|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-76 - 40 candidates
I am proposing cluster RECENT-76 for review and voting by the Editorial Board. Name: RECENT-76 Description: Candidates announced between 8/1/2001 and 8/31/2001 Size: 40 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0969 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: FREEBSD:FreeBSD-SA-01:53 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc Reference: XF:ipfw-me-unauthorized-access(7002) Reference: URL:http://xforce.iss.net/static/7002.php Reference: BID:3206 Reference: URL:http://www.securityfocus.com/bid/3206 ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. Analysis ---------------- ED_PRI CAN-2001-0969 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0976 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0976 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HP:HPSBUX0108-165 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. Analysis ---------------- ED_PRI CAN-2001-0976 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0981 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HP:HPSBUX0108-164 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. Analysis ---------------- ED_PRI CAN-2001-0981 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1002 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99892644616749&w=2 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: BID:3241 Reference: URL:http://www.securityfocus.com/bid/3241 The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. Analysis ---------------- ED_PRI CAN-2001-1002 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1027 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog Reference: DEBIAN:DSA-074 Reference: URL:http://www.debian.org/security/2001/dsa-074 Reference: CONECTIVA:CLA-2001:411 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411 Reference: SUSE:SuSE-SA:2001:032 Reference: URL:http://www.suse.de/de/support/security/2001_032_wmaker_txt.txt Reference: MANDRAKE:MDKSA-2001:074 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3 Reference: BID:3177 Reference: URL:http://www.securityfocus.com/bid/3177 Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. Analysis ---------------- ED_PRI CAN-2001-1027 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1062 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.12 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2001-1062 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1063 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.14 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt Reference: BID:3244 Reference: URL:http://www.securityfocus.com/bid/3244 Reference: XF:unixware-openunix-uidadmin-bo(7036) Reference: URL:http://xforce.iss.net/static/7036.php Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. Analysis ---------------- ED_PRI CAN-2001-1063 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0965 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0965 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html Reference: CONFIRM:http://www.glftpd.org/ Reference: BID:3201 Reference: URL:http://www.securityfocus.com/bid/3201 glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. Analysis ---------------- ED_PRI CAN-2001-0965 2 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: in a statement dated August 17, 2001, the glFTPD web site says "Upgrade to 1.24 glftpd if using 1.23. The glFTPD v1.23 contains a very(x2) simple D.O.S. which affects the "LIST" Command." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0973 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0973 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010822 BSCW symlink vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. Analysis ---------------- ED_PRI CAN-2001-0973 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0995 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt Reference: URL:http://www.securityfocus.com/archive/1/210349 Reference: MISC:http://www.phprojekt.com/ChangeLog Reference: BID:3239 Reference: URL:http://www.securityfocus.com/bid/3239 Reference: XF:phprojekt-id-modify(7035) Reference: URL:http://xforce.iss.net/static/7035.php PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. Analysis ---------------- ED_PRI CAN-2001-0995 2 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The original Bugtraq announcement was posted by one of the developers. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1041 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99677282117387&w=2 Reference: BUGTRAQ:20011024 Oracle File Overwrite Security Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395579811880&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf Reference: BID:3135 Reference: URL:http://www.securityfocus.com/bid/3135 oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. Analysis ---------------- ED_PRI CAN-2001-1041 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1072 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect? Reference: URL:http://www.securityfocus.com/archive/1/203955 Reference: BID:3176 Reference: URL:http://www.securityfocus.com/bid/3176 Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail Analysis ---------------- ED_PRI CAN-2001-1072 2 Vendor Acknowledgement: yes via-email ABSTRACTION: This problem is similar to CAN-2000-0913, but different. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0943 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0943 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 Oracle 8.1.5 dbnsmp vulnerability Reference: URL:http://www.securityfocus.com/archive/1/201020 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf Reference: BID:3129 Reference: URL:http://www.securityfocus.com/bid/3129 dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. Analysis ---------------- ED_PRI CAN-2001-0943 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting between problems of different types, so the 3 issues described in the Oracle advisory are being split. It could be argued that the CHOWN/CHGRP and ORACLE_HOME problems are of the same type (trusting a user-supplied search path), but they occur in different versions, so CD:SF-LOC is clear on splitting between them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0966 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010818 [Real Security] Advisory for Nudester 1.10 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0232.html Reference: BID:3202 Reference: URL:http://www.securityfocus.com/bid/3202 Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. Analysis ---------------- ED_PRI CAN-2001-0966 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0967 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0967 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html Reference: BID:3204 Reference: URL:http://www.securityfocus.com/bid/3204 Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing. Analysis ---------------- ED_PRI CAN-2001-0967 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0968 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html Reference: BID:3203 Reference: URL:http://www.securityfocus.com/bid/3203 Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-0968 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0970 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010820 tdforum 1.2 Messageboard Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99832137410609&w=2 Reference: BID:3207 Reference: URL:http://www.securityfocus.com/bid/3207 Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. Analysis ---------------- ED_PRI CAN-2001-0970 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0971 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0971 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010820 ACI 4D WebServer Directory traversal. Reference: URL:http://www.securityfocus.com/archive/1/206102 Reference: BID:3209 Reference: URL:http://www.securityfocus.com/bid/3209 Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. Analysis ---------------- ED_PRI CAN-2001-0971 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0972 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0972 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010820 security problem in surf-net ASP Discussion Forum < 2.30 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99834088223352&w=2 Reference: BID:3210 Reference: URL:http://www.securityfocus.com/bid/3210 Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." Analysis ---------------- ED_PRI CAN-2001-0972 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0983 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0983 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010823 Re: Respondus v1.1.2 stores passwords using weak encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99861651923668&w=2 Reference: MISC:http://www.eve-software.com/security/ueditpw.html UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. Analysis ---------------- ED_PRI CAN-2001-0983 3 Vendor Acknowledgement: Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1003 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010823 Respondus v1.1.2 stores passwords using weak encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99859557930285&w=2 Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. Analysis ---------------- ED_PRI CAN-2001-1003 3 Vendor Acknowledgement: Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1004 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010830 gnut gnutella client html injection Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0415.html Reference: MISC:http://www.gnutelliums.com/linux_unix/gnut/ChangeLog.txt Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. Analysis ---------------- ED_PRI CAN-2001-1004 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: the discloser claims that the vendor fixed the problem, but the ChangeLog does not appear to contain any info. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1005 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/210067 Reference: BID:3231 Reference: URL:http://www.securityfocus.com/bid/3231 Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. Analysis ---------------- ED_PRI CAN-2001-1005 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1006 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/210067 Reference: BID:3232 Reference: URL:http://www.securityfocus.com/bid/3232 Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. Analysis ---------------- ED_PRI CAN-2001-1006 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1007 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/210067 Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. Analysis ---------------- ED_PRI CAN-2001-1007 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html Reference: BID:3245 Reference: URL:http://www.securityfocus.com/bid/3245 Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. Analysis ---------------- ED_PRI CAN-2001-1008 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1009 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010809 Fetchmail security advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html Reference: ENGARDE:ESA-20010816-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1555.html Reference: REDHAT:RHSA-2001:103 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html Reference: MANDRAKE:MDKSA-2001:072 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3 Reference: DEBIAN:DSA-071 Reference: URL:http://www.debian.org/security/2001/dsa-071 Reference: CONECTIVA:CLA-2001:419 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419 Reference: BID:3164 Reference: URL:http://www.securityfocus.com/bid/3164 Reference: BID:3166 Reference: URL:http://www.securityfocus.com/bid/3166 Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. Analysis ---------------- ED_PRI CAN-2001-1009 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1025 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: VULNWATCH:20010803 [VulnWatch] 3 phpnuke bugs (2 possibly lead to admin privs) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html Reference: BID:3149 Reference: URL:http://www.securityfocus.com/bid/3149 PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. Analysis ---------------- ED_PRI CAN-2001-1025 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Reference: URL:http://www.securityfocus.com/archive/1/200991 Reference: XF:locate-command-execution(6932) Reference: URL:http://xforce.iss.net/static/6932.php Reference: BID:3127 Reference: URL:http://www.securityfocus.com/bid/3127 GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. Analysis ---------------- ED_PRI CAN-2001-1036 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1039 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010801 HP Jetdirect passwords don't sync Reference: URL:http://www.securityfocus.com/archive/1/201160 Reference: BID:3132 Reference: URL:http://www.securityfocus.com/bid/3132 The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. Analysis ---------------- ED_PRI CAN-2001-1039 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1040 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010802 Re: HP Jetdirect passwords don't sync Reference: URL:http://www.securityfocus.com/archive/1/201224 Reference: BID:3132 Reference: URL:http://www.securityfocus.com/bid/3132 HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. Analysis ---------------- ED_PRI CAN-2001-1040 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1061 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: AIXAPAR:IY22255 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0003.html Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. Analysis ---------------- ED_PRI CAN-2001-1061 3 Vendor Acknowledgement: yes Content Decisions: VAGUE CD:VAGUE states that if a vendor releases a vague report of a security problem, that even though there is insufficient detail, the problem should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1064 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml Reference: BID:3236 Reference: URL:http://www.securityfocus.com/bid/3236 Reference: XF:cisco-cbos-telnet-dos(7025) Reference: URL:http://xforce.iss.net/static/7025.php Reference: XF:cisco-cbos-http-dos(7026) Reference: URL:http://xforce.iss.net/static/7026.php Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. Analysis ---------------- ED_PRI CAN-2001-1064 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1065 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml Reference: XF:cisco-cbos-web-config(7027) Reference: URL:http://xforce.iss.net/static/7027.php Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. Analysis ---------------- ED_PRI CAN-2001-1065 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2 ns6install installation script for Netscape 6.01 on Solaris allows local users to overwrite files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-1066 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1067 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html Reference: BUGTRAQ:20010906 AOLserver exploit code Reference: URL:http://www.securityfocus.com/archive/1/213041 Reference: BID:3230 Reference: URL:http://www.securityfocus.com/bid/3230 Reference: XF:aolserver-long-password-dos(7030) Reference: URL:http://xforce.iss.net/static/7030.php Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. Analysis ---------------- ED_PRI CAN-2001-1067 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1068 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010825 qpopper and pam.d Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html Reference: XF:qpopper-pam-auth-error(7047) Reference: URL:http://xforce.iss.net/static/7047.php Reference: BID:3242 Reference: URL:http://www.securityfocus.com/bid/3242 qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. Analysis ---------------- ED_PRI CAN-2001-1068 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2 Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html Reference: BID:3225 Reference: URL:http://www.securityfocus.com/bid/3225 Reference: XF:adobe-acrobat-insecure-permissions(7024) Reference: URL:http://xforce.iss.net/static/7024.php libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. Analysis ---------------- ED_PRI CAN-2001-1069 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1070 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010821 Bug in MAS90 Accounting Platform remote access? Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0312.html Reference: XF:mas-telnet-connect-dos(7020) Reference: URL:http://xforce.iss.net/static/7020.php Reference: BID:3221 Reference: URL:http://www.securityfocus.com/bid/3221 Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. Analysis ---------------- ED_PRI CAN-2001-1070 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1073 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010815 webridge application suite gives up too much error information on Internal Server Error Reference: URL:http://www.securityfocus.com/archive/1/204725 Reference: XF:webridge-px-reveal-information(6993) Reference: URL:http://xforce.iss.net/static/6993.php Reference: BID:3182 Reference: URL:http://www.securityfocus.com/bid/3182 Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. Analysis ---------------- ED_PRI CAN-2001-1073 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
