|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-75 - 47 candidates
I am proposing cluster RECENT-75 for review and voting by the Editorial Board. Name: RECENT-75 Description: Candidates announced between 1/12/2001 and 7/31/2001 Size: 47 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010718 Category: SF Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{ Reference: URL:http://www.securityfocus.com/archive/82/180823 Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100700363414799&w=2 Reference: CERT:CA-2001-33 Reference: URL:http://www.cert.org/advisories/CA-2001-33.html Reference: CERT-VN:VU#886083 Reference: URL:http://www.kb.cert.org/vuls/id/886083 Reference: REDHAT:RHSA-2001-157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html Reference: CALDERA:CSSA-2001-041.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt Reference: MANDRAKE:MDKSA-2001:090 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 Reference: HP:HPSBUX0107-162 Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability Reference: BID:3581 Reference: URL:http://www.securityfocus.com/bid/3581 wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). Analysis ---------------- ED_PRI CAN-2001-0550 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0905 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-083 Reference: URL:http://www.debian.org/security/2001/dsa-083 Reference: REDHAT:RHSA-2001:093 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-093.html Reference: MANDRAKE:MDKSA-2001:085 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3 Reference: FREEBSD:FreeBSD-SA-01:60 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc Reference: BID:3071 Reference: URL:http://www.securityfocus.com/bid/3071 Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. Analysis ---------------- ED_PRI CAN-2001-0905 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0906 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit Reference: URL:http://www.securityfocus.com/archive/1/192647 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: MANDRAKE:MDKSA-2001:086 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3 Reference: IMMUNIX:IMNX-2001-70-030-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01 Reference: BID:2974 Reference: URL:http://www.securityfocus.com/bid/2974 Reference: XF:tetex-lprng-tmp-race(6785) Reference: URL:http://xforce.iss.net/static/6785.php teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. Analysis ---------------- ED_PRI CAN-2001-0906 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0925 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0925 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released Reference: URL:http://www.securityfocus.com/archive/1/168497 Reference: BUGTRAQ:20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit Reference: URL:http://www.securityfocus.com/archive/1/193081 Reference: BUGTRAQ:20010419 OpenBSD 2.8patched Apache vuln! Reference: URL:http://www.securityfocus.com/archive/1/178066 Reference: BUGTRAQ:20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1 Reference: CONFIRM:http://www.apacheweek.com/features/security-13 Reference: MANDRAKE:MDKSA-2001:077 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3 Reference: DEBIAN:DSA-067 Reference: URL:http://www.debian.org/security/2001/dsa-067 Reference: ENGARDE:ESA-20010620-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1452.html Reference: BID:2503 Reference: URL:http://www.securityfocus.com/bid/2503 Reference: XF:apache-slash-directory-listing(6921) Reference: URL:http://xforce.iss.net/static/6921.php The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. Analysis ---------------- ED_PRI CAN-2001-0925 1 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0974 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CIAC:L-116 Reference: URL:http://www.ciac.org/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#869184 Reference: URL:http://www.kb.cert.org/vuls/id/869184 Reference: BID:3048 Reference: URL:http://www.securityfocus.com/bid/3048 Reference: XF:oracle-ldap-protos-format-string(6903) Reference: URL:http://xforce.iss.net/static/6903.php Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-0974 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0975 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0975 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CIAC:L-116 Reference: URL:http://www.ciac.org/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#869184 Reference: URL:http://www.kb.cert.org/vuls/id/869184 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf Reference: XF:oracle-ldap-protos-bo(6902) Reference: URL:http://xforce.iss.net/static/6902.php Reference: BID:3047 Reference: URL:http://www.securityfocus.com/bid/3047 Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-0975 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0977 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0977 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#935800 Reference: URL:http://www.kb.cert.org/vuls/id/935800 Reference: DEBIAN:DSA-068 Reference: URL:http://www.debian.org/security/2001/dsa-068 Reference: REDHAT:RHSA-2001:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-098.html Reference: CONECTIVA:CLA-2001:417 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417 Reference: MANDRAKE:MDKSA-2001:069 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3 Reference: BID:3049 Reference: URL:http://www.securityfocus.com/bid/3049 Reference: XF:openldap-ldap-protos-dos(6904) Reference: URL:http://xforce.iss.net/static/6904.php slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. Analysis ---------------- ED_PRI CAN-2001-0977 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0980 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0980 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-026.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt Reference: XF:docview-httpd-command-execution(6854) Reference: URL:http://xforce.iss.net/static/6854.php Reference: BID:3052 Reference: URL:http://www.securityfocus.com/bid/3052 docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. Analysis ---------------- ED_PRI CAN-2001-0980 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0993 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: NETBSD:NetBSD-SA2001-011 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html Reference: XF:bsd-kernel-sendmsg-dos(6908) Reference: URL:http://xforce.iss.net/static/6908.php Reference: BID:3088 Reference: URL:http://www.securityfocus.com/bid/3088 sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. Analysis ---------------- ED_PRI CAN-2001-0993 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1022 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0 Reference: URL:http://www.securityfocus.com/archive/1/199706 Reference: DEBIAN:DSA-072 Reference: URL:http://www.debian.org/security/2001/dsa-072 Reference: CONECTIVA:CLA-2001:428 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 Reference: XF:linux-groff-format-string(6918) Reference: URL:http://xforce.iss.net/static/6918.php Reference: BID:3103 Reference: URL:http://www.securityfocus.com/bid/3103 Format string vulnerability in pic utility in groff 1.16.1 and other versions allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. Analysis ---------------- ED_PRI CAN-2001-1022 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1030 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning Reference: URL:http://www.securityfocus.com/archive/1/197727 Reference: BUGTRAQ:20010719 TSLSA-2001-0013 - Squid Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html Reference: IMMUNIX:IMNX-2001-70-031-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 Reference: CALDERA:CSSA-2001-029.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt Reference: MANDRAKE:MDKSA-2001:066 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 Reference: REDHAT:RHSA-2001:097 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-097.html Reference: XF:squid-http-accelerator-portscanning(6862) Reference: URL:http://xforce.iss.net/static/6862.php Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. Analysis ---------------- ED_PRI CAN-2001-1030 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1037 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html Reference: XF:cisco-sn-gain-access(6827) Reference: URL:http://xforce.iss.net/static/6827.php Reference: BID:3131 Reference: URL:http://www.securityfocus.com/bid/3131 Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. Analysis ---------------- ED_PRI CAN-2001-1037 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1038 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html Reference: CIAC:L-112 Reference: URL:http://www.ciac.org/ciac/bulletins/l-112.shtml Reference: XF:cisco-sn-dos(6826) Reference: URL:http://xforce.iss.net/static/6826.php Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. Analysis ---------------- ED_PRI CAN-2001-1038 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1046 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Reference: URL:http://www.securityfocus.com/archive/1/188267 Reference: VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=98777649031406&w=2 Reference: CALDERA:CSSA-2001-SCO.8 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html Reference: BID:2811 Reference: URL:http://www.securityfocus.com/bid/2811 Reference: XF:qpopper-username-bo(6647) Reference: URL:http://xforce.iss.net/static/6647.php Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers gain privileges via a long username. Analysis ---------------- ED_PRI CAN-2001-1046 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The Caldera advisory does not provide enough details to be certain that it fixes the reported problem, but it is released a month after the initial announcement, and it provides credits to the same people who are credited in the initial announcement, so there is enough evidence to determine that the Caldera advisory is addressing this problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1074 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html Reference: CALDERA:CSSA-2001-019.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt Reference: MANDRAKE:MDKSA-2001:059 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 Reference: XF:webmin-gain-information(6627) Reference: URL:http://xforce.iss.net/static/6627.php Reference: BID:2795 Reference: URL:http://www.securityfocus.com/bid/2795 Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1074 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1080 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: IBM:MSS-OAR-E01-2001:225.1 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt Reference: XF:aix-diagrpt-root-shell(6734) Reference: URL:http://xforce.iss.net/static/6734.php diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. Analysis ---------------- ED_PRI CAN-2001-1080 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0982 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0982 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html Reference: AIXAPAR:IY18152 Reference: CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README Reference: XF:tivoli-secureway-dot-directory-traversal(6884) Reference: URL:http://xforce.iss.net/static/6884.php Reference: BID:3080 Reference: URL:http://www.securityfocus.com/bid/3080 Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. Analysis ---------------- ED_PRI CAN-2001-0982 2 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: 3.7.1-POL-0003.README, dated June 29, 2001, says "Specific URI-encoding can bypass security" and "%-encoded characters are not being decoded properly in WebSEAL," which is sufficient evidence that the document identifies the problem described in this CVE item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0987 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html Reference: CONFIRM:http://cgiwrap.sourceforge.net/changes.html Reference: BID:3084 Reference: URL:http://www.securityfocus.com/bid/3084 Reference: XF:cgiwrap-cross-site-scripting(6886) Reference: URL:http://xforce.iss.net/static/6886.php Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. Analysis ---------------- ED_PRI CAN-2001-0987 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the CGIWrap change log, version 3.7 includes the following: "Encode user supplied output in error messages to fix cross-site scripting vulnerability reported by Hiromitsu Takagi." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1010 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010721 Sambar Web Server pagecount exploit code Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: XF:sambar-pagecount-overwrite-files(6916) Reference: URL:http://xforce.iss.net/static/6916.php Reference: BID:3092 Reference: URL:http://www.securityfocus.com/bid/3092 Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. Analysis ---------------- ED_PRI CAN-2001-1010 2 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: http://www.sambar.com/security.htm, which had been updated on 7/27/2001 according to the Sambar home page, says "All versions of the Sambar WWW Server with the exception of 5.0 beta 5 and later releases have a security vulnerability associated with the pagecount sample code." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1011 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html Reference: CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz Reference: BID:3093 Reference: URL:http://www.securityfocus.com/bid/3093 Reference: XF:mambo-phpsessid-gain-privileges(6910) Reference: URL:http://xforce.iss.net/static/6910.php index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. Analysis ---------------- ED_PRI CAN-2001-1011 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: security_release.dat in the tar file for version 3.0.6 states "Users can get into the back-end of Mambo administration and change content by entering the following url: http://yoursite/administrator/index2.php?PHPSESSID=1" The web site itself vaguely alludes to security problems, but the changelog is the only conclusive evidence of vendor acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1053 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html Reference: CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17 Reference: XF:adcycle-insert-sql-command(6837) Reference: URL:http://xforce.iss.net/static/6837.php Reference: BID:3032 Reference: URL:http://www.securityfocus.com/bid/3032 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. Analysis ---------------- ED_PRI CAN-2001-1053 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the README.txt file bundled with the software, the "[v1.16] July 5, 2001" entry states "fixed security hole (with help from qDefense.com)." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1056 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html Reference: BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html Reference: BID:3117 Reference: URL:http://www.securityfocus.com/bid/3117 IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. Analysis ---------------- ED_PRI CAN-2001-1056 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1075 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html Reference: BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html Reference: XF:cobalt-poprelayd-mail-relay(6806) Reference: URL:http://xforce.iss.net/static/6806.php Reference: BID:2986 Reference: URL:http://www.securityfocus.com/bid/2986 poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. Analysis ---------------- ED_PRI CAN-2001-1075 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1079 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: AIXAPAR:IY19069 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0000.html create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX 3.2.0 creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. Analysis ---------------- ED_PRI CAN-2001-1079 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Reference: BID:2994 Reference: URL:http://www.securityfocus.com/bid/2994 Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. Analysis ---------------- ED_PRI CAN-2001-1081 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011012 Category: SF Reference: BID:2775 Reference: URL:http://www.securityfocus.com/bid/2775 Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. Analysis ---------------- ED_PRI CAN-2001-0749 3 Vendor Acknowledgement: This is an embedded system- hardware and software on a chip. The audit was done as if it were a standard server. On the vendor website it stats- "Should your IPC@CHIP application have direct access to the Internet, you can turn off unnecessary services, e.g. HTTP-, FTP-, and Telnet server, completely and thus further increase the security." All 24 of these submissions come from one vulnerability report- http://www.securityfocus.com/archive/1/186418 There are 11 issues covered and most of these are configuration related. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0988 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010723 permission probs with Arkeia Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0521.html Reference: BID:3085 Reference: URL:http://www.securityfocus.com/bid/3085 Reference: XF:arkeia-insecure-file-permissions(6885) Reference: URL:http://xforce.iss.net/static/6885.php Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. Analysis ---------------- ED_PRI CAN-2001-0988 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0989 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010723 pileup 1.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0512.html Reference: CONFIRM:http://www.babbage.demon.co.uk/linux/pileup-1.2/pileup-1.2.tar.gz Reference: BID:3086 Reference: URL:http://www.securityfocus.com/bid/3086 Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. Analysis ---------------- ED_PRI CAN-2001-0989 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: The pileup home page says "Version 1.2 released to correct security vulnerabilities." But the README file in pileup 1.2 states more precisely: "Fixed scanf() security buffer overflows." ABSTRACTION: CD:SF-LOC states that problems of the same type, and in the same version, should be merged together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0991 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010724 Proxomitron Cross-site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/198954 Reference: XF:proxomitron-cross-site-scripting(6887) Reference: URL:http://xforce.iss.net/static/6887.php Reference: BID:3087 Reference: URL:http://www.securityfocus.com/bid/3087 Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. Analysis ---------------- ED_PRI CAN-2001-0991 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1021 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010726 def-2001-28 - WS_FTP server 2.0.2 Buffer Overflow and possible DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0610.html Reference: MISC:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html Reference: XF:wsftp-long-command-bo(6911) Reference: URL:http://xforce.iss.net/static/6911.php Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. Analysis ---------------- ED_PRI CAN-2001-1021 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACKNOWLEDGEMENT: The patch upgrade comments for WS_FTP Server 2.04 say "Fix of buffer overrun in STAT command," but it is not clear if the other overflows were also addressed. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1024 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010727 Entrust - getAccess Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html Reference: XF:entrust-getaccess-execute-commands(6915) Reference: URL:http://xforce.iss.net/static/6915.php login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. Analysis ---------------- ED_PRI CAN-2001-1024 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1026 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010709 Various problems in Ternd Micro AppletTrap URL filtering Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html Reference: XF:applettrap-bypass-ip-restrictions(6818) Reference: URL:http://xforce.iss.net/static/6818.php Reference: XF:content-slash-bypass-filter(6816) Reference: URL:http://xforce.iss.net/static/6816.php Reference: XF:applettrap-unicode-bypass-filter(6817) Reference: URL:http://xforce.iss.net/static/6817.php Reference: XF:applettrap-zero-bypass-restrictions(6819) Reference: URL:http://xforce.iss.net/static/6819.php Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using leading a leading 0 in an octet of an IP address. Analysis ---------------- ED_PRI CAN-2001-1026 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC ABSTRACTION: each of these attack vectors is of the same general type "inability to recognize alternate encodings," a.k.a. a canonicalization problem as discussed on the webappsec/OWASP mailing list in December 2001. CD:SF-LOC would argue for combining them. However, it might be argued that "poor canonicalization" is too high level, and this candidate should be SPLIT into separate items. ACKNOWLEDGEMENT: the researchers claim that Trend Micro said they would address the problem in version 2.5, but the release information does not mention any vulnrabilities, and a search on the web site's knowledge base for "security" and "vulnerability" were not successful, and Trend's "security" page is devoted exclusively to viruses. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1042 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010701 Broker 5.9.5.0 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194443 Reference: BID:2960 Reference: URL:http://www.securityfocus.com/bid/2960 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://xforce.iss.net/static/6760.php Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. Analysis ---------------- ED_PRI CAN-2001-1042 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1043 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194445 Reference: BID:2961 Reference: URL:http://www.securityfocus.com/bid/2961 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://xforce.iss.net/static/6760.php ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. Analysis ---------------- ED_PRI CAN-2001-1043 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1044 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010112 Basilix Webmail System *.class *.inc Permission Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/155897 Reference: XF:basilix-webmail-retrieve-files(5934) Reference: URL:http://xforce.iss.net/static/5934.php Reference: BID:2198 Reference: URL:http://www.securityfocus.com/bid/2198 Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. Analysis ---------------- ED_PRI CAN-2001-1044 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1045 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010706 basilix bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html Reference: BID:2995 Reference: URL:http://www.securityfocus.com/bid/2995 Reference: XF:basilix-webmail-view-files(6873) Reference: URL:http://xforce.iss.net/static/6873.php Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. Analysis ---------------- ED_PRI CAN-2001-1045 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1047 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010602 Locally exploitable races in OpenBSD VFS Reference: URL:http://www.securityfocus.com/archive/1/188474 Reference: BID:2817 Reference: URL:http://www.securityfocus.com/bid/2817 Reference: BID:2818 Reference: URL:http://www.securityfocus.com/bid/2818 Reference: XF:openbsd-pipe-race-dos(6661) Reference: URL:http://xforce.iss.net/static/6661.php Reference: XF:openbsd-dup2-race-dos(6660) Reference: URL:http://xforce.iss.net/static/6660.php Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. Analysis ---------------- ED_PRI CAN-2001-1047 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that problems of the same type (in this case, race condition) that appear in the same version should be combined into a single item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet Reference: URL:http://www.securityfocus.com/archive/1/200323 Reference: BID:3113 Reference: URL:http://www.securityfocus.com/bid/3113 Vulnerability in the Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses. Analysis ---------------- ED_PRI CAN-2001-1055 3 Vendor Acknowledgement: There is insufficient information to be able to narrow down which operating systems are affected; the disclosers did not mention these specifics. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1057 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 a couple minor issues with mathematica license manager Reference: URL:http://www.securityfocus.com/archive/1/200462 Reference: BID:3120 Reference: URL:http://www.securityfocus.com/bid/3120 Reference: XF:mathematica-license-dos(6926) Reference: URL:http://xforce.iss.net/static/6926.php The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. Analysis ---------------- ED_PRI CAN-2001-1057 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1058 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 a couple minor issues with mathematica license manager Reference: URL:http://www.securityfocus.com/archive/1/200462 Reference: BID:3118 Reference: URL:http://www.securityfocus.com/bid/3118 Reference: XF:mathematica-license-retrieval(6927) Reference: URL:http://xforce.iss.net/static/6927.php The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. Analysis ---------------- ED_PRI CAN-2001-1058 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010730 vmware bug? Reference: URL:http://www.securityfocus.com/archive/1/200455 Reference: BID:3119 Reference: URL:http://www.securityfocus.com/bid/3119 Reference: XF:vmware-obtain-license-info(6925) Reference: URL:http://xforce.iss.net/static/6925.php VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. Analysis ---------------- ED_PRI CAN-2001-1059 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1060 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010731 New command execution vulnerability in myPhpAdmin Reference: URL:http://www.securityfocus.com/archive/1/200596 Reference: MISC:http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/ Reference: BID:3121 Reference: URL:http://www.securityfocus.com/bid/3121 phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbirtrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. Analysis ---------------- ED_PRI CAN-2001-1060 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-EXEC ACKNOWLEDGEMENT: The Change Log has various references to a "security issue," but does not provide enough details to know if it's fixed *this* security issue. ABSTRACTION: CD:SF-EXEC suggests combining issues of the same types that appear in multiple executables of the same version of the same package. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1076 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010705 Solaris whodo Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0076.html Reference: BID:2935 Reference: URL:http://www.securityfocus.com/bid/2935 Reference: XF:solaris-whodo-bo(6802) Reference: URL:http://xforce.iss.net/static/6802.php Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. Analysis ---------------- ED_PRI CAN-2001-1076 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1077 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010615 Rxvt vulnerability Reference: URL:http://www.securityfocus.com/archive/1/191510 Reference: DEBIAN:DSA-062 Reference: URL:http://www.debian.org/security/2001/dsa-062 Reference: IMMUNIX:IMNX-2001-70-028-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01 Reference: XF:rxvt-ttprintf-bo(6701) Reference: URL:http://xforce.iss.net/static/6701.php Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. Analysis ---------------- ED_PRI CAN-2001-1077 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1078 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010622 eXtremail Remote Format String ('s) Reference: URL:http://www.securityfocus.com/archive/1/192791 Reference: CONFIRM:http://www.extremail.com/history.htm Reference: CONFIRM:http://www.extremail.com/news.htm Reference: XF:extremail-flog-format-string(6733) Reference: URL:http://xforce.iss.net/static/6733.php Reference: BID:2908 Reference: URL:http://www.securityfocus.com/bid/2908 Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. Analysis ---------------- ED_PRI CAN-2001-1078 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACKNOWLEDGEMENT: In the product history page, the vendor states for version 1.1.10: "There were a bug on the logging function that arised a SIG when a '%' was encountered on some strings." This sounds close to a description of the problem, but it is not absolutely clear as the version is dated in April and the problem was announced to Bugtraq in June. However, in the "news" section on June 2001, the vendor states "A security bug is encountered on previous versions of eXtremail (prior 1.1.10)... [which has] been released for more than two months." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1082 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2001-1082 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACKNOWLEDGEMENT/INCLUSION: the vendor alludes to the directory traversal vulnerability but does not describe exploit scenarios: "All fopen() calls are preceded by a check to ensure that the filename only contains legal character sequences. In particular, filenames containing '..' will not be opened." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010626 Advisory Reference: URL:http://www.securityfocus.com/archive/1/193516 Reference: MISC:http://www.icecast.org/index.html Reference: BID:2933 Reference: URL:http://www.securityfocus.com/bid/2933 Reference: XF:icecast-http-remote-dos(6751) Reference: URL:http://xforce.iss.net/static/6751.php Icecast 1.3.8beta2 and earlier with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). Analysis ---------------- ED_PRI CAN-2001-1083 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: On August 7, 2001 (more than a month after the initial disclosure), the news page states "contains a couple security updates." There is insufficient information to be confident whether the vendor is fixing the DoS or directory traversal problems identified on Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
