknowledgement: unknown

[SMC]
This vulnerability was apparently rediscovered (or never fixed) and
publicized in:
BUGTRAQ:20010425 Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)
http://www.securityfocus.com/archive/1/179875
although the URL changed.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1509
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1509
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19991104 Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94177470915423&w=2
Reference: BUGTRAQ:19991104 Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94183041514522&w=2
Reference: BID:773
Reference: URL:http://www.securityfocus.com/bid/773
Reference: XF:eserv-fileread

Directory traversal vulnerability in Etype Eserv 2.50 web server
allows a remote attacker to read any file in the file system via a
.. (dot dot) in a URL.

Analysis
----------------
ED_PRI CAN-1999-1509 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1511
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991110 Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94226003804744&w=2
Reference: BID:791
Reference: URL:http://www.securityfocus.com/bid/791
Reference: XF:xtramail-pass-dos(3488)
Reference: URL:http://xforce.iss.net/static/3488.php

Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of
service (crash) and possibly execute arbitrary commands via (1) a long
PASS command in the POP3 service, (2) a long HELO command in the SMTP
service, or (3) a long user name in the Control Service.

Analysis
----------------
ED_PRI CAN-1999-1511 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

While there are multiple services that are affected with different
commands, they appear in the same package and version, so CD:SF-EXEC
suggests combining them into a single entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1516
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990902 [SECURITY] TenFour TFS SMTP 3.2 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93677241318492&w=2

A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows
an attacker to crash the mail server and possibly execute arbitrary
code by offering more than 128 bytes in a MAIL FROM string.

Analysis
----------------
ED_PRI CAN-1999-1516 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1517
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1517
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19991101 Amanda multiple vendor local root compromises
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94148942818975&w=2
Reference: BID:750
Reference: URL:http://www.securityfocus.com/bid/750

runtar in the Amanda backup system used in various UNIX operating
systems executes tar with root privileges, which allows a user to
overwrite or read arbitrary files by providing the target files to
runtar.

Analysis
----------------
ED_PRI CAN-1999-1517 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1519
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1519
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991117 Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286244700573&w=2
Reference: BID:805
Reference: URL:http://www.securityfocus.com/bid/805
Reference: XF:g6ftp-username-dos(3513)
Reference: URL:http://xforce.iss.net/static/3513.php

Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of
service (resource exhaustion) via a long (1) user name or (2)
password.

Analysis
----------------
ED_PRI CAN-1999-1519 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

BID:805 appears to be the only item which describes the problem in the
password; other sources describe the long user name.  As the problem
has been reported in the same versions and is the same type of
problem, CD:SF-LOC suggests combining them into a single CVE entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1521
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990912 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93720402717560&w=2
Reference: BUGTRAQ:19990729 Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94121824921783&w=2
Reference: BID:633
Reference: URL:http://www.securityfocus.com/bid/633
Reference: XF:cmail-command-bo(2240)
Reference: URL:http://xforce.iss.net/static/2240.php

Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to
a buffer overflow attack in the MAIL FROM command that may allow a
remote attacker to execute arbitrary code on the server.

Analysis
----------------
ED_PRI CAN-1999-1521 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1522
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991007 Roxen security alert
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942579008408&w=2

Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and
earlier, possibly related to recursive parsing and referer tags in
RXML.

Analysis
----------------
ED_PRI CAN-1999-1522 3
Vendor Acknowledgement: unknown

-- Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1523
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991004
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93901161727373&w=2
Reference: BUGTRAQ:19991006 Re: Sample DOS against the Sambar HTTP-Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93941351229256&w=2
Reference: XF:sambar-logging-bo(1672)
Reference: URL:http://xforce.iss.net/static/1672.php

Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to
cause a denial of service, and possibly execute arbitrary commands,
via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-1999-1523 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1527
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1527
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991123 NetBeans/ Forte' Java IDE HTTP vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94338883114254&w=2
Reference: BID:816
Reference: URL:http://www.securityfocus.com/bid/816

Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer
3.0 Beta and Forte Community Edition 1.0 Beta does not properly
restrict access to IP addresses as specified in its configuration,
which allows arbitrary remote attackers to access the server.

Analysis
----------------
ED_PRI CAN-1999-1527 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

The discloser notes that Netbeans was renamed to Forte, so the two
applications probably share the same codebase.  Thus CD:SF-CODEBASE
suggests combining these into a single entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1528
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: unknown
Reference: BUGTRAQ:19991114 MacOS 9 and the MacOS Netware Client
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94261444428430&w=2
Reference: BID:794
Reference: URL:http://www.securityfocus.com/bid/794

ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not
automatically log a user out of the NDS tree when the user logs off
the system, which allows other users of the same system access to the
unprotected NDS session.

Analysis
----------------
ED_PRI CAN-1999-1528 3
Vendor Acknowledgement: unknown

ABSTRACTION:
There is some debate in the Bugtraq thread regarding whether this is a
bug in this implementation or a general problem of interactions
between an application's "logout" mechanisms versus those of the
parent operating system.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1529
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991107 Interscan VirusWall NT 3.23/3.3 buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94201512111092&w=2
Reference: NTBUGTRAQ:19991107 Interscan VirusWall NT 3.23/3.3 buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94199707625818&w=2
Reference: BUGTRAQ:19991108 Re: Interscan VirusWall NT 3.23/3.3 buffer overflow.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94210427406568&w=2
Reference: BUGTRAQ:19991108 Patch for VirusWall 3.23.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94204166130782&w=2
Reference: NTBUGTRAQ:19991108 Patch for VirusWall 3.23.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94208143007829&w=2
Reference: BUGTRAQ:20000417 New DOS on Interscan NT/3.32
Reference: URL:http://www.securityfocus.com/archive/1/55551
Reference: BID:787
Reference: URL:http://www.securityfocus.com/bid/787
Reference: XF:viruswall-helo-bo(3465)
Reference: URL:http://xforce.iss.net/static/3465.php

A buffer overflow exists in the HELO command in Trend Micro
Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an
attacker to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-1999-1529 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

ABSTRACTION:
Trend Micro's patch for this buffer overflow only partially worked
still leaving the SMTP gateway open to a denial of service with an
overly long HELO command. I considered the twin problem part of the
same original problem. Not all may agree.
-- Pease
CD:SF-LOC, at least the version in my head, suggests that
"incompletely fixed bugs" should be combined into the same entry.
-- Christey

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1532
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991029 message:Netscape Messaging Server RCPT TO vul.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94117465014255&w=2
Reference: BID:748
Reference: URL:http://www.securityfocus.com/bid/748

Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker
to cause a denial of service (memory exhaustion) via a series of long
RCPT TO commands,

Analysis
----------------
ED_PRI CAN-1999-1532 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Examining Netscape's website I could see that they produced their
messaging servers for Solaris and NT.  Although the operating systems
are different I believe the problem is in common application code
(CD:SF-CODEBASE).  Two bugs are involved in this exploitation. When
they are exploited together they produce the DoS. One is an unbounded
buffer in the the SMTP RCPT TO command and the other a memory leak
where the messaging server software fails to deallocate memory
allocated for the RCPT TO buffer.  --Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1533
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1533
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990926 DoS Exploit in Eicon Diehl LAN ISDN Modem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846522511387&w=2
Reference: BID:665
Reference: URL:http://www.securityfocus.com/bid/665
Reference: XF:diva-lan-isdn-dos(3317)
Reference: URL:http://xforce.iss.net/static/3317.php

Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause
a denial of service (hang) via a long password argument to the
login.htm file in its HTTP service.

Analysis
----------------
ED_PRI CAN-1999-1533 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1534
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1534
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2
Reference: BID:661
Reference: URL:http://www.securityfocus.com/bid/661

Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia
backup product allows local users to obtain root access via a long
HOME environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1534 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

ABSTRACTION:
I wrote this up as one bug because the same C exploit works on both
binaries (CD:SF-EXEC).  One only has to change the program name in the
execl call. This argues that both binaries have code in common or a
very similar mistake in the way they both handle the HOME environment
variable -- Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1539
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1539
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991110 Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225924803704&w=2
Reference: NTBUGTRAQ:19991110 Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94223972910670&w=2
Reference: BID:796
Reference: URL:http://www.securityfocus.com/bid/796
Reference: XF:qvtterm-login-dos(3491)
Reference: URL:http://xforce.iss.net/static/3491.php

Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions
4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial
of service, and possibly execute arbitrary commands, via a long (1)
user name or (2) password.

Analysis
----------------
ED_PRI CAN-1999-1539 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1540
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: L0PHT:19991004
Reference: URL:http://www.atstake.com/research/advisories/1999/shell-lock.txt
Reference: BUGTRAQ:19991005 Cactus Software's shell-lock
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93916168802365&w=2
Reference: XF:cactus-shell-lock-retrieve-shell-code(3356)
Reference: URL:http://xforce.iss.net/static/3356.php

shell-lock in Cactus Software Shell Lock uses weak encryption (trivial
encoding) which allows attackers to easily decrypt and obtain the
source code.

Analysis
----------------
ED_PRI CAN-1999-1540 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1541
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: L0PHT:19991004
Reference: URL:http://www.atstake.com/research/advisories/1999/shell-lock.txt
Reference: BUGTRAQ:19991005 Cactus Software's shell-lock
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93916168802365&w=2
Reference: XF:cactus-shell-lock-root-privs(3358)
Reference: URL:http://xforce.iss.net/static/3358.php

shell-lock in Cactus Software Shell Lock allows local users to read or
modify decoded shell files before they are executed, via a symlink
attack on a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1541 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1547
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991125 Oracle Web Listener
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94359982417686&w=2
Reference: NTBUGTRAQ:19991125 Oracle Web Listener
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94390053530890&w=2
Reference: BID:841
Reference: URL:http://www.securityfocus.com/bid/841

Oracle Web Listener 2.1 allows remote attackers to bypass access
restrictions by replacing a character in the URL with its HTTP-encoded
(hex) equivalent.

Analysis
----------------
ED_PRI CAN-1999-1547 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1549
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991116 lynx 2.8.x - 'special URLs' anti-spoofing protection is weak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286509804526&w=2
Reference: BID:804
Reference: URL:http://www.securityfocus.com/bid/804

Lynx 2.x does not properly distinguish between internal and external
HTML, which may allow a local attacker to read a "secure" hidden form
value from a temporary file and craft a LYNXOPTIONS: URL that causes
Lynx to modify the user's configuration file and execute commands.

Analysis
----------------
ED_PRI CAN-1999-1549 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1562
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1562
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990905 gftp
Reference: URL:http://www.securityfocus.com/archive/1/26915

gFTP FTP client 1.13, and other versions before 2.0.0, records a
password in plaintext in (1) the log window, or (2) in a log file.

Analysis
----------------
ED_PRI CAN-1999-1562 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1563
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1563
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:19991014 NEUROCOM: Nashuatec printer, 3 vulnerabilities found
Reference: URL:http://www.securityfocus.com/archive/1/30849
Reference: BUGTRAQ:19991116 NEUROCOM: Nashuatec D445/435 vulnerabilities updated
Reference: URL:http://www.securityfocus.com/archive/1/35075

Nachuatec D435 and D445 printer allows remote attackers to cause a
denial of service via ICMP redirect storm.

Analysis
----------------
ED_PRI CAN-1999-1563 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1564
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1564
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ]
Reference: URL:http://www.securityfocus.com/archive/1/26166

FreeBSD 3.2 and possibly other versions allows a local user to cause a
denial of service (panic) with a large number accesses of an NFS v3
mounted directory from a large number of processes.

Analysis
----------------
ED_PRI CAN-1999-1564 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007