[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster OLD-2000-A - 20 candidates



I am proposing cluster OLD-2000-A for review and voting by the
Editorial Board.  Though it could have been named better, it includes
some issues from 2001.  There is no "OLD-2000-B" cluster yet, but I
expect there may be in the future.

Name: OLD-2000-A
Description: Older candidates announced between 2/1/2000 and 2/27/2001
Size: 20

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-1190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1190
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000531 Re: strike#2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2
Reference: REDHAT:RHSA-2000:016-03
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-016-03.html

imwheel-solo in imwheel package allows local users to modify arbitrary
files via a symlink attack from the .imwheelrc file.

Analysis
----------------
ED_PRI CAN-2000-1190 1
Vendor Acknowledgement: yes advisory

CVE-2000-0230 describes a buffer overflow; Red Hat later modified its
original advisory to describe the symlink problem, though it doesn't
look like the "official" location on the Red Hat site includes this
updated advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1195
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: CALDERA:CSSA-2000-008.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt

telnet daemon (telnetd) from the Linux netkit package before
netkit-telnet-0.16 allows remote attackers to bypass authentication
when telnetd is running with the -L command line option.

Analysis
----------------
ED_PRI CAN-2000-1195 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0615
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html
Reference: BID:1447
Reference: URL:http://www.securityfocus.com/bid/1447

LPRng 3.6.x improperly installs lpd as setuid root, which can allow
local users to append lpd trace and logging messages to files.

Analysis
----------------
ED_PRI CAN-2000-0615 2
Vendor Acknowledgement: yes developer-post

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0891
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20001114
Category: CF
Reference: CERT-VN:VU#5962
Reference: URL:http://www.kb.cert.org/vuls/id/5962
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S

A default ECL in Lotus Notes before 5.02 allows remote attackers to
execute arbitrary commands by attaching a malicious program in an
email message that is automatically executed when the user opens the
email.

Analysis
----------------
ED_PRI CAN-2000-0891 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1196
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category:
Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html
Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows
remote attackers to read arbitrary files by specifying the target file
in the errPagePath parameter.

Analysis
----------------
ED_PRI CAN-2000-1196 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0619
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0619
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20000719
Category: SF
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html
Reference: BID:1258
Reference: URL:http://www.securityfocus.com/bid/1258

TopLayer 2500 layer 7 switch allows remote attackers to cause a denial
of service via malformed ICMP packets.

Analysis
----------------
ED_PRI CAN-2000-0619 3
Vendor Acknowledgement: unknown poster-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0892
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0892
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20001114
Category: SF
Reference: CERT-VN:VU#22404
Reference: URL:http://www.kb.cert.org/vuls/id/22404

Some telnet clients allow remote telnet servers to request environment
variables from the client that may contain sensitive information, or
remote web servers to obtain the information via a telnet: URL.

Analysis
----------------
ED_PRI CAN-2000-0892 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1191
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html

htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows remote
attackers to determine the physical path of the server by requesting a
non-existent configuration file using the config parameter, which
generates an error message that includes the full path.

Analysis
----------------
ED_PRI CAN-2000-1191 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1192
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: MISC:http://www.securiteam.com/windowsntfocus/5ZP0C000KC.html
Reference: MISC:http://www.bttsoftware.co.uk/snmptrap.html
Reference: XF:snmp-trapwatcher-string-dos
Reference: BID:985
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=985

Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long string trap.

Analysis
----------------
ED_PRI CAN-2000-1192 3
Vendor Acknowledgement: unknown ack-vague

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1193
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: XF:irix-pmcd-dos(4284)
Reference: URL:http://xforce.iss.net/static/4284.php

Performance Metrics Collector Daemon (PMCD) in Performance Copilot in
IRIX 6.x allows remote attackers to cause a denial of service
(resource exhaustion) via an extremely long string to the PMCD port.

Analysis
----------------
ED_PRI CAN-2000-1193 3
Vendor Acknowledgement:

CVE-2000-0283 is a different bug that was discovered and announced at
the same time.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1194
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: MISC:http://www.mdma.za.net/fk/FK9.zip
Reference: BID:1227
Reference: URL:http://www.securityfocus.com/bid/1227

Argosoft FRP server 1.0 allows remote attackers to cause a denial of
service, and possibly execute arbitrary commands, via a long string
to the (1) USER or (2) CWD commands.

Analysis
----------------
ED_PRI CAN-2000-1194 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1197
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category:
Reference: BUGTRAQ:20000420 pop3d/imap DOS (while we're on the subject)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95624629924545&w=2
Reference: FREEBSD:FreeBSD-SA-00:15
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc
Reference: BID:1132
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1132

POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and
other operating systems creates lock files with predictable names,
which allows local users to cause a denial of service (lack of mail
access) for other users by creating lock files for other mail boxes.

Analysis
----------------
ED_PRI CAN-2000-1197 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1198
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category:
Reference: BUGTRAQ:20000420 pop3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95634229925906&w=2
Reference: BUGTRAQ:20000420 pop3d/imap DOS (while we're on the subject)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95624629924545&w=2
Reference: BID:1132
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1132

qpopper POP server creates lock files with predictable names, which
allows local users to cause a denial of service for other users (lack
of mail access) by creating lock files for other mail boxes.

Analysis
----------------
ED_PRI CAN-2000-1198 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

If the imap-uw POP server and qpopper originate from the same
codebase, then CD:SF-CODEBASE would argue for combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1199
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000423 Postgresql cleartext password storage
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95659987018649&w=2
Reference: XF:postgresql-plaintext-passwords(4364)
Reference: URL:http://xforce.iss.net/static/4364.php
Reference: BID:1139
Reference: URL:http://www.securityfocus.com/bid/1139

PostgreSQL stores usernames and passwords in plaintext in (1)
pg_shadow and (2) pg_pwd, which allows attackers with sufficient
privileges to gain access to databases.

Analysis
----------------
ED_PRI CAN-2000-1199 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1200
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage
Reference: URL:http://www.securityfocus.com/archive/1/44430
Reference: XF:nt-lsa-domain-sid(4015)
Reference: URL:http://xforce.iss.net/static/4015.php
Reference: BID:959
Reference: URL:http://www.securityfocus.com/bid/959

Windows NT allows remote attackers to list all users in a domain by
obtaining the domain SID with the LsaQueryInformationPolicy policy
function via a null session and using the SID to list the users.

Analysis
----------------
ED_PRI CAN-2000-1200 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1201
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000707 Re: CheckPoint FW1 BUG
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0085.html

Check Point FireWall-1 allows remote attackers to cause a denial of
service (high CPU) via a flood of packets to port 264.

Analysis
----------------
ED_PRI CAN-2000-1201 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1202
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1202
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000405 minor issue with IBM HTTPD and /usr/bin/ikeyman
Reference: URL:http://www.securityfocus.com/archive/1/54073
Reference: BID:1092
Reference: URL:http://www.securityfocus.com/bid/1092
Reference: XF:ibm-ikeyman(4235)
Reference: URL:http://xforce.iss.net/static/4235.php

ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable
to include the user's own CLASSPATH directories before the system's
directories, which allows a malicious local user to execute arbitrary
code as root via a Trojan horse Ikeyman class.

Analysis
----------------
ED_PRI CAN-2000-1202 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0647
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0647
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010227 Orange Web Server v2.1 DoS
Reference: URL:http://www.securityfocus.com/archive/1/165658
Reference: BID:20010227 Orange Web Server DoS Vulnerability
Reference: URL:http://www.securityfocus.com/bid/2432

Orange Web Server 2.1, based on GoAhead, allows a remote attacker to
perform a denial of service via an HTTP GET request that does not
include the HTTP version.

Analysis
----------------
ED_PRI CAN-2001-0647 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0682
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010829
Category: SF
Reference: NTBUGTRAQ:20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97818917222992&w=2
Reference: XF:zonealarm-mutex-dos(5821)
Reference: URL:http://xforce.iss.net/static/5821.php

ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial
of service by running a trojan to initialize a ZoneAlarm mutex object
which prevents ZoneAlarm from starting.

Analysis
----------------
ED_PRI CAN-2001-0682 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0711
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0711
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20010831
Category: SF
Reference: CISCO:20010207 Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml

Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a
denial of service via the undocumented Interim Local Management
Interface (ILMI) SNMP community string.

Analysis
----------------
ED_PRI CAN-2001-0711 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007