[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-69 - 33 candidates

I am proposing cluster RECENT-69 for review and voting by the
Editorial Board.

Name: RECENT-69
Description: Candidates announced between 2/10/2001 and 5/31/2001
Size: 33

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0744
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0744
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010531 Imp-2.2.4 temporary files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html
Reference: CONFIRM:http://www.horde.org/imp/2.2/news.php
Reference: CALDERA:CSSA-2001-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-025.0.txt

Horde IMP 2.2.4 and earlier allows local users to overwrite files via
a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-2001-0744 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0750
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0750
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010524 IOS Reload after Scanning Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml
Reference: XF:cisco-ios-tcp-dos(6589)
Reference: URL:http://xforce.iss.net/static/6589.php

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial
of service (reload) via a connection to TCP ports 3100-3999,
5100-5999, 7100-7999 and 10100-10999.

Analysis
----------------
ED_PRI CAN-2001-0750 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0751
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0751
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html

Cisco switches and routers running CBOS 2.3.8 and earlier use
predictable TCP Initial Sequence Numbers (ISN), which allows remote
attackers to spoof or hijack TCP connections.

Analysis
----------------
ED_PRI CAN-2001-0751 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0752
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0752
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial
of service via an ICMP ECHO REQUEST (ping) with the IP Record Route
option set.

Analysis
----------------
ED_PRI CAN-2001-0752 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0754
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0754
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial
of service via a series of large ICMP ECHO REPLY (ping) packets, which
cause it to enter ROMMON mode and stop forwarding packets.

Analysis
----------------
ED_PRI CAN-2001-0754 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0738
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CERT-VU:VU#249579
Reference: URL:http://www.kb.cert.org/vuls/id/249579
Reference: BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99258618906506&w=2
Reference: XF:klogd-null-byte-dos(7098)
Reference: URL:http://xforce.iss.net/static/7098.php

LogLine function in klogd in sysklogd 1.3 in various Linux
distributions allows an attacker to cause a denial of service (hang)
by causing null bytes to be placed in log messages.

Analysis
----------------
ED_PRI CAN-2001-0738 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0739
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0739
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: ENGARDE:ESA-20010529-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1404.html

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows
restarted services to inherit some environmental variables, which
could allow local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-2001-0739 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0740
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0740
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html
Reference: BUGTRAQ:20010921 3Com OfficeConnect 812/840  Router DoS exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119572524232&w=2
Reference: BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100137290421828&w=2
Reference: XF:3com-officeconnect-http-dos(6573)
Reference: URL:http://xforce.iss.net/static/6573.php
Reference: BID:2721
Reference: URL:http://www.securityfocus.com/bid/2721

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router
software 1.1.9 and earlier, allows remote attackers to cause a denial
of service via a long string containing a large number of "%s"
strings, possibly triggering a format string vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0740 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0734
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0734
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: NETBSD:NetBSD-SA2001-008
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-008.txt.asc
Reference: BID:2810
Reference: URL:http://www.securityfocus.com/bid/2810
Reference: XF:bsd-sh3-sigreturn-privileges(6637)
Reference: URL:http://xforce.iss.net/static/6637.php

Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local
user to gain privileges via modified Status Register contents, which
are not properly handled by (1) the sigreturn system call or (2) the
process_write_regs kernel routine.

Analysis
----------------
ED_PRI CAN-2001-0734 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0736
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0736
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: REDHAT:RHSA-2001:042-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-042.html
Reference: MANDRAKE:MDKSA-2001:047
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0
Reference: BUGTRAQ:20010527 [ESA-20010509-01]  pine temporary file handling vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99106787825229&w=2
Reference: BUGTRAQ:20010416 Immunix OS Security update for pine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98749102621604&w=2
Reference: XF:pine-tmp-file-symlink(6367)
Reference: URL:http://xforce.iss.net/static/6367.php

Vulnerability in (1) pine before 4.33 and (2) the pico editor,
included with pine, allows local users local users to overwrite
arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-0736 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0737
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0737
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010516 logitech wireless devices: man-in-the-middle attack
Reference: URL:http://www.securityfocus.com/archive/1/185003
Reference: BUGTRAQ:20010522 Logitech vulnerability (DoS, man-in-the-middle-attack) - Resend
Reference: URL:http://www.securityfocus.com/archive/1/3B0A36C8.E9D8610@daten-treuhand.de
Reference: XF:logitech-wireless-unauthorized-access(6562)
Reference: URL:http://xforce.iss.net/static/6562.php
Reference: BID:2738
Reference: URL:http://www.securityfocus.com/bid/2738

A long 'synch' delay in Logitech wireless mice and keyboard receivers
allows a remote attacker to hijack connections via a man-in-the-middle
attack.

Analysis
----------------
ED_PRI CAN-2001-0737 3
Vendor Acknowledgement: no
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0741
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: CF
Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html
Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf
Reference: XF:cisco-hsrp-dos(6497)
Reference: URL:http://xforce.iss.net/static/6497.php
Reference: BID:2684
Reference: URL:http://www.securityfocus.com/bid/2684

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to
cause a denial of service by spoofing HSRP packets.

Analysis
----------------
ED_PRI CAN-2001-0741 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0742
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0742
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: MISC:http://www.securiteam.com/windowsntfocus/5UP0B204AY.html

Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows
remote attackers to run arbitrary code via a long HELO command.

Analysis
----------------
ED_PRI CAN-2001-0742 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0746
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0746
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html
Reference: CONFIRM:http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
Reference: XF:netscape-enterprise-uri-bo(6554)
Reference: URL:http://xforce.iss.net/static/6554.php
Reference: BID:2732
Reference: URL:http://www.securityfocus.com/bid/2732

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise
Edition 4.1 and earlier allows remote attackers to cause a denial of
service and possibly execute arbitrary code via a request for a long
URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.

Analysis
----------------
ED_PRI CAN-2001-0746 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ABSTRACTION:
While the long method buffer overflow and the Web Publisher buffer
overflow both affect iWS, Netscape's advisory implies that the Web
Publisher vulnerability affects Netscape Enterprise Server, but the
long method overflow does not.  Thus these bugs appear in different
versions, and CD:SF-LOC suggests keeping them split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0747
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0747
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010518 Netscape Enterprise Server 4 Method and URI overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0203.html
Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html

Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1,
service packs 3 through 7, allows remote attackers to cause a denial
of sevice and possibly execute arbitrary code via a long method name
in an HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0747 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

ABSTRACTION:
While the long method buffer overflow and the Web Publisher buffer
overflow both affect iWS, Netscape's advisory implies that the Web
Publisher vulnerability affects Netscape Enterprise Server, but the
long method overflow does not.  Thus these bugs appear in different
versions, and CD:SF-LOC suggests keeping them split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0748
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing
Reference: URL:http://www.securityfocus.com/archive/1/188141

Acme.Server 1.7 allows remote attackers to read arbitrary files by
prepending several . (slash) characters to the URI.

Analysis
----------------
ED_PRI CAN-2001-0748 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0753
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0753
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html

Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2)
enable in cleartext in the NVRAM and a configuration file, which could
allow unauthorized users to obtain the passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0753 3
Vendor Acknowledgement: yes advisory
Content Decisions: DESIGN-NO-ENCRYPTION, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0755
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010518 Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html

Buffer overflow in ftp daemon (ftpd) 6.2 in Debian Linux allows
attackers to cause a denial of service and possibly execute arbitrary
code via a long SITE command.

Analysis
----------------
ED_PRI CAN-2001-0755 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0767
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0767
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html
Reference: MISC:http://www.nitrolic.com/
Reference: BID:2789
Reference: URL:http://www.securityfocus.com/bid/2789

Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers
to list or read arbitrary files and directories via a .. in (1) LS or
(2) GET.

Analysis
----------------
ED_PRI CAN-2001-0767 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT:
In the "Latest News" section at http://www.nitrolic.com/, the release
notes for version 0.995 says "Path Security bug was corrected so to
prevent users from browsing outside of the specified root / path."
However, it's not clear whether *this* is the particular bug that was
fixed in 0.995.
ABSTRACTION:
CD:SF-LOC says that problems of the same type, appearing in the same
version, should be combined into the same CVE entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0768
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0768
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category:
Reference: BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html
Reference: BID:2792
Reference: URL:http://www.securityfocus.com/bid/2792
Reference: XF:guildftpd-usr-plaintext-passwords(6611)
Reference: URL:http://xforce.iss.net/static/6611.php

GuildFTPd 0.9.7 stores user names and passwords in plaintext in the
default.usr file, which allows local users to gain privileges as other
FTP users by reading the file.

Analysis
----------------
ED_PRI CAN-2001-0768 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0769
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0769
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
Reference: XF:guildftpd-null-memory-leak(6613)
Reference: URL:http://xforce.iss.net/static/6613.php

Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause
a denial of service via a request containing a null character.

Analysis
----------------
ED_PRI CAN-2001-0769 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0770
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0770
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
Reference: XF:guildftpd-site-bo(6612)
Reference: URL:http://xforce.iss.net/static/6612.php

Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to
execute arbitrary code via a long SITE command.

Analysis
----------------
ED_PRI CAN-2001-0770 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0771
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0771
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010521 SpyAnywhere Authentication Bypassing Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/186006
Reference: BID:2755
Reference: URL:http://www.securityfocus.com/bid/2755
Reference: XF:spyanywhere-weak-authentication(6578)
Reference: URL:http://xforce.iss.net/static/6578.php

Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator
access via a a single character in the "loginpass" field.

Analysis
----------------
ED_PRI CAN-2001-0771 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0772
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0772
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: HP:HPSBUX0105-151
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0044.html
Reference: XF:hpux-cde-bo(6585)
Reference: URL:http://xforce.iss.net/static/6585.php

Buffer overflows and other vulnerabilities in multiple Common Desktop
Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers
to cause a denial of service and possibly gain additional privileges.

Analysis
----------------
ED_PRI CAN-2001-0772 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, SF-LOC, VAGUE

ABSTRACTION/INCLUSION:
There has been a variety of vulnerabilities in CDE modules over the
years.  The HP advisory does not provide enough details to know if HP
is addressing known vulnerabilities or new ones.  Thus it is possible
that this item overlaps other CVE entries or candidates.
The advisory also implies that there are other types of problems
besides buffer overflows.  CD:SF-LOC would recommend creating separate
candidates for each problem, but since the advisory does not provide
details, it cannot be determined how many candidates should be
created.  Thus this candidate is clearly at a higher level of
abstraction than usual.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0776
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0776
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010526 DynFX POPd Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0278.html
Reference: BID:2781
Reference: URL:http://www.securityfocus.com/bid/2781
Reference: XF:dynfx-mailserver-pop3-bo(6615)
Reference: URL:http://xforce.iss.net/static/6615.php

Buffer overflow in DynFX MailServer version 2.10 allows remote
attackers to conduct a denial of service via a long username to the
POP3 service.

Analysis
----------------
ED_PRI CAN-2001-0776 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0777
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0777
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010526 Remote vulnerabilities in OmniHTTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html
Reference: XF:omnihttpd-php-request-dos(6620)
Reference: URL:http://xforce.iss.net/static/6620.php
Reference: BID:2783
Reference: URL:http://www.securityfocus.com/bid/2783

Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of
service (memory exhaustion) via a series of requests for PHP scripts.

Analysis
----------------
ED_PRI CAN-2001-0777 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0778
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0778
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010525 Remote vulnerabilities in OmniHTTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html
Reference: XF:omnihttpd-reveal-source-code(6621)
Reference: URL:http://xforce.iss.net/static/6621.php

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source
code via a GET request with the URL-encoded symbol for a space (%20).

Analysis
----------------
ED_PRI CAN-2001-0778 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0779
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0779
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187086
Reference: BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available
Reference: URL:http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu
Reference: XF:solaris-yppasswd-bo(6629)
Reference: URL:http://xforce.iss.net/static/6629.php
Reference: BID:2763
Reference: URL:http://www.securityfocus.com/bid/2763

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7
and 8 allows remote attackers to gain root access via a long username.

Analysis
----------------
ED_PRI CAN-2001-0779 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0780
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010527 directorypro.cgi , directory traversal
Reference: URL:http://www.securityfocus.com/archive/1/187182
Reference: BID:2793
Reference: URL:http://www.securityfocus.com/bid/2793

Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl
Directory Pro 2.0 allows remote attacker to gain sensitive information
via a .. (dot dot) in the SHOW parameter.

Analysis
----------------
ED_PRI CAN-2001-0780 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0781
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0781
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010530 SpoonFTP Buffer Overflow Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0296.html
Reference: XF:spoonftp-cwd-list-bo(6630)
Reference: URL:http://xforce.iss.net/static/6630.php

Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute
arbitrary code via a long argument to the commands (1) CWD or (2)
LIST.

Analysis
----------------
ED_PRI CAN-2001-0781 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0790
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0790
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: WIN2KSEC:20010527
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q2/0071.html

Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a
denial of service (CPU exhaustion) via a port scan, which causes the
server to consume CPU while preparing alerts.

Analysis
----------------
ED_PRI CAN-2001-0790 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0791
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0791
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010531 [SNS Advisory No.28]InterScan VirusWall for NT remote configuration
Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html

Trend Micro InterScan VirusWall for Windows NT allows remote attackers
to make configuration changes by directly calling certain CGI
programs, which do not restrict access.

Analysis
----------------
ED_PRI CAN-2001-0791 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0792
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html

Format string vulnerability in XChat 1.2.x allows remote attackers to
execute arbitrary code via a malformed nickname.

Analysis
----------------
ED_PRI CAN-2001-0792 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007