|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-69 - 33 candidates
I am proposing cluster RECENT-69 for review and voting by the Editorial Board. Name: RECENT-69 Description: Candidates announced between 2/10/2001 and 5/31/2001 Size: 33 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0744 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0744 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 Imp-2.2.4 temporary files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html Reference: CONFIRM:http://www.horde.org/imp/2.2/news.php Reference: CALDERA:CSSA-2001-025.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-025.0.txt Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-2001-0744 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0750 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0750 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010524 IOS Reload after Scanning Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml Reference: XF:cisco-ios-tcp-dos(6589) Reference: URL:http://xforce.iss.net/static/6589.php Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. Analysis ---------------- ED_PRI CAN-2001-0750 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0751 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0751 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. Analysis ---------------- ED_PRI CAN-2001-0751 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0752 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0752 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. Analysis ---------------- ED_PRI CAN-2001-0752 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0754 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. Analysis ---------------- ED_PRI CAN-2001-0754 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0738 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CERT-VU:VU#249579 Reference: URL:http://www.kb.cert.org/vuls/id/249579 Reference: BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99258618906506&w=2 Reference: XF:klogd-null-byte-dos(7098) Reference: URL:http://xforce.iss.net/static/7098.php LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages. Analysis ---------------- ED_PRI CAN-2001-0738 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0739 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0739 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: ENGARDE:ESA-20010529-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1404.html Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0739 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0740 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0740 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html Reference: BUGTRAQ:20010921 3Com OfficeConnect 812/840 Router DoS exploit code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119572524232&w=2 Reference: BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100137290421828&w=2 Reference: XF:3com-officeconnect-http-dos(6573) Reference: URL:http://xforce.iss.net/static/6573.php Reference: BID:2721 Reference: URL:http://www.securityfocus.com/bid/2721 3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability. Analysis ---------------- ED_PRI CAN-2001-0740 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0734 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0734 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: NETBSD:NetBSD-SA2001-008 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-008.txt.asc Reference: BID:2810 Reference: URL:http://www.securityfocus.com/bid/2810 Reference: XF:bsd-sh3-sigreturn-privileges(6637) Reference: URL:http://xforce.iss.net/static/6637.php Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine. Analysis ---------------- ED_PRI CAN-2001-0734 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0736 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0736 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: REDHAT:RHSA-2001:042-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-042.html Reference: MANDRAKE:MDKSA-2001:047 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0 Reference: BUGTRAQ:20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99106787825229&w=2 Reference: BUGTRAQ:20010416 Immunix OS Security update for pine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98749102621604&w=2 Reference: XF:pine-tmp-file-symlink(6367) Reference: URL:http://xforce.iss.net/static/6367.php Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-0736 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0737 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0737 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010516 logitech wireless devices: man-in-the-middle attack Reference: URL:http://www.securityfocus.com/archive/1/185003 Reference: BUGTRAQ:20010522 Logitech vulnerability (DoS, man-in-the-middle-attack) - Resend Reference: URL:http://www.securityfocus.com/archive/1/3B0A36C8.E9D8610@daten-treuhand.de Reference: XF:logitech-wireless-unauthorized-access(6562) Reference: URL:http://xforce.iss.net/static/6562.php Reference: BID:2738 Reference: URL:http://www.securityfocus.com/bid/2738 A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. Analysis ---------------- ED_PRI CAN-2001-0737 3 Vendor Acknowledgement: no Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf Reference: XF:cisco-hsrp-dos(6497) Reference: URL:http://xforce.iss.net/static/6497.php Reference: BID:2684 Reference: URL:http://www.securityfocus.com/bid/2684 Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. Analysis ---------------- ED_PRI CAN-2001-0741 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0742 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0742 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/windowsntfocus/5UP0B204AY.html Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command. Analysis ---------------- ED_PRI CAN-2001-0742 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0746 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0746 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html Reference: CONFIRM:http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html Reference: XF:netscape-enterprise-uri-bo(6554) Reference: URL:http://xforce.iss.net/static/6554.php Reference: BID:2732 Reference: URL:http://www.securityfocus.com/bid/2732 Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. Analysis ---------------- ED_PRI CAN-2001-0746 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ABSTRACTION: While the long method buffer overflow and the Web Publisher buffer overflow both affect iWS, Netscape's advisory implies that the Web Publisher vulnerability affects Netscape Enterprise Server, but the long method overflow does not. Thus these bugs appear in different versions, and CD:SF-LOC suggests keeping them split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0747 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010518 Netscape Enterprise Server 4 Method and URI overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0203.html Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of sevice and possibly execute arbitrary code via a long method name in an HTTP request. Analysis ---------------- ED_PRI CAN-2001-0747 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC ABSTRACTION: While the long method buffer overflow and the Web Publisher buffer overflow both affect iWS, Netscape's advisory implies that the Web Publisher vulnerability affects Netscape Enterprise Server, but the long method overflow does not. Thus these bugs appear in different versions, and CD:SF-LOC suggests keeping them split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0748 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0748 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing Reference: URL:http://www.securityfocus.com/archive/1/188141 Acme.Server 1.7 allows remote attackers to read arbitrary files by prepending several . (slash) characters to the URI. Analysis ---------------- ED_PRI CAN-2001-0748 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0753 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0753 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. Analysis ---------------- ED_PRI CAN-2001-0753 3 Vendor Acknowledgement: yes advisory Content Decisions: DESIGN-NO-ENCRYPTION, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0755 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0755 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010518 Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html Buffer overflow in ftp daemon (ftpd) 6.2 in Debian Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command. Analysis ---------------- ED_PRI CAN-2001-0755 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0767 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0767 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html Reference: MISC:http://www.nitrolic.com/ Reference: BID:2789 Reference: URL:http://www.securityfocus.com/bid/2789 Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. Analysis ---------------- ED_PRI CAN-2001-0767 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: In the "Latest News" section at http://www.nitrolic.com/, the release notes for version 0.995 says "Path Security bug was corrected so to prevent users from browsing outside of the specified root / path." However, it's not clear whether *this* is the particular bug that was fixed in 0.995. ABSTRACTION: CD:SF-LOC says that problems of the same type, appearing in the same version, should be combined into the same CVE entry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0768 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0768 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: Reference: BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html Reference: BID:2792 Reference: URL:http://www.securityfocus.com/bid/2792 Reference: XF:guildftpd-usr-plaintext-passwords(6611) Reference: URL:http://xforce.iss.net/static/6611.php GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. Analysis ---------------- ED_PRI CAN-2001-0768 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-NO-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0769 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0769 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-null-memory-leak(6613) Reference: URL:http://xforce.iss.net/static/6613.php Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. Analysis ---------------- ED_PRI CAN-2001-0769 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0770 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0770 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-site-bo(6612) Reference: URL:http://xforce.iss.net/static/6612.php Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. Analysis ---------------- ED_PRI CAN-2001-0770 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0771 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0771 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010521 SpyAnywhere Authentication Bypassing Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/186006 Reference: BID:2755 Reference: URL:http://www.securityfocus.com/bid/2755 Reference: XF:spyanywhere-weak-authentication(6578) Reference: URL:http://xforce.iss.net/static/6578.php Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a a single character in the "loginpass" field. Analysis ---------------- ED_PRI CAN-2001-0771 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0772 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0772 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: HP:HPSBUX0105-151 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0044.html Reference: XF:hpux-cde-bo(6585) Reference: URL:http://xforce.iss.net/static/6585.php Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. Analysis ---------------- ED_PRI CAN-2001-0772 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC, SF-LOC, VAGUE ABSTRACTION/INCLUSION: There has been a variety of vulnerabilities in CDE modules over the years. The HP advisory does not provide enough details to know if HP is addressing known vulnerabilities or new ones. Thus it is possible that this item overlaps other CVE entries or candidates. The advisory also implies that there are other types of problems besides buffer overflows. CD:SF-LOC would recommend creating separate candidates for each problem, but since the advisory does not provide details, it cannot be determined how many candidates should be created. Thus this candidate is clearly at a higher level of abstraction than usual. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0776 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0776 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010526 DynFX POPd Denial of Service Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0278.html Reference: BID:2781 Reference: URL:http://www.securityfocus.com/bid/2781 Reference: XF:dynfx-mailserver-pop3-bo(6615) Reference: URL:http://xforce.iss.net/static/6615.php Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. Analysis ---------------- ED_PRI CAN-2001-0776 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0777 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0777 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010526 Remote vulnerabilities in OmniHTTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html Reference: XF:omnihttpd-php-request-dos(6620) Reference: URL:http://xforce.iss.net/static/6620.php Reference: BID:2783 Reference: URL:http://www.securityfocus.com/bid/2783 Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. Analysis ---------------- ED_PRI CAN-2001-0777 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0778 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0778 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010525 Remote vulnerabilities in OmniHTTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html Reference: XF:omnihttpd-reveal-source-code(6621) Reference: URL:http://xforce.iss.net/static/6621.php OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). Analysis ---------------- ED_PRI CAN-2001-0778 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0779 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0779 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability Reference: URL:http://www.securityfocus.com/archive/1/187086 Reference: BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available Reference: URL:http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu Reference: XF:solaris-yppasswd-bo(6629) Reference: URL:http://xforce.iss.net/static/6629.php Reference: BID:2763 Reference: URL:http://www.securityfocus.com/bid/2763 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. Analysis ---------------- ED_PRI CAN-2001-0779 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0780 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0780 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 directorypro.cgi , directory traversal Reference: URL:http://www.securityfocus.com/archive/1/187182 Reference: BID:2793 Reference: URL:http://www.securityfocus.com/bid/2793 Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter. Analysis ---------------- ED_PRI CAN-2001-0780 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0781 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010530 SpoonFTP Buffer Overflow Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0296.html Reference: XF:spoonftp-cwd-list-bo(6630) Reference: URL:http://xforce.iss.net/static/6630.php Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. Analysis ---------------- ED_PRI CAN-2001-0781 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0790 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0790 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: WIN2KSEC:20010527 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q2/0071.html Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. Analysis ---------------- ED_PRI CAN-2001-0790 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0791 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0791 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010531 [SNS Advisory No.28]InterScan VirusWall for NT remote configuration Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. Analysis ---------------- ED_PRI CAN-2001-0791 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. Analysis ---------------- ED_PRI CAN-2001-0792 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
