|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 428 candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0380 CVE-1999-0380 CAN-1999-0801 CVE-1999-0801 CAN-1999-0815 CVE-1999-0815 CAN-1999-0921 CVE-1999-0921 CAN-1999-0930 CVE-1999-0930 CAN-1999-0968 CVE-1999-0968 CAN-1999-1014 CVE-1999-1014 CAN-1999-1019 CVE-1999-1019 CAN-1999-1021 CVE-1999-1021 CAN-1999-1027 CVE-1999-1027 CAN-1999-1028 CVE-1999-1028 CAN-1999-1032 CVE-1999-1032 CAN-1999-1034 CVE-1999-1034 CAN-1999-1035 CVE-1999-1035 CAN-1999-1037 CVE-1999-1037 CAN-1999-1044 CVE-1999-1044 CAN-1999-1045 CVE-1999-1045 CAN-1999-1047 CVE-1999-1047 CAN-1999-1048 CVE-1999-1048 CAN-1999-1055 CVE-1999-1055 CAN-1999-1057 CVE-1999-1057 CAN-1999-1059 CVE-1999-1059 CAN-1999-1074 CVE-1999-1074 CAN-1999-1085 CVE-1999-1085 CAN-1999-1087 CVE-1999-1087 CAN-1999-1090 CVE-1999-1090 CAN-1999-1093 CVE-1999-1093 CAN-1999-1094 CVE-1999-1094 CAN-1999-1098 CVE-1999-1098 CAN-1999-1099 CVE-1999-1099 CAN-1999-1100 CVE-1999-1100 CAN-1999-1102 CVE-1999-1102 CAN-1999-1103 CVE-1999-1103 CAN-1999-1104 CVE-1999-1104 CAN-1999-1105 CVE-1999-1105 CAN-1999-1109 CVE-1999-1109 CAN-1999-1111 CVE-1999-1111 CAN-1999-1114 CVE-1999-1114 CAN-1999-1115 CVE-1999-1115 CAN-1999-1116 CVE-1999-1116 CAN-1999-1117 CVE-1999-1117 CAN-1999-1118 CVE-1999-1118 CAN-1999-1119 CVE-1999-1119 CAN-1999-1120 CVE-1999-1120 CAN-1999-1121 CVE-1999-1121 CAN-1999-1122 CVE-1999-1122 CAN-1999-1127 CVE-1999-1127 CAN-1999-1131 CVE-1999-1131 CAN-1999-1132 CVE-1999-1132 CAN-1999-1136 CVE-1999-1136 CAN-1999-1137 CVE-1999-1137 CAN-1999-1138 CVE-1999-1138 CAN-1999-1139 CVE-1999-1139 CAN-1999-1140 CVE-1999-1140 CAN-1999-1142 CVE-1999-1142 CAN-1999-1143 CVE-1999-1143 CAN-1999-1144 CVE-1999-1144 CAN-1999-1145 CVE-1999-1145 CAN-1999-1146 CVE-1999-1146 CAN-1999-1147 CVE-1999-1147 CAN-1999-1148 CVE-1999-1148 CAN-1999-1156 CVE-1999-1156 CAN-1999-1157 CVE-1999-1157 CAN-1999-1159 CVE-1999-1159 CAN-1999-1160 CVE-1999-1160 CAN-1999-1161 CVE-1999-1161 CAN-1999-1162 CVE-1999-1162 CAN-1999-1163 CVE-1999-1163 CAN-1999-1167 CVE-1999-1167 CAN-1999-1175 CVE-1999-1175 CAN-1999-1177 CVE-1999-1177 CAN-1999-1181 CVE-1999-1181 CAN-1999-1188 CVE-1999-1188 CAN-1999-1191 CVE-1999-1191 CAN-1999-1192 CVE-1999-1192 CAN-1999-1193 CVE-1999-1193 CAN-1999-1194 CVE-1999-1194 CAN-1999-1197 CVE-1999-1197 CAN-1999-1198 CVE-1999-1198 CAN-1999-1203 CVE-1999-1203 CAN-1999-1204 CVE-1999-1204 CAN-1999-1205 CVE-1999-1205 CAN-1999-1208 CVE-1999-1208 CAN-1999-1209 CVE-1999-1209 CAN-1999-1214 CVE-1999-1214 CAN-1999-1215 CVE-1999-1215 CAN-1999-1222 CVE-1999-1222 CAN-1999-1223 CVE-1999-1223 CAN-1999-1226 CVE-1999-1226 CAN-1999-1233 CVE-1999-1233 CAN-1999-1243 CVE-1999-1243 CAN-1999-1246 CVE-1999-1246 CAN-1999-1249 CVE-1999-1249 CAN-1999-1258 CVE-1999-1258 CAN-1999-1259 CVE-1999-1259 CAN-1999-1262 CVE-1999-1262 CAN-1999-1263 CVE-1999-1263 CAN-1999-1276 CVE-1999-1276 CAN-1999-1279 CVE-1999-1279 CAN-1999-1284 CVE-1999-1284 CAN-1999-1288 CVE-1999-1288 CAN-1999-1290 CVE-1999-1290 CAN-1999-1294 CVE-1999-1294 CAN-1999-1297 CVE-1999-1297 CAN-1999-1298 CVE-1999-1298 CAN-1999-1301 CVE-1999-1301 CAN-1999-1309 CVE-1999-1309 CAN-1999-1316 CVE-1999-1316 CAN-1999-1317 CVE-1999-1317 CAN-1999-1318 CVE-1999-1318 CAN-1999-1320 CVE-1999-1320 CAN-1999-1321 CVE-1999-1321 CAN-1999-1324 CVE-1999-1324 CAN-1999-1325 CVE-1999-1325 CAN-1999-1326 CVE-1999-1326 CAN-1999-1327 CVE-1999-1327 CAN-1999-1328 CVE-1999-1328 CAN-1999-1329 CVE-1999-1329 CAN-1999-1330 CVE-1999-1330 CAN-1999-1331 CVE-1999-1331 CAN-1999-1332 CVE-1999-1332 CAN-1999-1333 CVE-1999-1333 CAN-1999-1335 CVE-1999-1335 CAN-1999-1336 CVE-1999-1336 CAN-1999-1339 CVE-1999-1339 CAN-1999-1341 CVE-1999-1341 CAN-1999-1351 CVE-1999-1351 CAN-1999-1356 CVE-1999-1356 CAN-1999-1358 CVE-1999-1358 CAN-1999-1359 CVE-1999-1359 CAN-1999-1360 CVE-1999-1360 CAN-1999-1363 CVE-1999-1363 CAN-1999-1379 CVE-1999-1379 CAN-1999-1380 CVE-1999-1380 CAN-1999-1382 CVE-1999-1382 CAN-1999-1384 CVE-1999-1384 CAN-1999-1385 CVE-1999-1385 CAN-1999-1386 CVE-1999-1386 CAN-1999-1402 CVE-1999-1402 CAN-1999-1407 CVE-1999-1407 CAN-1999-1409 CVE-1999-1409 CAN-1999-1411 CVE-1999-1411 CAN-1999-1414 CVE-1999-1414 CAN-1999-1419 CVE-1999-1419 CAN-1999-1423 CVE-1999-1423 CAN-1999-1432 CVE-1999-1432 CAN-1999-1433 CVE-1999-1433 CAN-1999-1437 CVE-1999-1437 CAN-1999-1452 CVE-1999-1452 CAN-1999-1455 CVE-1999-1455 CAN-1999-1456 CVE-1999-1456 CAN-1999-1472 CVE-1999-1472 CAN-1999-1473 CVE-1999-1473 CAN-1999-1476 CVE-1999-1476 CAN-1999-1478 CVE-1999-1478 CAN-1999-1481 CVE-1999-1481 CAN-1999-1488 CVE-1999-1488 CAN-1999-1494 CVE-1999-1494 CAN-1999-1507 CVE-1999-1507 CAN-1999-1512 CVE-1999-1512 CAN-1999-1530 CVE-1999-1530 CAN-1999-1531 CVE-1999-1531 CAN-1999-1535 CVE-1999-1535 CAN-1999-1542 CVE-1999-1542 CAN-1999-1550 CVE-1999-1550 CAN-1999-1565 CVE-1999-1565 CAN-2000-0006 CVE-2000-0006 CAN-2000-0007 CVE-2000-0007 CAN-2000-0027 CVE-2000-0027 CAN-2000-0180 CVE-2000-0180 CAN-2000-0290 CVE-2000-0290 CAN-2000-0298 CVE-2000-0298 CAN-2000-0324 CVE-2000-0324 CAN-2000-0457 CVE-2000-0457 CAN-2000-0551 CVE-2000-0551 CAN-2000-0570 CVE-2000-0570 CAN-2000-0575 CVE-2000-0575 CAN-2000-0581 CVE-2000-0581 CAN-2000-0593 CVE-2000-0593 CAN-2000-0600 CVE-2000-0600 CAN-2000-0615 CVE-2000-0615 CAN-2000-0619 CVE-2000-0619 CAN-2000-0662 CVE-2000-0662 CAN-2000-0699 CVE-2000-0699 CAN-2000-0739 CVE-2000-0739 CAN-2000-0740 CVE-2000-0740 CAN-2000-0741 CVE-2000-0741 CAN-2000-0753 CVE-2000-0753 CAN-2000-0776 CVE-2000-0776 CAN-2000-0788 CVE-2000-0788 CAN-2000-0790 CVE-2000-0790 CAN-2000-0795 CVE-2000-0795 CAN-2000-0796 CVE-2000-0796 CAN-2000-0825 CVE-2000-0825 CAN-2000-0830 CVE-2000-0830 CAN-2000-0838 CVE-2000-0838 CAN-2000-0839 CVE-2000-0839 CAN-2000-0859 CVE-2000-0859 CAN-2000-0891 CVE-2000-0891 CAN-2000-0892 CVE-2000-0892 CAN-2000-1101 CVE-2000-1101 CAN-2000-1111 CVE-2000-1111 CAN-2000-1190 CVE-2000-1190 CAN-2000-1195 CVE-2000-1195 CAN-2000-1196 CVE-2000-1196 CAN-2000-1200 CVE-2000-1200 CAN-2001-0001 CVE-2001-0001 CAN-2001-0007 CVE-2001-0007 CAN-2001-0018 CVE-2001-0018 CAN-2001-0094 CVE-2001-0094 CAN-2001-0122 CVE-2001-0122 CAN-2001-0156 CVE-2001-0156 CAN-2001-0204 CVE-2001-0204 CAN-2001-0236 CVE-2001-0236 CAN-2001-0252 CVE-2001-0252 CAN-2001-0265 CVE-2001-0265 CAN-2001-0269 CVE-2001-0269 CAN-2001-0276 CVE-2001-0276 CAN-2001-0280 CVE-2001-0280 CAN-2001-0321 CVE-2001-0321 CAN-2001-0327 CVE-2001-0327 CAN-2001-0364 CVE-2001-0364 CAN-2001-0365 CVE-2001-0365 CAN-2001-0366 CVE-2001-0366 CAN-2001-0371 CVE-2001-0371 CAN-2001-0373 CVE-2001-0373 CAN-2001-0386 CVE-2001-0386 CAN-2001-0394 CVE-2001-0394 CAN-2001-0407 CVE-2001-0407 CAN-2001-0416 CVE-2001-0416 CAN-2001-0422 CVE-2001-0422 CAN-2001-0442 CVE-2001-0442 CAN-2001-0444 CVE-2001-0444 CAN-2001-0449 CVE-2001-0449 CAN-2001-0461 CVE-2001-0461 CAN-2001-0463 CVE-2001-0463 CAN-2001-0487 CVE-2001-0487 CAN-2001-0493 CVE-2001-0493 CAN-2001-0497 CVE-2001-0497 CAN-2001-0500 CVE-2001-0500 CAN-2001-0501 CVE-2001-0501 CAN-2001-0502 CVE-2001-0502 CAN-2001-0503 CVE-2001-0503 CAN-2001-0504 CVE-2001-0504 CAN-2001-0506 CVE-2001-0506 CAN-2001-0507 CVE-2001-0507 CAN-2001-0513 CVE-2001-0513 CAN-2001-0514 CVE-2001-0514 CAN-2001-0517 CVE-2001-0517 CAN-2001-0518 CVE-2001-0518 CAN-2001-0522 CVE-2001-0522 CAN-2001-0525 CVE-2001-0525 CAN-2001-0526 CVE-2001-0526 CAN-2001-0527 CVE-2001-0527 CAN-2001-0528 CVE-2001-0528 CAN-2001-0529 CVE-2001-0529 CAN-2001-0530 CVE-2001-0530 CAN-2001-0533 CVE-2001-0533 CAN-2001-0537 CVE-2001-0537 CAN-2001-0538 CVE-2001-0538 CAN-2001-0540 CVE-2001-0540 CAN-2001-0541 CVE-2001-0541 CAN-2001-0543 CVE-2001-0543 CAN-2001-0544 CVE-2001-0544 CAN-2001-0545 CVE-2001-0545 CAN-2001-0546 CVE-2001-0546 CAN-2001-0547 CVE-2001-0547 CAN-2001-0549 CVE-2001-0549 CAN-2001-0554 CVE-2001-0554 CAN-2001-0558 CVE-2001-0558 CAN-2001-0559 CVE-2001-0559 CAN-2001-0560 CVE-2001-0560 CAN-2001-0563 CVE-2001-0563 CAN-2001-0564 CVE-2001-0564 CAN-2001-0565 CVE-2001-0565 CAN-2001-0567 CVE-2001-0567 CAN-2001-0573 CVE-2001-0573 CAN-2001-0574 CVE-2001-0574 CAN-2001-0585 CVE-2001-0585 CAN-2001-0586 CVE-2001-0586 CAN-2001-0589 CVE-2001-0589 CAN-2001-0590 CVE-2001-0590 CAN-2001-0591 CVE-2001-0591 CAN-2001-0593 CVE-2001-0593 CAN-2001-0594 CVE-2001-0594 CAN-2001-0595 CVE-2001-0595 CAN-2001-0596 CVE-2001-0596 CAN-2001-0611 CVE-2001-0611 CAN-2001-0613 CVE-2001-0613 CAN-2001-0615 CVE-2001-0615 CAN-2001-0616 CVE-2001-0616 CAN-2001-0621 CVE-2001-0621 CAN-2001-0622 CVE-2001-0622 CAN-2001-0625 CVE-2001-0625 CAN-2001-0626 CVE-2001-0626 CAN-2001-0627 CVE-2001-0627 CAN-2001-0628 CVE-2001-0628 CAN-2001-0629 CVE-2001-0629 CAN-2001-0630 CVE-2001-0630 CAN-2001-0631 CVE-2001-0631 CAN-2001-0634 CVE-2001-0634 CAN-2001-0635 CVE-2001-0635 CAN-2001-0641 CVE-2001-0641 CAN-2001-0644 CVE-2001-0644 CAN-2001-0646 CVE-2001-0646 CAN-2001-0648 CVE-2001-0648 CAN-2001-0650 CVE-2001-0650 CAN-2001-0652 CVE-2001-0652 CAN-2001-0653 CVE-2001-0653 CAN-2001-0658 CVE-2001-0658 CAN-2001-0659 CVE-2001-0659 CAN-2001-0660 CVE-2001-0660 CAN-2001-0662 CVE-2001-0662 CAN-2001-0663 CVE-2001-0663 CAN-2001-0664 CVE-2001-0664 CAN-2001-0665 CVE-2001-0665 CAN-2001-0666 CVE-2001-0666 CAN-2001-0667 CVE-2001-0667 CAN-2001-0668 CVE-2001-0668 CAN-2001-0670 CVE-2001-0670 CAN-2001-0675 CVE-2001-0675 CAN-2001-0676 CVE-2001-0676 CAN-2001-0677 CVE-2001-0677 CAN-2001-0680 CVE-2001-0680 CAN-2001-0682 CVE-2001-0682 CAN-2001-0685 CVE-2001-0685 CAN-2001-0686 CVE-2001-0686 CAN-2001-0690 CVE-2001-0690 CAN-2001-0692 CVE-2001-0692 CAN-2001-0696 CVE-2001-0696 CAN-2001-0697 CVE-2001-0697 CAN-2001-0698 CVE-2001-0698 CAN-2001-0699 CVE-2001-0699 CAN-2001-0700 CVE-2001-0700 CAN-2001-0701 CVE-2001-0701 CAN-2001-0706 CVE-2001-0706 CAN-2001-0710 CVE-2001-0710 CAN-2001-0716 CVE-2001-0716 CAN-2001-0717 CVE-2001-0717 CAN-2001-0718 CVE-2001-0718 CAN-2001-0719 CVE-2001-0719 CAN-2001-0720 CVE-2001-0720 CAN-2001-0722 CVE-2001-0722 CAN-2001-0723 CVE-2001-0723 CAN-2001-0728 CVE-2001-0728 CAN-2001-0730 CVE-2001-0730 CAN-2001-0733 CVE-2001-0733 CAN-2001-0738 CVE-2001-0738 CAN-2001-0739 CVE-2001-0739 CAN-2001-0740 CVE-2001-0740 CAN-2001-0745 CVE-2001-0745 CAN-2001-0750 CVE-2001-0750 CAN-2001-0751 CVE-2001-0751 CAN-2001-0752 CVE-2001-0752 CAN-2001-0754 CVE-2001-0754 CAN-2001-0757 CVE-2001-0757 CAN-2001-0760 CVE-2001-0760 CAN-2001-0764 CVE-2001-0764 CAN-2001-0765 CVE-2001-0765 CAN-2001-0773 CVE-2001-0773 CAN-2001-0774 CVE-2001-0774 CAN-2001-0779 CVE-2001-0779 CAN-2001-0784 CVE-2001-0784 CAN-2001-0787 CVE-2001-0787 CAN-2001-0796 CVE-2001-0796 CAN-2001-0801 CVE-2001-0801 CAN-2001-0803 CVE-2001-0803 CAN-2001-0804 CVE-2001-0804 CAN-2001-0805 CVE-2001-0805 CAN-2001-0806 CVE-2001-0806 CAN-2001-0815 CVE-2001-0815 CAN-2001-0816 CVE-2001-0816 CAN-2001-0819 CVE-2001-0819 CAN-2001-0822 CVE-2001-0822 CAN-2001-0823 CVE-2001-0823 CAN-2001-0828 CVE-2001-0828 CAN-2001-0830 CVE-2001-0830 CAN-2001-0833 CVE-2001-0833 CAN-2001-0834 CVE-2001-0834 CAN-2001-0836 CVE-2001-0836 CAN-2001-0843 CVE-2001-0843 CAN-2001-0846 CVE-2001-0846 CAN-2001-0850 CVE-2001-0850 CAN-2001-0851 CVE-2001-0851 CAN-2001-0852 CVE-2001-0852 CAN-2001-0857 CVE-2001-0857 CAN-2001-0859 CVE-2001-0859 CAN-2001-0860 CVE-2001-0860 CAN-2001-0861 CVE-2001-0861 CAN-2001-0862 CVE-2001-0862 CAN-2001-0863 CVE-2001-0863 CAN-2001-0864 CVE-2001-0864 CAN-2001-0865 CVE-2001-0865 CAN-2001-0866 CVE-2001-0866 CAN-2001-0867 CVE-2001-0867 CAN-2001-0874 CVE-2001-0874 CAN-2001-0875 CVE-2001-0875 CAN-2001-0876 CVE-2001-0876 CAN-2001-0877 CVE-2001-0877 CAN-2001-0879 CVE-2001-0879 CAN-2001-0954 CVE-2001-0954 CAN-2001-0963 CVE-2001-0963 CAN-2001-0965 CVE-2001-0965 CAN-2001-0969 CVE-2001-0969 CAN-2001-0973 CVE-2001-0973 CAN-2001-0980 CVE-2001-0980 CAN-2001-0982 CVE-2001-0982 CAN-2001-0987 CVE-2001-0987 CAN-2001-0993 CVE-2001-0993 CAN-2001-0995 CVE-2001-0995 CAN-2001-0998 CVE-2001-0998 CAN-2001-1010 CVE-2001-1010 CAN-2001-1011 CVE-2001-1011 CAN-2001-1016 CVE-2001-1016 CAN-2001-1017 CVE-2001-1017 CAN-2001-1020 CVE-2001-1020 CAN-2001-1035 CVE-2001-1035 CAN-2001-1037 CVE-2001-1037 CAN-2001-1038 CVE-2001-1038 CAN-2001-1048 CVE-2001-1048 CAN-2001-1049 CVE-2001-1049 CAN-2001-1054 CVE-2001-1054 CAN-2001-1056 CVE-2001-1056 CAN-2001-1063 CVE-2001-1063 CAN-2001-1067 CVE-2001-1067 CAN-2001-1075 CVE-2001-1075 CAN-2001-1080 CVE-2001-1080 CAN-2002-0005 CVE-2002-0005 ====================================================== Candidate: CAN-1999-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0380 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-02 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92006416928093&w=2 Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2 Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 Reference: BID:497 Reference: URL:http://www.securityfocus.com/bid/497 Reference: XF:slmail-ras-ntfs-bypass(5392) Reference: URL:http://xforce.iss.net/static/5392.php SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. Modifications: ADDREF NTBUGTRAQ:199909225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service CHANGEREF NTBUGTRAQ [change date] ADDREF NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix) DESC Added finger details. ADDREF XF:slmail-ras-ntfs-bypass(5392) INFERRED ACTION: CAN-1999-0380 FINAL (Final Decision 20020309) Current Votes: ACCEPT(8) Wall, Cole, Armstrong, Bishop, Collins, Ozancin, Levy, Blake MODIFY(2) Baker, Frech NOOP(2) Landfield, Christey Voter Comments: CHANGE> [Cole changed vote from NOOP to ACCEPT] Baker> Vulnerability Reference (HTML) Reference Type http://www.securityfocus.com/archive/1/12704 Misc Defensive Info Christey> Fix date in NTBUGTRAQ reference Christey> NTBUGTRAQ:19990310 SLmail 3.2 Build 3113 (Web Administration Security Fix) http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2 CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:slmail-ras-ntfs-bypass(5392) ====================================================== Candidate: CAN-1999-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0801 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-frames(2075) Reference: URL:http://www.iss.net/security_center/static/2075.php BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-1999-0801 FINAL (Final Decision 20020309) Current Votes: ACCEPT(8) Wall, Baker, Landfield, Cole, Frech, Collins, Ozancin, Stracener NOOP(1) Armstrong REVIEWING(1) Levy Voter Comments: Wall> found by ISS X-Force CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-0815 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0815 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 19991125 Category: SF Reference: MSKB:Q196270 Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp Reference: XF:nt-snmpagent-leak(1974) Reference: URL:http://xforce.iss.net/static/1974.php Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. Modifications: ADDREF XF:nt-snmpagent-leak(1974) INFERRED ACTION: CAN-1999-0815 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-snmpagent-leak(1974) ====================================================== Candidate: CAN-1999-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0921 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs Reference: URL:http://www.securityfocus.com/archive/1/13204 Reference: XF:bmc-patrol-udp-dos(4291) Reference: URL:http://www.iss.net/security_center/static/4291.php Reference: BID:1879 Reference: URL:http://www.securityfocus.com/bid/1879 BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. Modifications: ADDREF XF:bmc-patrol-udp-dos(4291) ADDREF BID:1879 INFERRED ACTION: CAN-1999-0921 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Landfield, Cole, Collins, Ozancin, Stracener MODIFY(1) Frech NOOP(2) Christey, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:bmc-patrol-udp-dos Christey> BID:1879 URL:http://www.securityfocus.com/bid/1879 ====================================================== Candidate: CAN-1999-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0930 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml Reference: XF:http-cgi-wwwboard(2344) Reference: URL:http://xforce.iss.net/static/2344.php Reference: BID:1795 Reference: URL:http://www.securityfocus.com/bid/1795 wwwboard allows a remote attacker to delete message board articles via a malformed argument. Modifications: ADDREF XF:http-cgi-wwwboard(2344) ADDREF BID:1795 ADDREF CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml INFERRED ACTION: CAN-1999-0930 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Stracener, Wall, Baker, Cole, Ozancin MODIFY(1) Frech NOOP(3) Christey, Landfield, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:http-cgi-wwwboard(2344) Christey> CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml. The comments only appear to address a followup post which describes a different vulnerability. However, it also says: "Also requires that each followup number is in fact a number, to prevent message clobbering." The suggested patch does appear to address the problem. Christey> BID:1795 URL:http://www.securityfocus.com/bid/1795 ====================================================== Candidate: CAN-1999-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0968 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19981226 bnc exploit Reference: URL:http://www.securityfocus.com/archive/1/11711 Reference: XF:bnc-proxy-bo(1546) Reference: URL:http://xforce.iss.net/static/1546.php Reference: BID:1927 Reference: URL:http://www.securityfocus.com/bid/1927 Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. Modifications: ADDREF XF:bnc-proxy-bo(1546) ADDREF BID:1927 INFERRED ACTION: CAN-1999-0968 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Stracener, Wall, Baker, Landfield, Cole, Ozancin MODIFY(1) Frech NOOP(2) Christey, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:bnc-proxy-bo Christey> Possible acknowledgement in http://bnc.ircadmin.net/bnc2.6.2.tar.gz Under the 2.6.0 entry, it states "(8) Fixed a lot of potential string based overflows. Reduced memory requirements for users." Entry for 2.4.4 says "(3) Moved some large varibles out of stack space for speed and securety." Version 2.4.4 was reported as being vulnerable. Looking in cmds.c, line 200 has a call to some sockprint() function which includes the USER name. The sockprint() function in server.c calls vsnprintf with a size limit of PACKETBUFF, and the original buffer is allocated as PACKETBUFF+1 bytes, so there probably isn't an overflow anymore. But there's no comment indicating a fix - however, this could have been the fix. Christey> BID:1927 ====================================================== Candidate: CAN-1999-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1014 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2 Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2 Reference: SUNBUG:4276509 Reference: XF:sun-usrbinmail-local-bo(3297) Reference: URL:http://xforce.iss.net/static/3297.php Reference: BID:672 Reference: URL:http://www.securityfocus.com/bid/672 Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. Modifications: ADDREF SUNBUG:4276509 INFERRED ACTION: CAN-1999-1014 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Dik NOOP(2) Wall, Foat Voter Comments: Dik> sun bug: 4276509 ====================================================== Candidate: CAN-1999-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1019 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2 Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2 Reference: BID:495 Reference: URL:http://www.securityfocus.com/bid/495 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. INFERRED ACTION: CAN-1999-1019 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1021 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-15 Reference: URL:http://www.cert.org/advisories/CA-1992-15.html Reference: SUN:00117 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba Reference: BID:47 Reference: URL:http://www.securityfocus.com/bid/47 Reference: XF:nfs-uid(82) Reference: URL:http://xforce.iss.net/static/82.php NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. Modifications: ADDREF XF:nfs-uid(82) INFERRED ACTION: CAN-1999-1021 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:nfs-uid(82) Dik> sun bug: 1095935 ====================================================== Candidate: CAN-1999-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1027 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2 Reference: SUNBUG:4178998 Reference: XF:solaris-admintool-world-writable(7296) Reference: URL:http://xforce.iss.net/static/7296.php Reference: BID:290 Reference: URL:http://www.securityfocus.com/bid/290 Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. Modifications: ADDREF XF:solaris-admintool-world-writable(7296) ADDREF SUNBUG:4178998 INFERRED ACTION: CAN-1999-1027 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Dik MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:solaris-admintool-world-writable(7296) Dik> sun bug: 4178998 ====================================================== Candidate: CAN-1999-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1028 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2 Reference: BID:288 Reference: URL:http://www.securityfocus.com/bid/288 Reference: XF:pcanywhere-dos(2256) Reference: URL:http://www.iss.net/security_center/static/2256.php Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. Modifications: ADDREF XF:pcanywhere-dos(2256) INFERRED ACTION: CAN-1999-1028 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Prosser, Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:pcanywhere-dos(2256) ====================================================== Candidate: CAN-1999-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1032 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-11 Reference: URL:http://www.cert.org/advisories/CA-1991-11.html Reference: CIAC:B-36 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml Reference: BID:26 Reference: URL:http://www.securityfocus.com/bid/26 Reference: XF:ultrix-telnet(584) Reference: URL:http://xforce.iss.net/static/584.php Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. Modifications: ADDREF XF:ultrix-telnet(584) ADDREF CIAC:B-36 DESC add lattelnet to facilitate search. INFERRED ACTION: CAN-1999-1032 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ultrix-telnet(584) ====================================================== Candidate: CAN-1999-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1034 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-08 Reference: URL:http://www.cert.org/advisories/CA-1991-08.html Reference: CIAC:B-28 Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml Reference: BID:23 Reference: URL:http://www.securityfocus.com/bid/23 Reference: XF:sysv-login(583) Reference: URL:http://xforce.iss.net/static/583.php Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. Modifications: ADDREF XF:sysv-login(583) ADDREF CIAC:B-28 INFERRED ACTION: CAN-1999-1034 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:sysv-login(583) ====================================================== Candidate: CAN-1999-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1035 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp Reference: MSKB:Q192296 Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp Reference: XF:iis-get-dos(1823) Reference: URL:http://xforce.iss.net/static/1823.php IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. Modifications: ADDREF XF:iis-get-dos(1823) INFERRED ACTION: CAN-1999-1035 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:iis-get-dos(1823) ====================================================== Candidate: CAN-1999-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1037 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2 Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2 Reference: XF:satan-rexsatan-symlink(7167) Reference: URL:http://www.iss.net/security_center/static/7167.php rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file. Modifications: ADDREF XF:satan-rexsatan-symlink(7167) INFERRED ACTION: CAN-1999-1037 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:satan-rexsatan-symlink(7167) ====================================================== Candidate: CAN-1999-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1044 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: COMPAQ:SSRT0495U Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: CIAC:I-050 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml Reference: XF:dgux-advfs-softlinks(7431) Reference: URL:http://www.iss.net/security_center/static/7431.php Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges. Modifications: ADDREF XF:dgux-advfs-softlinks(7431) INFERRED ACTION: CAN-1999-1044 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Stracener MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:dgux-advfs-softlinks(7431) ====================================================== Candidate: CAN-1999-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1045 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980115 pnserver exploit.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2 Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2 Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2 Reference: MISC:http://service.real.com/help/faq/serv501.html Reference: XF:realserver-pnserver-remote-dos(7297) Reference: URL:http://www.iss.net/security_center/static/7297.php pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. Modifications: ADDREF XF:realserver-pnserver-remote-dos(7297) DESC [typo] INFERRED ACTION: CAN-1999-1045 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:realserver-pnserver-remote-dos(7297) ====================================================== Candidate: CAN-1999-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1047 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2 Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2 Reference: XF:gauntlet-bsdi-bypass(3397) Reference: URL:http://www.iss.net/security_center/static/3397.php When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-1999-1047 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall Voter Comments: Frech> Normalize: XF:gauntlet-bsdi-bypass(3397) ====================================================== Candidate: CAN-1999-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1048 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit Reference: URL:http://www.securityfocus.com/archive/1/10542 Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2 Reference: DEBIAN:19980909 problem with very long pathnames Reference: URL:http://www.debian.org/security/1998/19980909 Reference: XF:linux-bash-bo(3414) Reference: URL:http://xforce.iss.net/static/3414.php Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. INFERRED ACTION: CAN-1999-1048 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1055 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp Reference: BID:179 Reference: URL:http://www.securityfocus.com/bid/179 Reference: XF:excel-call(1737) Reference: URL:http://xforce.iss.net/static/1737.php Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." INFERRED ACTION: CAN-1999-1055 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1057 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-07 Reference: URL:http://www.cert.org/advisories/CA-1990-07.html Reference: CIAC:B-04 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml Reference: BID:12 Reference: URL:http://www.securityfocus.com/bid/12 Reference: XF:vms-analyze-processdump-privileges(7137) Reference: URL:http://www.iss.net/security_center/static/7137.php VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. Modifications: ADDREF XF:vms-analyze-processdump-privileges(7137) INFERRED ACTION: CAN-1999-1057 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:vms-analyze-processdump-privileges(7137) ====================================================== Candidate: CAN-1999-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1059 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-04 Reference: URL:http://www.cert.org/advisories/CA-1992-04.html Reference: BID:36 Reference: URL:http://www.securityfocus.com/bid/36 Reference: XF:att-rexecd(3159) Reference: URL:http://www.iss.net/security_center/static/3159.php Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands. Modifications: ADDREF XF:att-rexecd(3159) INFERRED ACTION: CAN-1999-1059 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:att-rexecd(3159) ====================================================== Candidate: CAN-1999-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1074 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/9138 Reference: CONFIRM:http://www.webmin.com/webmin/changes.html Reference: BID:98 Reference: URL:http://www.securityfocus.com/bid/98 Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. INFERRED ACTION: CAN-1999-1074 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF;webmin-password-brute-force(7216) ====================================================== Candidate: CAN-1999-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1085 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2 Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2 Reference: CISCO:20010627 Multiple SSH Vulnerabilities Reference: URL:http://www.cisco.com/warp/public/707/SSH-multiple-pub.html Reference: CERT-VN:VU#13877 Reference: URL:http://www.kb.cert.org/vuls/id/13877 Reference: XF:ssh-insert(1126) Reference: URL:http://www.iss.net/security_center/static/1126.php SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." Modifications: ADDREF XF:ssh-insert(1126) ADDREF CISCO:20010627 Multiple SSH Vulnerabilities ADDREF CERT-VN:VU#13877 INFERRED ACTION: CAN-1999-1085 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:ssh-insert(1126) Christey> CISCO:20010627 Multiple SSH Vulnerabilities http://www.cisco.com/warp/public/707/SSH-multiple-pub.html ====================================================== Candidate: CAN-1999-1087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1087 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp Reference: MSKB:Q168617 Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp Reference: XF:ie-dotless(2209) Reference: URL:http://xforce.iss.net/static/2209.php Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. INFERRED ACTION: CAN-1999-1087 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1090 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-15 Reference: URL:http://www.cert.org/advisories/CA-1991-15.html Reference: XF:ftp-ncsa(1844) Reference: URL:http://xforce.iss.net/static/1844.php The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. INFERRED ACTION: CAN-1999-1090 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1093 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp Reference: MSKB:Q191200 Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp Reference: XF:java-script-patch(1276) Reference: URL:http://www.iss.net/security_center/static/1276.php Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. Modifications: ADDREF XF:java-script-patch(1276) ADDREF MSKB:Q191200 INFERRED ACTION: CAN-1999-1093 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:java-script-patch(1276) ====================================================== Candidate: CAN-1999-1094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1094 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2 Reference: XF:iemk-bug(917) Reference: URL:http://xforce.iss.net/static/917.php Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." INFERRED ACTION: CAN-1999-1094 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1098 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1995-03 Reference: URL:http://www.cert.org/advisories/CA-1995-03.html Reference: CIAC:F-12 Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml Reference: XF:bsd-telnet(516) Reference: URL:http://www.iss.net/security_center/static/516.php Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. Modifications: ADDREF XF:bsd-telnet(516) INFERRED ACTION: CAN-1999-1098 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bsd-telnet(516) ====================================================== Candidate: CAN-1999-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1099 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2 Reference: XF:kerberos-user-grab(65) Reference: URL:http://xforce.iss.net/static/65.php Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. Modifications: DESC [grammar] INFERRED ACTION: CAN-1999-1099 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech Voter Comments: Frech> In description, fix grammar: "generates an error string that inadvertently..." ====================================================== Candidate: CAN-1999-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1100 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml Reference: CIAC:I-056 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml Reference: XF:cisco-pix-parse-error(1579) Reference: URL:http://xforce.iss.net/static/1579.php Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. Modifications: ADDREF CIAC:I-056 INFERRED ACTION: CAN-1999-1100 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Foat, Cole, Armstrong, Frech, Stracener, Balinsky NOOP(1) Wall ====================================================== Candidate: CAN-1999-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1102 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr Reference: BUGTRAQ:19940307 8lgm Advisory Releases Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm Reference: CIAC:E-25a Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. INFERRED ACTION: CAN-1999-1102 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bsd-lpr-symlink(7209) ====================================================== Candidate: CAN-1999-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1103 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-96.05 Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec Reference: CIAC:G-18 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml Reference: MISC:http://www.tao.ca/fire/bos/0209.html Reference: XF:osf-dxconsole-gain-privileges(7138) Reference: URL:http://www.iss.net/security_center/static/7138.php dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. Modifications: ADDREF XF:osf-dxconsole-gain-privileges(7138) INFERRED ACTION: CAN-1999-1103 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:osf-dxconsole-gain-privileges(7138) ====================================================== Candidate: CAN-1999-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1104 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2 Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2 Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2 Reference: MSKB:Q140557 Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp Reference: XF:win95-nbsmbpwl(71) Reference: URL:http://www.iss.net/security_center/static/71.php Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords. Modifications: ADDREF XF:win95-nbsmbpwl(71) INFERRED ACTION: CAN-1999-1104 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win95-nbsmbpwl(71) ====================================================== Candidate: CAN-1999-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1105 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html Reference: XF:win95-netware-hidden-share(7231) Reference: URL:http://www.iss.net/security_center/static/7231.php Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. Modifications: DESC [spelling] ADDREF XF:win95-netware-hidden-share(7231) INFERRED ACTION: CAN-1999-1105 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win95-netware-hidden-share(7231) In description, Netware should be NetWare. ====================================================== Candidate: CAN-1999-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1109 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2 Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2 Reference: BID:904 Reference: URL:http://www.securityfocus.com/bid/904 Reference: XF:sendmail-etrn-dos(7760) Reference: URL:http://www.iss.net/security_center/static/7760.php Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. Modifications: ADDREF XF:sendmail-etrn-dos(7760) INFERRED ACTION: CAN-1999-1109 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:sendmail-etrn-dos(7760) ====================================================== Candidate: CAN-1999-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1111 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2 Reference: BID:786 Reference: URL:http://www.securityfocus.com/bid/786 Reference: XF:immunix-stackguard-bo(3524) Reference: URL:http://xforce.iss.net/static/3524.php Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. INFERRED ACTION: CAN-1999-1111 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1114 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:H-15A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml Reference: AUSCERT:AA-96.17 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul Reference: SGI:19980405-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I Reference: XF:ksh-suid_exec(2100) Reference: URL:http://xforce.iss.net/static/2100.php Reference: BID:467 Reference: URL:http://www.securityfocus.com/bid/467 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1114 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1115 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-04 Reference: URL:http://www.cert.org/advisories/CA-1990-04.html Reference: CIAC:A-30 Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml Reference: BID:7 Reference: URL:http://www.securityfocus.com/bid/7 Reference: XF:apollo-suidexec-unauthorized-access(6721) Reference: URL:http://www.iss.net/security_center/static/6721.php Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). Modifications: ADDREF XF:apollo-suidexec-unauthorized-access(6721) INFERRED ACTION: CAN-1999-1115 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:apollo-suidexec-unauthorized-access(6721) ====================================================== Candidate: CAN-1999-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1116 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SGI:19970503-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX Reference: BID:462 Reference: URL:http://www.securityfocus.com/bid/462 Reference: XF:sgi-runpriv(2108) Reference: URL:http://xforce.iss.net/static/2108.php Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1116 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1117 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961124 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b Reference: BUGTRAQ:19961125 lquerypv fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2 Reference: BUGTRAQ:19961125 AIX lquerypv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2 Reference: CIAC:H-13 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml Reference: BID:455 Reference: URL:http://www.securityfocus.com/bid/455 Reference: XF:ibm-lquerypv(1752) Reference: URL:http://xforce.iss.net/static/1752.php lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. INFERRED ACTION: CAN-1999-1117 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1118 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00165 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba Reference: BID:433 Reference: URL:http://www.securityfocus.com/bid/433 Reference: XF:sun-ndd(817) Reference: URL:http://xforce.iss.net/static/817.php ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. INFERRED ACTION: CAN-1999-1118 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener Voter Comments: Dik> sun bug: 4069630 ====================================================== Candidate: CAN-1999-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1119 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-09 Reference: URL:http://www.cert.org/advisories/CA-1992-09.html Reference: BID:41 Reference: URL:http://www.securityfocus.com/bid/41 Reference: XF:aix-anon-ftp(3154) Reference: URL:http://xforce.iss.net/static/3154.php FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-1999-1119 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1120 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970104 Irix: netprint story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2 Reference: SGI:19961203-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX Reference: SGI:19961203-02-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX Reference: BID:395 Reference: URL:http://www.securityfocus.com/bid/395 Reference: XF:sgi-netprint(2107) Reference: URL:http://xforce.iss.net/static/2107.php netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1120 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1121 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1992-06 Reference: URL:http://www.cert.org/advisories/CA-1992-06.html Reference: BID:38 Reference: URL:http://www.securityfocus.com/bid/38 Reference: XF:ibm-uucp(554) Reference: URL:http://xforce.iss.net/static/554.php The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1121 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1122 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1989-02 Reference: URL:http://www.cert.org/advisories/CA-1989-02.html Reference: CIAC:CIAC-08 Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml Reference: SUNBUG:1019265 Reference: BID:3 Reference: URL:http://www.securityfocus.com/bid/3 Reference: XF:sun-restore-gain-privileges(6695) Reference: URL:XF:sun-restore-gain-privileges(6695) Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges. Modifications: ADDREF XF:sun-restore-gain-privileges(6695) ADDREF CIAC:CIAC-08 ADDREF SUNBUG:1019265 INFERRED ACTION: CAN-1999-1122 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sun-restore-gain-privileges(6695) Dik> sun bug: 1019265 ====================================================== Candidate: CAN-1999-1127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1127 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp Reference: MSKB:Q195733 Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp Reference: XF:nt-spoolss(523) Reference: URL:http://www.iss.net/security_center/static/523.php Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. Modifications: ADDREF XF:nt-spoolss(523) INFERRED ACTION: CAN-1999-1127 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-spoolss(523) ====================================================== Candidate: CAN-1999-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1131 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:VB-97.12 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup Reference: CIAC:I-060 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml Reference: SGI:19980601-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX Reference: XF:sgi-osf-dce-dos(1123) Reference: URL:http://xforce.iss.net/static/1123.php Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. INFERRED ACTION: CAN-1999-1131 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1132 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2 Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2 Reference: MSKB:Q179157 Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp Reference: XF:token-ring-dos(1399) Reference: URL:http://www.iss.net/security_center/static/1399.php Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. INFERRED ACTION: CAN-1999-1132 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:token-ring-dos(1399) ====================================================== Candidate: CAN-1999-1136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1136 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9807-081 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html Reference: HP:HPSBMP9807-005 Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2 Reference: CIAC:I-081 Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml Reference: XF:mpeix-predictive(1413) Reference: URL:http://xforce.iss.net/static/1413.php Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems. INFERRED ACTION: CAN-1999-1136 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1137 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CIAC:E-01 Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml Reference: SUN:00122 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba Reference: XF:sun-audio(549) Reference: URL:http://xforce.iss.net/static/549.php The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone. INFERRED ACTION: CAN-1999-1137 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener ====================================================== Candidate: CAN-1999-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1138 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1993-13 Reference: URL:http://www.cert.org/advisories/CA-1993-13.html Reference: XF:sco-homedir(546) Reference: URL:http://xforce.iss.net/static/546.php SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. INFERRED ACTION: CAN-1999-1138 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1139 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html Reference: BUGTRAQ:19970901 HP UX Bug :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2 Reference: HP:HPSBUX9801-074 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html Reference: CIAC:I-027B Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml Reference: XF:hp-cue(2007) Reference: URL:http://www.iss.net/security_center/static/2007.php Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file. Modifications: ADDREF XF:hp-cue(2007) ADDREF CIAC:I-027B INFERRED ACTION: CAN-1999-1139 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-cue(2007) ====================================================== Candidate: CAN-1999-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1140 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971214 buffer overflows in cracklib?! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2 Reference: CERT:VB-97.16 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib Reference: XF:cracklib-bo(1539) Reference: URL:http://xforce.iss.net/static/1539.php Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. INFERRED ACTION: CAN-1999-1140 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1142 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1992-11 Reference: URL:http://www.cert.org/advisories/CA-1992-11.html Reference: XF:sun-env(3152) Reference: URL:http://xforce.iss.net/static/3152.php SunOS 4.1.2 and earlier allows local users to gain privileges in certain dynamically linked setuid or setgid programs that change the real and effective user ids to the same user, via "LD_*" environmental variables. INFERRED ACTION: CAN-1999-1142 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener NOOP(1) Wall Voter Comments: Dik> sun bug: 1085853 ====================================================== Candidate: CAN-1999-1143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1143 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:H-065 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml Reference: SGI:19970504-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX Reference: XF:sgi-rld(2109) Reference: URL:http://xforce.iss.net/static/2109.php Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. INFERRED ACTION: CAN-1999-1143 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1144 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: HP:HPSBUX9701-051 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html Reference: XF:hp-mpower(2056) Reference: URL:http://xforce.iss.net/static/2056.php Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1144 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1145 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9701-044 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514 Reference: CIAC:H-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml Reference: XF:hp-glanceplus(2059) Reference: URL:http://xforce.iss.net/static/2059.php Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1145 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1146 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9405-011 Reference: URL:http://www.securityfocus.com/advisories/1555 Reference: XF:hp-glanceplus-gpm(2060) Reference: URL:http://xforce.iss.net/static/2060.php Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1146 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1147 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2 Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: XF:pcm-dos-execute(1430) Reference: URL:http://xforce.iss.net/static/1430.php Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. INFERRED ACTION: CAN-1999-1147 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1148 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS98-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp Reference: MSKB:Q189262 Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP Reference: XF:iis-passive-ftp(1215) Reference: URL:http://xforce.iss.net/static/1215.php FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. INFERRED ACTION: CAN-1999-1148 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1156 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698 Reference: XF:bisonware-port-crash(2254) Reference: URL:http://xforce.iss.net/static/2254.php BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. INFERRED ACTION: CAN-1999-1156 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1157 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q192774 Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP Reference: XF:tcpipsys-icmp-dos(3894) Reference: URL:http://xforce.iss.net/static/3894.php Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface. INFERRED ACTION: CAN-1999-1157 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1159 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2 Reference: XF:ssh-privileged-port-forward(1471) Reference: URL:http://xforce.iss.net/static/1471.php SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. INFERRED ACTION: CAN-1999-1159 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1160 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9702-055 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2 Reference: CIAC:H-33 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml Reference: XF:hp-ftpd-kftpd(7437) Reference: URL:http://www.iss.net/security_center/static/7437.php Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. Modifications: ADDREF XF:hp-ftpd-kftpd(7437) INFERRED ACTION: CAN-1999-1160 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ftpd-kftpd(7437) ====================================================== Candidate: CAN-1999-1161 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1161 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961103 Re: Untitled Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2 Reference: BUGTRAQ:19961104 ppl bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2 Reference: HP:HPSBUX9704-057 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html Reference: CIAC:H-32 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml Reference: AUSCERT:AA-97.07 Reference: XF:hp-ppl(7438) Reference: URL:http://www.iss.net/security_center/static/7438.php Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump. Modifications: ADDREF XF:hp-ppl(7438) INFERRED ACTION: CAN-1999-1161 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ppl(7438) Not hp-ppllog(419) ====================================================== Candidate: CAN-1999-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1162 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1993-08 Reference: URL:http://www.cert.org/advisories/CA-1993-08.html Reference: XF:sco-passwd-deny(542) Reference: URL:http://www.iss.net/security_center/static/542.php Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. Modifications: ADDREF XF:sco-passwd-deny(542) INFERRED ACTION: CAN-1999-1162 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sco-passwd-deny(542) ====================================================== Candidate: CAN-1999-1163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1163 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: HP:HPSBUX9911-105 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2 Reference: XF:hp-ssp(7439) Reference: URL:http://www.iss.net/security_center/static/7439.php Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation. Modifications: ADDREF XF:hp-ssp(7439) INFERRED ACTION: CAN-1999-1163 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:hp-ssp(7439) ====================================================== Candidate: CAN-1999-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1167 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html Reference: XF:thirdvoice-cross-site-scripting(7252) Reference: URL:http://www.iss.net/security_center/static/7252.php Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation. Modifications: ADDREF XF:thirdvoice-cross-site-scripting(7252) INFERRED ACTION: CAN-1999-1167 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:thirdvoice-cross-site-scripting(7252) ====================================================== Candidate: CAN-1999-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1175 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml Reference: CIAC:I-054 Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml Reference: XF:cisco-wccp-vuln(1577) Reference: URL:http://xforce.iss.net/static/1577.php Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. Modifications: ADDREF XF:cisco-wccp-vuln(1577) INFERRED ACTION: CAN-1999-1175 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Stracener, Balinsky MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-wccp-vuln(1577) CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-1999-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1177 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish Reference: XF:http-cgi-nphpublish(2055) Reference: URL:http://xforce.iss.net/static/2055.php Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. Modifications: ADDREF XF:http-cgi-nphpublish(2055) INFERRED ACTION: CAN-1999-1177 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:http-cgi-nphpublish(2055) ====================================================== Candidate: CAN-1999-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1181 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: SGI:19980901-01-PX Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX Reference: CIAC:J-003 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml Reference: XF:irix-register(7441) Reference: URL:http://www.iss.net/security_center/static/7441.php Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges. Modifications: ADDREF XF:irix-register(7441) INFERRED ACTION: CAN-1999-1181 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:irix-register(7441) ====================================================== Candidate: CAN-1999-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1188 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2 Reference: XF:mysql-readable-log-files(1568) Reference: URL:http://xforce.iss.net/static/1568.php mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. INFERRED ACTION: CAN-1999-1188 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1191 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2 Reference: AUSCERT:AA-97.18 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul Reference: SUN:00144 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144 Reference: BID:207 Reference: URL:http://www.securityfocus.com/bid/207 Reference: XF:solaris-chkey-bo(7442) Reference: URL:http://www.iss.net/security_center/static/7442.php Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. Modifications: ADDREF XF:solaris-chkey-bo(7442) INFERRED ACTION: CAN-1999-1191 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:solaris-chkey-bo(7442) Dik> sun bug 4053189 Dik> sun bug 4053189 ====================================================== Candidate: CAN-1999-1192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1192 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00143 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143 Reference: BID:206 Reference: URL:http://www.securityfocus.com/bid/206 Reference: XF:solaris-eeprom-bo(7444) Reference: URL:http://www.iss.net/security_center/static/7444.php Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. Modifications: ADDREF XF:solaris-eeprom-bo(7444) INFERRED ACTION: CAN-1999-1192 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:solaris-eeprom-bo(7444) Dik> sun bug: 4043234 Dik> sun bug: 4043234 ====================================================== Candidate: CAN-1999-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1193 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1991-06 Reference: URL:http://www.cert.org/advisories/CA-1991-06.html Reference: XF:next-me(581) Reference: URL:http://xforce.iss.net/static/581.php Reference: BID:20 Reference: URL:http://www.securityfocus.com/bid/20 The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root. INFERRED ACTION: CAN-1999-1193 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1194 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CERT:CA-1991-05 Reference: URL:http://www.cert.org/advisories/CA-1991-05.html Reference: BID:17 Reference: URL:http://www.securityfocus.com/bid/17 Reference: XF:dec-chroot(577) Reference: URL:http://xforce.iss.net/static/577.php chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1194 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1197 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-12 Reference: URL:http://www.cert.org/advisories/CA-1990-12.html Reference: BID:14 Reference: URL:http://www.securityfocus.com/bid/14 Reference: XF:sunos-tioccons-console-redirection(7140) Reference: URL:http://www.iss.net/security_center/static/7140.php TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. Modifications: ADDREF XF:sunos-tioccons-console-redirection(7140) INFERRED ACTION: CAN-1999-1197 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sunos-tioccons-console-redirection(7140) Dik> sun bug: 1008324 ====================================================== Candidate: CAN-1999-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1198 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CERT:CA-1990-06 Reference: URL:http://www.cert.org/advisories/CA-1990-06.html Reference: CIAC:B-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml Reference: BID:11 Reference: URL:http://www.securityfocus.com/bid/11 Reference: XF:nextstep-builddisk-root-access(7141) Reference: URL:http://www.iss.net/security_center/static/7141.php BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. Modifications: ADDREF XF:nextstep-builddisk-root-access(7141) INFERRED ACTION: CAN-1999-1198 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:nextstep-builddisk-root-access(7141) ====================================================== Candidate: CAN-1999-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1203 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2 Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2 Reference: XF:ascend-ppp-isdn-dos(7498) Reference: URL:http://www.iss.net/security_center/static/7498.php Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. Modifications: ADDREF XF:ascend-ppp-isdn-dos(7498) INFERRED ACTION: CAN-1999-1203 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:ascend-ppp-isdn-dos(7498) ====================================================== Candidate: CAN-1999-1204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1204 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020217-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2 Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html Reference: XF:fw1-user-defined-keywords-access(7293) Reference: URL:http://xforce.iss.net/static/7293.php Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. Modifications: ADDREF XF:fw1-user-defined-keywords-access(7293) INFERRED ACTION: CAN-1999-1204 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:fw1-user-defined-keywords-access(7293) http://www.checkpoint.com/techsupport/config/keywords.html ====================================================== Candidate: CAN-1999-1205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1205 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2 Reference: HP:HPSBUX9607-035 Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08 Reference: CIAC:G-34 Reference: XF:hp-nettune(414) nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. INFERRED ACTION: CAN-1999-1205 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1208 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2 Reference: BUGTRAQ:19970721 AIX ping (Exploit) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2 Reference: XF:ping-bo(803) Reference: URL:http://xforce.iss.net/static/803.php Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. INFERRED ACTION: CAN-1999-1208 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1209 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971204 scoterm exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2 Reference: CERT:VB-97.14 Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm Reference: XF:sco-scoterm(690) Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. INFERRED ACTION: CAN-1999-1209 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1214 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling Reference: URL:http://www.openbsd.com/advisories/signals.txt Reference: XF:openbsd-iosig(556) Reference: URL:http://xforce.iss.net/static/556.php Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when initializing I/O notification, which allows local users to cause a denial of service by specifying an arbitrary process ID to be signaled via a socket or device file descriptor via certain ioctl and fcntl calls INFERRED ACTION: CAN-1999-1214 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1215 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:D-21 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml Reference: CERT:CA-1993-12 Reference: URL:http://www.cert.org/advisories/CA-1993-12.html Reference: XF:novell-login(545) Reference: URL:http://xforce.iss.net/static/545.php LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. INFERRED ACTION: CAN-1999-1215 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1222 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q188571 Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP Reference: XF:dns-netbtsys-dos(3893) Reference: URL:http://xforce.iss.net/static/3893.php Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. INFERRED ACTION: CAN-1999-1222 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1223 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q187503 Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp Reference: XF:url-asp-av(3892) Reference: URL:http://xforce.iss.net/static/3892.php IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. INFERRED ACTION: CAN-1999-1223 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1226 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html Reference: XF:netscape-huge-key-dos(3436) Reference: URL:http://xforce.iss.net/static/3436.php Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. INFERRED ACTION: CAN-1999-1226 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-1999-1233 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1233 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MS:MS99-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp Reference: MSKB:241562 Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp Reference: BID:657 Reference: URL:http://www.securityfocus.com/bid/657 Reference: XF:iis-unresolved-domain-access(3306) Reference: URL:http://xforce.iss.net/static/3306.php IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. INFERRED ACTION: CAN-1999-1233 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1243 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: CIAC:F-16 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml Reference: SGI:19950301-01-P373 Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373 Reference: XF:sgi-permissions(2113) Reference: URL:http://xforce.iss.net/static/2113.php SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. INFERRED ACTION: CAN-1999-1243 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1246 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q229972 Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp Reference: XF:siteserver-directmail-passwords(2068) Reference: URL:http://xforce.iss.net/static/2068.php Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. INFERRED ACTION: CAN-1999-1246 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1249 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: HP:HPSBUX9701-047 Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html Reference: XF:hp-movemail(2057) Reference: URL:http://xforce.iss.net/static/2057.php movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges. INFERRED ACTION: CAN-1999-1249 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1258 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00102 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102 Reference: XF:sun-pwdauthd(1782) Reference: URL:http://xforce.iss.net/static/1782.php rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information. INFERRED ACTION: CAN-1999-1258 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Dik, Stracener ====================================================== Candidate: CAN-1999-1259 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1259 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q189529 Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp Reference: XF:office-extraneous-data(1780) Reference: URL:http://xforce.iss.net/static/1780.php Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. INFERRED ACTION: CAN-1999-1259 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1262 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1262 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape Reference: URL:http://www.securityfocus.com/archive/1/12231 Reference: XF:java-socket-open(1727) Reference: URL:http://xforce.iss.net/static/1727.php Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities. INFERRED ACTION: CAN-1999-1262 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-1999-1263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1263 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19971024 Vulnerability in metamail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2 Reference: XF:metamail-file-creation(1677) Reference: URL:http://xforce.iss.net/static/1677.php Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file. INFERRED ACTION: CAN-1999-1263 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1276 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges Reference: URL:http://www.debian.org/security/1998/19981207 Reference: XF:fte-console-privileges(1609) Reference: URL:http://xforce.iss.net/static/1609.php fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device. INFERRED ACTION: CAN-1999-1276 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1279 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q138001 Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp Reference: XF:snaserver-shared-folders(1548) Reference: URL:http://xforce.iss.net/static/1548.php An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. INFERRED ACTION: CAN-1999-1279 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1284 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981105 various *lame* DoS attacks Reference: URL:http://www.securityfocus.com/archive/1/11131 Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91063407332594&w=2 Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt Reference: XF:nukenabber-timeout-dos(1540) Reference: URL:http://xforce.iss.net/static/1540.php NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. Modifications: ADDREF MISC:http://www.dynamsol.com/puppet/text/new.txt ADDREF BUGTRAQ:19981107 Re: various *lame* DoS attacks INFERRED ACTION: CAN-1999-1284 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-1999-1288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1288 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux Reference: URL:http://www.securityfocus.com/archive/1/11397 Reference: CALDERA:SA-1998.35 Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt Reference: XF:samba-wsmbconf(1406) Reference: URL:http://xforce.iss.net/static/1406.php Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. INFERRED ACTION: CAN-1999-1288 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1290 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981117 nftp vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2 Reference: CONFIRM:http://www.ayukov.com/nftp/history.html Reference: XF:nftp-bo(1397) Reference: URL:http://xforce.iss.net/static/1397.php Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string. INFERRED ACTION: CAN-1999-1290 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1294 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1294 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q146604 Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp Reference: XF:nt-filemgr(562) Reference: URL:http://xforce.iss.net/static/562.php Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. Modifications: ADDREF XF:nt-filemgr(562) INFERRED ACTION: CAN-1999-1294 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Stracener MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF;nt-filemgr(562) ====================================================== Candidate: CAN-1999-1297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1297 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUNBUG:1077164 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20 Reference: XF:sun-cmdtool-echo(7482) Reference: URL:http://xforce.iss.net/static/7482.php cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key. Modifications: ADDREF XF:sun-cmdtool-echo(7482) INFERRED ACTION: CAN-1999-1297 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:sun-cmdtool-echo(7482) ====================================================== Candidate: CAN-1999-1298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1298 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: FREEBSD:FreeBSD-SA-97:03 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc Reference: XF:freebsd-sysinstall-ftp-password(7537) Reference: URL:http://www.iss.net/security_center/static/7537.php Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources. Modifications: ADDREF XF:freebsd-sysinstall-ftp-password(7537) INFERRED ACTION: CAN-1999-1298 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:freebsd-sysinstall-ftp-password(7537) ====================================================== Candidate: CAN-1999-1301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1301 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:G-31 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml Reference: FREEBSD:FreeBSD-SA-96:17 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc Reference: XF:rzsz-command-execution(7540) Reference: URL:http://www.iss.net/security_center/static/7540.php A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs. Modifications: ADDREF XF:rzsz-command-execution(7540) INFERRED ACTION: CAN-1999-1301 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:rzsz-command-execution(7540) ====================================================== Candidate: CAN-1999-1309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1309 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here) Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html Reference: BUGTRAQ:19940315 so... Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html Reference: BUGTRAQ:19940315 anyone know details? Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html Reference: BUGTRAQ:19940327 sendmail exploit script - resend Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html Reference: CERT:CA-1994-12 Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities Reference: XF:sendmail-debug-gain-root(7155) Reference: URL:http://xforce.iss.net/static/7155.php Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. Modifications: ADDREF XF:sendmail-debug-gain-root(7155) DESC [add period] INFERRED ACTION: CAN-1999-1309 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sendmail-debug-gain-root(7155) Description needs a period at the end of the sentence. :-) ====================================================== Candidate: CAN-1999-1316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1316 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q247975 Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp Reference: XF:passfilt-fullname(7391) Reference: URL:http://xforce.iss.net/static/7391.php Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. Modifications: ADDREF XF:passfilt-fullname(7391) INFERRED ACTION: CAN-1999-1316 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:passfilt-fullname(7391) ====================================================== Candidate: CAN-1999-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1317 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2 Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2 Reference: MSKB:Q222159 Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp Reference: XF:nt-symlink-case(7398) Reference: URL:http://xforce.iss.net/static/7398.php Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. Modifications: ADDREF XF:nt-symlink-case(7398) INFERRED ACTION: CAN-1999-1317 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-symlink-case(7398) ====================================================== Candidate: CAN-1999-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1318 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUNBUG:1121935 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20 Reference: XF:sun-su-path(7480) Reference: URL:http://www.iss.net/security_center/static/7480.php /usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs. Modifications: ADDREF XF:sun-su-path(7480) INFERRED ACTION: CAN-1999-1318 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:sun-su-path(7480) ====================================================== Candidate: CAN-1999-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1320 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:D-01 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml Reference: XF:netware-packet-spoofing-privileges(7213) Reference: URL:http://www.iss.net/security_center/static/7213.php Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. Modifications: ADDREF XF:netware-packet-spoofing-privileges(7213) INFERRED ACTION: CAN-1999-1320 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF;netware-packet-spoofing-privileges(7213) ====================================================== Candidate: CAN-1999-1321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1321 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814 Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. INFERRED ACTION: CAN-1999-1321 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1324 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: CIAC:D-06 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml Reference: XF:openvms-sysgen-enabled(7225) Reference: URL:http://xforce.iss.net/static/7225.php VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. Modifications: ADDREF XF:openvms-sysgen-enabled(7225) INFERRED ACTION: CAN-1999-1324 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:openvms-sysgen-enabled(7225) ====================================================== Candidate: CAN-1999-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1325 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:C-19 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml Reference: XF:vaxvms-sas-gain-privileges(7261) Reference: URL:http://xforce.iss.net/static/7261.php SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. Modifications: ADDREF XF:vaxvms-sas-gain-privileges(7261) INFERRED ACTION: CAN-1999-1325 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Armstrong Voter Comments: Frech> XF:vaxvms-sas-gain-privileges(7261) ====================================================== Candidate: CAN-1999-1326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1326 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2 Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2 Reference: XF:wuftpd-abor-gain-privileges(7169) Reference: URL:http://xforce.iss.net/static/7169.php wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. Modifications: ADDREF XF:wuftpd-abor-gain-privileges(7169) INFERRED ACTION: CAN-1999-1326 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:wuftpd-abor-gain-privileges(7169) ====================================================== Candidate: CAN-1999-1327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1327 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-lang-bo(7239) Reference: URL:http://www.iss.net/security_center/static/7239.php Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable. Modifications: ADDREF XF:linuxconf-lang-bo(7239) INFERRED ACTION: CAN-1999-1327 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linuxconf-lang-bo(7239) ====================================================== Candidate: CAN-1999-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1328 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!] Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf Reference: XF:linuxconf-symlink-gain-privileges(7232) Reference: URL:http://www.iss.net/security_center/static/7232.php linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack. Modifications: ADDREF XF:linuxconf-symlink-gain-privileges(7232) INFERRED ACTION: CAN-1999-1328 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linuxconf-symlink-gain-privileges(7232) ====================================================== Candidate: CAN-1999-1329 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1329 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit Reference: XF:sysvinit-root-bo(7250) Reference: URL:http://www.iss.net/security_center/static/7250.php Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges. Modifications: ADDREF XF:sysvinit-root-bo(7250) INFERRED ACTION: CAN-1999-1329 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sysvinit-root-bo(7250) ====================================================== Candidate: CAN-1999-1330 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1330 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2 Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db Reference: XF:linux-libdb-snprintf-bo(7244) Reference: URL:http://www.iss.net/security_center/static/7244.php The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. Modifications: ADDREF XF:linux-libdb-snprintf-bo(7244) CHANGEREF CONFIRM make Red Hat confirm more specific INFERRED ACTION: CAN-1999-1330 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-libdb-snprintf-bo(7244) Red Hat confirm is more accurately http://www.redhat.com/support/errata/rh42-errata-general.html#db ====================================================== Candidate: CAN-1999-1331 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1331 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg Reference: XF:netcfg-ethernet-dos(7245) Reference: URL:http://www.iss.net/security_center/static/7245.php netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. Modifications: ADDREF XF:netcfg-ethernet-dos(7245) INFERRED ACTION: CAN-1999-1331 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:netcfg-ethernet-dos(7245) ====================================================== Candidate: CAN-1999-1332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1332 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980128 GZEXE - the big problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip Reference: XF:gzip-gzexe-tmp-symlink(7241) Reference: URL:http://www.iss.net/security_center/static/7241.php gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file. Modifications: ADDREF XF:gzip-gzexe-tmp-symlink(7241) INFERRED ACTION: CAN-1999-1332 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:gzip-gzexe-tmp-symlink(7241) ====================================================== Candidate: CAN-1999-1333 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1333 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp Reference: XF:ncftp-autodownload-command-execution(7240) Reference: URL:http://www.iss.net/security_center/static/7240.php automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded. Modifications: ADDREF XF:ncftp-autodownload-command-execution(7240) INFERRED ACTION: CAN-1999-1333 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ncftp-autodownload-command-execution(7240) ====================================================== Candidate: CAN-1999-1335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1335 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp Reference: XF:cmusnmp-read-write(7251) Reference: URL:http://xforce.iss.net/static/7251.php snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information. Modifications: ADDREF XF:cmusnmp-read-write(7251) INFERRED ACTION: CAN-1999-1335 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cmusnmp-read-write(7251) ====================================================== Candidate: CAN-1999-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1336 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2 Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2 3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port. INFERRED ACTION: CAN-1999-1336 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall REVIEWING(1) Frech Voter Comments: Frech> CONFIRM:http://knowledgebase.3com.com/division/publisher.asp? id=2.0.2107762.2279004 ====================================================== Candidate: CAN-1999-1339 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1339 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2 Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2 Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz Reference: XF:ipchains-ping-route-dos(7257) Reference: URL:http://www.iss.net/security_center/static/7257.php Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command. Modifications: ADDREF XF:ipchains-ping-route-dos(7257) INFERRED ACTION: CAN-1999-1339 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ipchains-ping-route-dos(7257) ====================================================== Candidate: CAN-1999-1341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1341 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020308-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991022 Local user can send forged packets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2 Reference: XF:linux-tiocsetd-forge-packets(7858) Reference: URL:http://xforce.iss.net/static/7858.php Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. Modifications: ADDREF XF:linux-tiocsetd-forge-packets(7858) INFERRED ACTION: CAN-1999-1341 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-tiocsetd-forge-packets(7858) ====================================================== Candidate: CAN-1999-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1351 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990924 Kvirc bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2 Reference: XF:kvirc-dot-directory-traversal(7761) Reference: URL:http://www.iss.net/security_center/static/7761.php Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request. Modifications: ADDREF XF:kvirc-dot-directory-traversal(7761) INFERRED ACTION: CAN-1999-1351 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:kvirc-dot-directory-traversal(7761) ====================================================== Candidate: CAN-1999-1356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1356 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2 Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2 Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2 Reference: XF:compaq-smartstart-legal-notice(7763) Reference: URL:http://www.iss.net/security_center/static/7763.php Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. Modifications: ADDREF XF:compaq-smartstart-legal-notice(7763) INFERRED ACTION: CAN-1999-1356 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:compaq-smartstart-legal-notice(7763) ====================================================== Candidate: CAN-1999-1358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1358 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q157673 Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp Reference: XF:nt-user-policy-update(7400) Reference: URL:http://www.iss.net/security_center/static/7400.php When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. Modifications: ADDREF XF:nt-user-policy-update(7400) INFERRED ACTION: CAN-1999-1358 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-user-policy-update(7400) ====================================================== Candidate: CAN-1999-1359 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1359 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q163875 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp Reference: XF:nt-group-policy-longname(7401) Reference: URL:http://www.iss.net/security_center/static/7401.php When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. Modifications: ADDREF XF:nt-group-policy-longname(7401) INFERRED ACTION: CAN-1999-1359 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-group-policy-longname(7401) ====================================================== Candidate: CAN-1999-1360 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1360 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q160650 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp Reference: XF:nt-kernel-handle-dos(7402) Reference: URL:http://www.iss.net/security_center/static/7402.php Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. Modifications: ADDREF XF:nt-kernel-handle-dos(7402) INFERRED ACTION: CAN-1999-1360 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-kernel-handle-dos(7402) ====================================================== Candidate: CAN-1999-1363 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1363 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q163143 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp Reference: XF:nt-nonpagedpool-dos(7405) Reference: URL:http://www.iss.net/security_center/static/7405.php Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. Modifications: ADDREF XF:nt-nonpagedpool-dos(7405) INFERRED ACTION: CAN-1999-1363 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Stracener MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:nt-nonpagedpool-dos(7405) ====================================================== Candidate: CAN-1999-1379 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1379 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2 Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2 Reference: AUSCERT:AL-1999.004 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos Reference: CIAC:J-063 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml Reference: XF:dns-udp-query-dos(7238) Reference: URL:http://www.iss.net/security_center/static/7238.php DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker. Modifications: ADDREF XF:dns-udp-query-dos(7238) INFERRED ACTION: CAN-1999-1379 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:dns-udp-query-dos(7238) ====================================================== Candidate: CAN-1999-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1380 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html Reference: XF:nu-tuneocx-activex-control(7188) Reference: URL:http://www.iss.net/security_center/static/7188.php Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. Modifications: ADDREF XF:nu-tuneocx-activex-control(7188) INFERRED ACTION: CAN-1999-1380 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Prosser, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:nu-tuneocx-activex-control(7188) ====================================================== Candidate: CAN-1999-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1382 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980108 NetWare NFS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2 Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551 Reference: XF:netware-nfs-file-ownership(7246) Reference: URL:http://www.iss.net/security_center/static/7246.php NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program. Modifications: ADDREF XF:netware-nfs-file-ownership(7246) INFERRED ACTION: CAN-1999-1382 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:netware-nfs-file-ownership(7246) In description, UNIX should probably be Unix, unless you're referring specifically to AT&T System V UNIX (see http://www.unix-systems.org/trademark.html) ====================================================== Candidate: CAN-1999-1384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1384 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2 Reference: AUSCERT:AA-96.08 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul Reference: SGI:19961101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I Reference: BID:470 Reference: URL:http://www.securityfocus.com/bid/470 Reference: XF:irix-systour(7456) Reference: URL:http://www.iss.net/security_center/static/7456.php Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. Modifications: ADDREF XF:irix-systour(7456) INFERRED ACTION: CAN-1999-1384 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:irix-systour(7456) ====================================================== Candidate: CAN-1999-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1385 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0). Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2 Reference: FREEBSD:FreeBSD-SA-96:20 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc Reference: XF:ppp-bo(7465) Reference: URL:http://www.iss.net/security_center/static/7465.php Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable. Modifications: ADDREF XF:ppp-bo(7465) INFERRED ACTION: CAN-1999-1385 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:ppp-bo(7465) ====================================================== Candidate: CAN-1999-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1386 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl Reference: XF:perl-e-tmp-symlink(7243) Reference: URL:http://www.iss.net/security_center/static/7243.php Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. Modifications: ADDREF XF:perl-e-tmp-symlink(7243) INFERRED ACTION: CAN-1999-1386 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Armstrong Voter Comments: Frech> XF:perl-e-tmp-symlink(7243) ====================================================== Candidate: CAN-1999-1402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1402 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2 Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2 Reference: BID:456 Reference: URL:http://www.securityfocus.com/bid/456 Reference: XF:sun-domain-socket-permissions(7172) Reference: URL:http://www.iss.net/security_center/static/7172.php The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. Modifications: ADDREF XF:sun-domain-socket-permissions(7172) INFERRED ACTION: CAN-1999-1402 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:sun-domain-socket-permissions(7172) ====================================================== Candidate: CAN-1999-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1407 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2 Reference: BID:368 Reference: URL:http://www.securityfocus.com/bid/368 Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294) Reference: URL:http://www.iss.net/security_center/static/7294.php Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file. Modifications: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294) ADDREF CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts INFERRED ACTION: CAN-1999-1407 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:initscripts-ifdhcpdone-dhcplog-symlink(7294) http://www.securityfocus.com/archive/1/8731 http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts ====================================================== Candidate: CAN-1999-1409 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1409 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980703 more about 'at' Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2 Reference: NETBSD:NetBSD-SA1998-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc Reference: BID:331 Reference: URL:http://www.securityfocus.com/bid/331 Reference: XF:at-f-read-files(7577) Reference: URL:http://www.iss.net/security_center/static/7577.php The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. Modifications: ADDREF XF:at-f-read-files(7577) INFERRED ACTION: CAN-1999-1409 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:at-f-read-files(7577) ====================================================== Candidate: CAN-1999-1411 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1411 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: DEBIAN:19981126 new version of fsp fixes security flaw Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2 Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2 Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2 Reference: BID:316 Reference: URL:http://www.securityfocus.com/bid/316 Reference: XF:fsp-anon-ftp-access(7574) Reference: URL:http://www.iss.net/security_center/static/7574.php The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anounymous FTP on some servers such as wu-ftp. Modifications: ADDREF XF:fsp-anon-ftp-access(7574) INFERRED ACTION: CAN-1999-1411 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:fsp-anon-ftp-access(7574) DEBIAN URL slightly wrong: http://lists.debian.org/debian-security-announce/debian-security-annou nce-1998/msg00033.html ====================================================== Candidate: CAN-1999-1414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1414 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2 Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2 Reference: BID:284 Reference: URL:http://www.securityfocus.com/bid/284 IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. INFERRED ACTION: CAN-1999-1414 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1419 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1419 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: SUN:00148 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148 Reference: BID:219 Reference: URL:http://www.securityfocus.com/bid/219 Reference: XF:sun-nisplus-bo(7535) Reference: URL:http://www.iss.net/security_center/static/7535.php Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. Modifications: ADDREF XF:sun-nisplus-bo(7535) INFERRED ACTION: CAN-1999-1419 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:sun-nisplus-bo(7535) Dik> sun bug: 1223320 ====================================================== Candidate: CAN-1999-1423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1423 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2 Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2 Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2 Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2 Reference: SUN:00146 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146 Reference: BID:209 Reference: URL:http://www.securityfocus.com/bid/209 Reference: XF:ping-multicast-loopback-dos(7492) Reference: URL:http://www.iss.net/security_center/static/7492.php ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i. Modifications: ADDREF XF:ping-multicast-loopback-dos(7492) INFERRED ACTION: CAN-1999-1423 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech Voter Comments: Frech> XF:ping-multicast-loopback-dos(7492) Dik> sun bug: 1226919 ====================================================== Candidate: CAN-1999-1432 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1432 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2 Reference: BID:160 Reference: URL:http://www.securityfocus.com/bid/160 Reference: SUNBUG:4024179 Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. Modifications: ADDREF SUNBUG:4024179 INFERRED ACTION: CAN-1999-1432 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Dik NOOP(1) Wall Voter Comments: Dik> sun bug: 4024179 ====================================================== Candidate: CAN-1999-1433 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1433 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980715 JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2 Reference: BUGTRAQ:19980722 Re: JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2 Reference: BID:157 Reference: URL:http://www.securityfocus.com/bid/157 HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. INFERRED ACTION: CAN-1999-1433 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1437 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2 Reference: BUGTRAQ:19980710 ePerl Security Update Available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2 Reference: BID:151 Reference: URL:http://www.securityfocus.com/bid/151 ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. INFERRED ACTION: CAN-1999-1437 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-1999-1452 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1452 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2 Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2 Reference: BUGTRAQ:19990129 ole objects in a "secured" environment? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2 Reference: MSKB:Q214802 Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp Reference: BID:198 Reference: URL:http://www.securityfocus.com/bid/198 Reference: XF:nt-gina-clipboard(1975) Reference: URL:http://xforce.iss.net/static/1975.php GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. INFERRED ACTION: CAN-1999-1452 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1455 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1455 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q158320 Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp Reference: XF:nt-rshsvc-ale-bypass(7422) Reference: URL:http://xforce.iss.net/static/7422.php RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. Modifications: ADDREF XF:nt-rshsvc-ale-bypass(7422) INFERRED ACTION: CAN-1999-1455 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-rshsvc-ale-bypass(7422) ====================================================== Candidate: CAN-1999-1456 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1456 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd) Reference: URL:http://www.securityfocus.com/archive/1/10368 Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes Reference: XF:thttpd-file-read(1809) Reference: URL:http://xforce.iss.net/static/1809.php thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. INFERRED ACTION: CAN-1999-1456 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1472 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1472 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2 Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp Reference: MSKB:Q176794 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:http-ie-spy(587) Reference: URL:http://xforce.iss.net/static/587.php Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. INFERRED ACTION: CAN-1999-1472 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1473 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1473 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q176697 Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp Reference: XF:ie-page-redirect(7426) Reference: URL:http://www.iss.net/security_center/static/7426.php When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." Modifications: ADDREF XF:ie-page-redirect(7426) INFERRED ACTION: CAN-1999-1473 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ie-page-redirect(7426) ====================================================== Candidate: CAN-1999-1476 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1476 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: MSKB:Q163852 Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp Reference: XF:pentium-crash(704) Reference: URL:http://xforce.iss.net/static/704.php A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. INFERRED ACTION: CAN-1999-1476 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Foat, Cole, Frech ====================================================== Candidate: CAN-1999-1478 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1478 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2 Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2 Reference: BID:522 Reference: URL:http://www.securityfocus.com/bid/522 Reference: XF:sun-hotspot-vm(2348) Reference: URL:http://xforce.iss.net/static/2348.php The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. INFERRED ACTION: CAN-1999-1478 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1481 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1481 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem Reference: URL:http://www.securityfocus.com/archive/1/33295 Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/ Reference: BID:741 Reference: URL:http://www.securityfocus.com/bid/741 Reference: XF:squid-proxy-auth-access(3433) Reference: URL:http://xforce.iss.net/static/3433.php Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. INFERRED ACTION: CAN-1999-1481 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1488 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CIAC:I-079A Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml Reference: BID:371 Reference: URL:http://www.securityfocus.com/bid/371 Reference: XF:ibm-sdr-read-files(7217) Reference: URL:http://www.iss.net/security_center/static/7217.php sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication. Modifications: ADDREF XF:ibm-sdr-read-files(7217) INFERRED ACTION: CAN-1999-1488 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ibm-sdr-read-files(7217) Frech> XF:ibm-sdr-read-files(7217) ====================================================== Candidate: CAN-1999-1494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1494 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/675 Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole. Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html Reference: SGI:19950209-00-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P Reference: XF:sgi-colorview(2112) Reference: URL:http://xforce.iss.net/static/2112.php Reference: BID:336 Reference: URL:http://www.securityfocus.com/bid/336 colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. INFERRED ACTION: CAN-1999-1494 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Frech, Stracener ====================================================== Candidate: CAN-1999-1507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1507 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: CERT:CA-1993-03 Reference: URL:http://www.cert.org/advisories/CA-1993-03.html Reference: BID:59 Reference: URL:http://www.securityfocus.com/bid/59 Reference: XF:sun-dir(521) Reference: URL:http://xforce.iss.net/static/521.php Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. Modifications: ADDREF XF:sun-dir(521) INFERRED ACTION: CAN-1999-1507 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Dik, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sun-dir(521) Dik> From memory. ====================================================== Candidate: CAN-1999-1512 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1512 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2 Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt Reference: BID:527 Reference: URL:http://www.securityfocus.com/bid/527 Reference: XF:amavis-command-execute(2349) Reference: URL:http://xforce.iss.net/static/2349.php The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field. INFERRED ACTION: CAN-1999-1512 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-1999-1530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1530 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2 Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2 Reference: BID:777 Reference: URL:http://www.securityfocus.com/bid/777 Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764) Reference: URL:http://www.iss.net/security_center/static/7764.php cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. Modifications: ADDREF XF:cobalt-cgiwrap-incorrect-permissions(7764) INFERRED ACTION: CAN-1999-1530 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cobalt-cgiwrap-incorrect-permissions(7764) ====================================================== Candidate: CAN-1999-1531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1531 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:763 Reference: URL:http://www.securityfocus.com/bid/763 Reference: XF:ibm-homepageprint-bo(7767) Reference: URL:http://www.iss.net/security_center/static/7767.php Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. Modifications: ADDREF XF:ibm-homepageprint-bo(7767) INFERRED ACTION: CAN-1999-1531 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ibm-homepageprint-bo(7767) ====================================================== Candidate: CAN-1999-1535 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1535 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2 Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2 Reference: BID:592 Reference: URL:http://www.securityfocus.com/bid/592 Reference: XF:http-aspupload-bo(3291) Reference: URL:http://xforce.iss.net/static/3291.php Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request. INFERRED ACTION: CAN-1999-1535 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1542 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2 Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2 Reference: XF:linux-rh-rpmmail(3353) Reference: URL:http://xforce.iss.net/static/3353.php RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. INFERRED ACTION: CAN-1999-1542 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Wall ====================================================== Candidate: CAN-1999-1550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1550 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2 Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2 Reference: BUGTRAQ:19991109 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2 Reference: BID:778 Reference: URL:http://www.securityfocus.com/bid/778 Reference: XF:bigip-bigconf-view-files(7771) Reference: URL:http://www.iss.net/security_center/static/7771.php bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. Modifications: ADDREF XF:bigip-bigconf-view-files(7771) INFERRED ACTION: CAN-1999-1550 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bigip-bigconf-view-files(7771) ====================================================== Candidate: CAN-1999-1565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1565 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch Reference: URL:http://www.securityfocus.com/archive/1/24784 Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. INFERRED ACTION: CAN-1999-1565 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0006 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991225 strace can lie Reference: URL:http://online.securityfocus.com/archive/1/39831 Reference: XF:linux-strace(4554) Reference: URL:http://xforce.iss.net/static/4554.php strace allows local users to read arbitrary files via memory mapped file names. Modifications: ADDREF XF:linux-strace(4554) INFERRED ACTION: CAN-2000-0006 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Collins, Ozancin, Stracener, Blake, Cole MODIFY(2) Baker, Frech NOOP(2) Wall, Armstrong REVIEWING(1) Levy Voter Comments: Frech> XF:linux-strace Baker> Vulnerability Reference (HTML) http://www.securityfocus.com/archive/1/39831 Misc Defensive Info http://xforce.iss.net/static/4554.php Misc Defensive Info ====================================================== Candidate: CAN-2000-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0007 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-02 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack Reference: XF:pccillin-proxy-remote-dos(4491) Reference: URL:http://xforce.iss.net/static/4491.php Reference: BID:1740 Reference: URL:http://www.securityfocus.com/bid/1740 Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. Modifications: ADDREF XF:pccillin-proxy-remote-dos CHANGEREF XF [normalize] DESC fix typo ADDREF BID:1740 INFERRED ACTION: CAN-2000-0007 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Stracener, Baker, Armstrong MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Levy Voter Comments: Frech> XF:pccillin-proxy-remote-dos Christey> Fix typo: "to its to its" Christey> ADDREF BID:1740 ADDREF URL:http://www.securityfocus.com/bid/1740 ====================================================== Candidate: CAN-2000-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0027 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit Reference: URL:http://www.securityfocus.com/archive/1/39962 Reference: BID:900 Reference: URL:http://www.securityfocus.com/bid/900 Reference: XF:ibm-netstat-race-condition(5381) Reference: URL:http://www.iss.net/security_center/static/5381.php IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. Modifications: ADDREF XF:ibm-netstat-race-condition(5381) INFERRED ACTION: CAN-2000-0027 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Ozancin, Stracener, Levy, Blake, Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Bollinger Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:ibm-netstat-race-condition(5381) ====================================================== Candidate: CAN-2000-0180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0180 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020218-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html Reference: BID:1052 Reference: URL:http://www.securityfocus.com/bid/1052 Reference: XF:sojourn-file-read(4197) Reference: URL:http://xforce.iss.net/static/4197.php Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:sojourn-file-read(4197) INFERRED ACTION: CAN-2000-0180 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Levy, Wall, Baker MODIFY(1) Frech NOOP(4) Ozancin, Blake, LeBlanc, Cole Voter Comments: Frech> XF:sojourn-file-read CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0290 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-02 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html Reference: XF:macos-webstar-get-bo(4792) Reference: URL:http://xforce.iss.net/static/4792.php Reference: BID:1822 Reference: URL:http://www.securityfocus.com/bid/1822 Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. Modifications: ADDREF XF:macos-webstar-get-bo CHANGEREF XF [normalize] ADDREF BID:1822 INFERRED ACTION: CAN-2000-0290 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Ozancin, Blake MODIFY(1) Frech NOOP(4) Armstrong, Christey, Wall, Baker REVIEWING(1) Levy Voter Comments: Frech> XF:macos-webstar-get-bo Baker> Trying to get the XForce entry using the name Andre posted yields no results If I search just on get-bo, I get 11 responses, none of them relating If I search webstar I got one response, just the 1997 lasso cgi one. Here is the URL for the security focus archive of Bugtraq articles: http://www.securityfocus.com/archive/1/53369 Christey> BID:1822 URL:http://www.securityfocus.com/bid/1822 ====================================================== Candidate: CAN-2000-0298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0298 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-02 Proposed: 20000426 Assigned: 20000426 Category: CF Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html Reference: XF:win2k-unattended-install(4278) Reference: URL:http://xforce.iss.net/static/4278.php Reference: BID:1758 Reference: URL:http://www.securityfocus.com/bid/1758 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. Modifications: ADDREF XF:win2k-unattended-install ADDREF BID:1758 CHANGEREF XF [normalize] INFERRED ACTION: CAN-2000-0298 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Cole, Armstrong, Collins, Blake, Wall, Baker MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Levy Voter Comments: Christey> ADDREF XF:win2k-unattended-install Frech> XF:win2k-unattended-install CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> ADDREF BID:1758 ADDREF URL:http://www.securityfocus.com/bid/1758 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0324 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0324 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020220-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html Reference: BID:1150 Reference: URL:http://www.securityfocus.com/bid/1150 Reference: XF:pcanywhere-tcpsyn-dos(4347) Reference: URL:http://www.iss.net/security_center/static/4347.php pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. Modifications: ADDREF BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow ADDREF BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow ADDREF XF:pcanywhere-tcpsyn-dos(4347) DESC make versions more specific. INFERRED ACTION: CAN-2000-0324 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Levy, Prosser, Wall MODIFY(1) Frech NOOP(2) Christey, LeBlanc Voter Comments: Frech> XF:pcanywhere-tcpsyn-dos Christey> Acknowledged by Symantec after a re-discovery: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html Also: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html Prosser> See BugTraq archive, http://www.securityfocus.com/templates/archive.pike?list=1&msg=OF73737D62.9374F44F- This issue corrected in version 9.01 and later CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0457 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0457 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp Reference: BID:1193 Reference: URL:http://www.securityfocus.com/bid/1193 Reference: XF:iis-ism-file-access(4448) Reference: URL:http://xforce.iss.net/static/4448.php ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. Modifications: ADDREF XF:iis-ism-file-access(4448) INFERRED ACTION: CAN-2000-0457 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Stracener, Levy, Prosser MODIFY(1) Frech REVIEWING(1) Ozancin Voter Comments: Frech> XF:iis-ism-file-access ====================================================== Candidate: CAN-2000-0551 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0551 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20010910-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000523 I think Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html Reference: BID:1263 Reference: URL:http://www.securityfocus.com/bid/1263 Reference: XF:danware-netop-bypass-security(4569) Reference: URL:http://xforce.iss.net/static/4569.php The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files. Modifications: ADDREF XF:danware-netop-bypass-security(4569) INFERRED ACTION: CAN-2000-0551 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Ozancin, Levy MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:danware-netop-bypass-security(4569) ====================================================== Candidate: CAN-2000-0570 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0570 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-02 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html Reference: XF:firstclass-large-bcc-dos(4843) Reference: URL:http://xforce.iss.net/static/4843.php Reference: BID:1421 Reference: URL:http://www.securityfocus.com/bid/1421 FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header. Modifications: CHANGEREF XF:firstclass-large-bcc-dos(4843) INFERRED ACTION: CAN-2000-0570 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Levy NOOP(4) Wall, Magdych, Christey, LeBlanc Voter Comments: CHANGE> [Magdych changed vote from REVIEWING to NOOP] Christey> Inquiry sent to support@centrinity.com on 2/22/2002. Christey> Confirmation received on 2/26/2002: "this issue has been fixed in the latest updates to the Version 6.1 FirstClass server." ====================================================== Candidate: CAN-2000-0575 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0575 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96256265914116&w=2 Reference: BID:1426 Reference: URL:http://www.securityfocus.com/bid/1426 Reference: XF:ssh-kerberos-tickets-disclosure(4903) Reference: URL:http://xforce.iss.net/static/4903.php SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS. Modifications: CHANGEREF BUGTRAQ subject was truncated ADDREF XF:ssh-kerberos-tickets-disclosure(4903) INFERRED ACTION: CAN-2000-0575 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Magdych, LeBlanc Voter Comments: Frech> XF:ssh-kerberos-tickets-disclosure(4903) BUGTRAQ title should be "Kerberos security vulnerability in SSH-1.2.27" CHANGE> [Magdych changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0581 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0581 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com Reference: XF:win2k-telnetserver-dos Reference: BID:1414 Reference: URL:http://www.securityfocus.com/bid/1414 Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. INFERRED ACTION: CAN-2000-0581 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Cole, Frech, Levy, Magdych, LeBlanc NOOP(1) Christey Voter Comments: Magdych> Should this be included with CAN-2000-580? The description for 580 could be modified to read "...significantly increases CPU utilization and may crash remote services." Christey> ADDREF MS:MS00-050 CHANGE> [Magdych changed vote from REVIEWING to ACCEPT] CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0593 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0593 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp Reference: XF:winproxy-get-dos(4831) Reference: URL:http://xforce.iss.net/static/4831.php Reference: BID:1400 Reference: URL:http://www.securityfocus.com/bid/1400 WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2000-0593 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Cole, Frech, Levy, Magdych NOOP(1) LeBlanc Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0600 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0600 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html Reference: BID:1393 Reference: URL:http://www.securityfocus.com/bid/1393 Reference: XF:netscape-virtual-directory-bo(4780) Reference: URL:http://xforce.iss.net/static/4780.php Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. Modifications: DELREF XF:netscape-enterprise-netware-bo CHANGEREF XF:netscape-virtual-directory-bo(4780) INFERRED ACTION: CAN-2000-0600 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Magdych, LeBlanc Voter Comments: Frech> DELREF: XF:netscape-enterprise-netware-bo CHANGE> [Magdych changed vote from REVIEWING to NOOP] CHANGE> [Wall changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0615 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html Reference: BID:1447 Reference: URL:http://www.securityfocus.com/bid/1447 Reference: XF:lpd-suid-root(7361) Reference: URL:http://xforce.iss.net/static/7361.php LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files. Modifications: ADDREF XF:lpd-suid-root(7361) INFERRED ACTION: CAN-2000-0615 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Foat, Williams Voter Comments: Frech> XF:lpd-suid-root(7361) ====================================================== Candidate: CAN-2000-0619 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0619 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20000719 Category: SF Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html Reference: VULN-DEV:20000614 Update on TopLayer Advisory Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html Reference: BID:1258 Reference: URL:http://www.securityfocus.com/bid/1258 Reference: XF:toplayer-icmp-dos(7364) Reference: URL:http://xforce.iss.net/static/7364.php Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets. Modifications: ADDREF XF:toplayer-icmp-dos(7364) DESC Fix product name INFERRED ACTION: CAN-2000-0619 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:toplayer-icmp-dos(7364) Actually, the correct name for this item is 'Top Layer AppSwitch 2500'. ====================================================== Candidate: CAN-2000-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0662 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg Reference: BID:1474 Reference: URL:http://www.securityfocus.com/bid/1474 Reference: XF:ie-dhtmled-file-read(5107) Reference: URL:http://xforce.iss.net/static/5107.php Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). Modifications: ADDREF XF:ie-dhtmled-file-read(5107) INFERRED ACTION: CAN-2000-0662 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Levy, LeBlanc MODIFY(1) Frech NOOP(2) Cole, Christey Voter Comments: Christey> Confirmed by Scott Culp Frech> XF:ie-dhtmled-file-read() CHANGE> [LeBlanc changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0699 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0699 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html Reference: BID:1560 Reference: URL:http://www.securityfocus.com/bid/1560 Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. Modifications: DESC Add HP-UX versions, format string vuln. phrase INFERRED ACTION: CAN-2000-0699 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2000-0739 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0739 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1537 Reference: URL:http://www.securityfocus.com/bid/1537 Reference: XF:nettools-pki-dir-traverse(5066) Reference: URL:http://xforce.iss.net/static/5066.php Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server. Modifications: ADDREF XF:nettools-pki-dir-traverse(5066) ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt DESC add "directory traversal vulnerability" DESC add version INFERRED ACTION: CAN-2000-0739 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(3) Wall, Cole, Christey Voter Comments: Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt Christey> XF:nettools-pki-dir-traverse http://xforce.iss.net/static/5066.php ====================================================== Candidate: CAN-2000-0740 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0740 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1536 Reference: URL:http://www.securityfocus.com/bid/1536 Reference: XF:nai-nettools-strong-bo(5026) Reference: URL:http://xforce.iss.net/static/5026.php Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. Modifications: ADDREF XF:nai-nettools-strong-bo(5026) ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt DESC add version INFERRED ACTION: CAN-2000-0740 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(3) Wall, Cole, Christey Voter Comments: Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt Christey> XF:nai-nettools-strong-bo http://xforce.iss.net/static/5026.php ====================================================== Candidate: CAN-2000-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0741 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt Reference: BID:1538 Reference: URL:http://www.securityfocus.com/bid/1538 Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension. Modifications: ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt DESC add format string vuln DESC add version INFERRED ACTION: CAN-2000-0741 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(3) Wall, Cole, Christey Voter Comments: Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt ====================================================== Candidate: CAN-2000-0753 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0753 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000824 Outlook winmail.dat Reference: URL:http://www.securityfocus.com/archive/1/78240 Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure Reference: URL:http://www.securityfocus.com/archive/1/201422 Reference: BID:1631 Reference: URL:http://www.securityfocus.com/bid/1631 Reference: XF:outlook-reveal-path(5508) Reference: URL:http://xforce.iss.net/static/5508.php The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. Modifications: ADDREF XF:outlook-reveal-path(5508) ADDREF BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure INFERRED ACTION: CAN-2000-0753 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) LeBlanc, Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Christey REVIEWING(1) Wall Voter Comments: LeBlanc> - if someone could repro this, I'd move to ACCEPT. Looks like it might be valid, but I'm not sure Frech> XF:outlook-reveal-path(5508) Christey> I just reproduced it by examining someone's post to a mailing list that I'm subscribed to. Within the winmail.dat was this: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Hrmmm, someone running Outlook as administrator? Anyway, I grabbed a different winmail.dat from someone else's message, and it's D:\Documents and Settings\[**USER NAME DELETED**]\Local Settings\Application Data\Microsoft\Outlook\outlook.pst This issue was rediscovered in August 2001. BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure URL:http://www.securityfocus.com/archive/1/201422 CHANGE> [LeBlanc changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0776 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0776 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html Reference: BID:1568 Reference: URL:http://www.securityfocus.com/bid/1568 Reference: XF:mediahouse-stats-livestats-bo(5113) Reference: URL:http://xforce.iss.net/static/5113.php Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request. Modifications: ADDREF XF:mediahouse-stats-livestats-bo(5113) INFERRED ACTION: CAN-2000-0776 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Levy, Williams MODIFY(1) Frech NOOP(4) LeBlanc, Wall, Cole, Christey Voter Comments: Christey> XF:mediahouse-stats-livestats-bo http://xforce.iss.net/static/5113.php Frech> XF:mediahouse-stats-livestats-bo(5113) ====================================================== Candidate: CAN-2000-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0788 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg Reference: MS:MS00-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-071.asp Reference: BID:1566 Reference: URL:http://www.securityfocus.com/bid/1566 Reference: XF:word-mail-merge(5322) Reference: URL:http://xforce.iss.net/static/5322.php The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands. Modifications: ADDREF MS:MS00-071 ADDREF XF:word-mail-merge(5322) INFERRED ACTION: CAN-2000-0788 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) LeBlanc, Wall, Baker, Levy NOOP(2) Cole, Christey Voter Comments: Christey> ADDREF XF:word-mail-merge ADDREF MS:MS00-071?? CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0790 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0790 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020220-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg Reference: BID:1571 Reference: URL:http://www.securityfocus.com/bid/1571 Reference: XF:ie-folder-remote-exe(5097) Reference: URL:http://xforce.iss.net/static/5097.php The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. Modifications: ADDREF XF:ie-folder-remote-exe(5097) INFERRED ACTION: CAN-2000-0790 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) LeBlanc, Wall, Levy MODIFY(1) Frech NOOP(2) Cole, Christey Voter Comments: Christey> XF:ie-folder-remote-exe http://xforce.iss.net/static/5097.php Frech> XF:ie-folder-remote-exe(5097) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0795 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0795 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: BID:1529 Reference: URL:http://www.securityfocus.com/bid/1529 Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option. INFERRED ACTION: CAN-2000-0795 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(3) Wall, Cole, Christey Voter Comments: Christey> I'm consulting with SGI on this one. ====================================================== Candidate: CAN-2000-0796 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0796 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: BID:1528 Reference: URL:http://www.securityfocus.com/bid/1528 Reference: XF:irix-dmplay-bo(5064) Reference: URL:http://xforce.iss.net/static/5064.php Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option. Modifications: ADDREF XF:irix-dmplay-bo(5064) INFERRED ACTION: CAN-2000-0796 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Levy, Williams NOOP(3) Wall, Cole, Christey Voter Comments: Christey> XF:irix-dmplay-bo http://xforce.iss.net/static/5064.php ====================================================== Candidate: CAN-2000-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0825 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96659012127444&w=2 Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96654521004571&w=2 Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html Reference: XF:ipswitch-imail-remote-dos(5475) Reference: URL:http://xforce.iss.net/static/5475.php Reference: BID:2011 Reference: URL:http://www.securityfocus.com/bid/2011 Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. Modifications: ADDREF XF:ipswitch-imail-remote-dos(5475) ADDREF BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 ADDREF NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2 ADDREF BID:2011 INFERRED ACTION: CAN-2000-0825 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Collins MODIFY(1) Frech NOOP(1) Christey Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:ipswitch-imail-remote-dos(5475) Christey> BID:2011 http://www.securityfocus.com/bid/2011 CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0830 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0830 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-02 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000913 trivial DoS in webTV Reference: URL:http://www.securityfocus.com/archive/1/81852 Reference: MS:MS00-074 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-074.asp Reference: BID:1671 Reference: URL:http://www.securityfocus.com/bid/1671 Reference: XF:webtv-udp-dos Reference: URL:http://xforce.iss.net/static/5216.php annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. Modifications: CHANGEREF BUGTRAQ [canonicalize; add BUGTRAQ tag] ADDREF MS:MS00-074 DESC Add "for Windows" INFERRED ACTION: CAN-2000-0830 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Frech, Collins NOOP(4) Cole, Armstrong, Magdych, Christey Voter Comments: Christey> ADDREF MS:MS00-074 CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0838 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0838 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html Reference: XF:fur-get-dos(5237) Reference: URL:http://xforce.iss.net/static/5237.php Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request. Modifications: CHANGEREF WIN2KSEC add date CHANGEREF XF canonicalize INFERRED ACTION: CAN-2000-0838 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Frech, Collins NOOP(3) Cole, Armstrong, Magdych Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0839 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0839 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html Reference: BID:1701 Reference: URL:http://www.securityfocus.com/bid/1701 Reference: XF:wincom-lpd-dos(5258) Reference: URL:http://xforce.iss.net/static/5258.php WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515). Modifications: CHANGEREF XF canonicalize INFERRED ACTION: CAN-2000-0839 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Frech, Collins NOOP(3) Cole, Armstrong, Magdych Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0859 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0859 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html Reference: BID:1640 Reference: URL:http://www.securityfocus.com/bid/1640 Reference: XF:ntmail-incomplete-http-requests Reference: URL:http://xforce.iss.net/static/5182.php The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. INFERRED ACTION: CAN-2000-0859 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Cole, Collins NOOP(1) Armstrong Voter Comments: Cole> INDEPENDENT-CONFIRMATION Collins> http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2000008.htm CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0891 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20001114 Category: CF Reference: CERT-VN:VU#5962 Reference: URL:http://www.kb.cert.org/vuls/id/5962 Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S Reference: XF:lotus-notes-bypass-ecl(5045) Reference: URL:http://xforce.iss.net/static/5045.php A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. Modifications: ADDREF XF:lotus-notes-bypass-ecl(5045) INFERRED ACTION: CAN-2000-0891 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:lotus-notes-bypass-ecl(5045) ====================================================== Candidate: CAN-2000-0892 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0892 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20001114 Category: SF Reference: CERT-VN:VU#22404 Reference: URL:http://www.kb.cert.org/vuls/id/22404 Reference: XF:telnet-obtain-env-variable(6644) Reference: URL:http://xforce.iss.net/static/6644.php Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. Modifications: ADDREF XF:telnet-obtain-env-variable(6644) INFERRED ACTION: CAN-2000-0892 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Stracener MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Frech> XF:telnet-obtain-env-variable(6644) MISC reference should be http://www.securiteam.com/exploits/5YQ0C000IU.html. Christey> The MISC reference suggested by Andre is for CAN-2000-1191 ====================================================== Candidate: CAN-2000-1101 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1101 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20001219 Assigned: 20001214 Category: Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html Reference: BID:2005 Reference: URL:http://www.securityfocus.com/bid/2005 Reference: XF:wftpd-dir-traverse(5608) Reference: URL:http://www.iss.net/security_center/static/5608.php Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack. Modifications: ADDREF XF:wftpd-dir-traverse(5608) INFERRED ACTION: CAN-2000-1101 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:wftpd-dir-traverse(5608) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1111 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS Reference: URL:http://www.securityfocus.com/archive/1/147914 Reference: BID:2018 Reference: URL:http://www.securityfocus.com/bid/2018 Reference: XF:win2k-telnet-dos(5598) Reference: URL:http://xforce.iss.net/static/5598.php Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. Modifications: ADDREF XF:win2k-telnet-dos(5598) INFERRED ACTION: CAN-2000-1111 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:win2k-telnet-dos(5598) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-1190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1190 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:20000531 Re: strike#2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2 Reference: REDHAT:RHSA-2000:016-03 Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-016-03.html Reference: XF:linux-imwheel-symlink(4941) Reference: URL:http://www.iss.net/security_center/static/4941.php imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file. Modifications: ADDREF XF:linux-imwheel-symlink(4941) INFERRED ACTION: CAN-2000-1190 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-imwheel-symlink(4941) ====================================================== Candidate: CAN-2000-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1195 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CALDERA:CSSA-2000-008.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt Reference: XF:telnetd-login-bypass(4225) Reference: URL:http://xforce.iss.net/static/4225.php telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. Modifications: ADDREF XF:telnetd-login-bypass(4225) INFERRED ACTION: CAN-2000-1195 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:telnetd-login-bypass(4225) ====================================================== Candidate: CAN-2000-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1196 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010912 Assigned: 20010831 Category: Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt Reference: XF:publishingxpert-pscoerrpage-url(7362) Reference: URL:http://xforce.iss.net/static/7362.php PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. Modifications: ADDREF XF:publishingxpert-pscoerrpage-url(7362) INFERRED ACTION: CAN-2000-1196 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:publishingxpert-pscoerrpage-url(7362) ====================================================== Candidate: CAN-2000-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1200 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage Reference: URL:http://www.securityfocus.com/archive/1/44430 Reference: XF:nt-lsa-domain-sid(4015) Reference: URL:http://xforce.iss.net/static/4015.php Reference: BID:959 Reference: URL:http://www.securityfocus.com/bid/959 Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. INFERRED ACTION: CAN-2000-1200 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Frech, Stracener NOOP(1) Foat ====================================================== Candidate: CAN-2001-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0001 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010309 Assigned: 20010103 Category: SF Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html Reference: XF:php-nuke-elevate-privileges(6183) Reference: URL:http://xforce.iss.net/static/6183.php cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. Modifications: ADDREF XF:php-nuke-elevate-privileges(6183) INFERRED ACTION: CAN-2001-0001 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Lawler MODIFY(1) Frech NOOP(2) Cole, Christey REVIEWING(1) Ziese Voter Comments: Lawler> http://www.phpnuke.org/article.php?sid=1201 Frech> XF:php-nuke-elevate-privileges(6183) Ziese> When a vendor does not acknowledge an entry it should be rejected unless and until its been independently confirmed Christey> Since Kevin Ziese's comment, this CAN has since received several ACCEPT votes from members because someone they trusted reproduced the results. ====================================================== Candidate: CAN-2001-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0007 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010202 Assigned: 20010108 Category: SF Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability Reference: URL:http://www.securityfocus.com/archive/1/155149 Reference: BID:2176 Reference: URL:http://www.securityfocus.com/bid/2176 Reference: XF:netscreen-webui-bo(5908) Reference: URL:http://xforce.iss.net/static/5908.php Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface. Modifications: CHANGEREF BUGTRAQ fix date ADDREF XF:netscreen-webui-bo(5908) INFERRED ACTION: CAN-2001-0007 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall REVIEWING(1) Ziese Voter Comments: Christey> BID:2176 URL:http://www.securityfocus.com/bid/2176 Frech> XF:netscreen-webui-bo(5908) Christey> Change date in Bugtraq ref to 20010109 XF:netscreen-webui-bo URL:http://xforce.iss.net/static/5908.php ====================================================== Candidate: CAN-2001-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0018 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020308-01 Proposed: 20010309 Assigned: 20010127 Category: SF Reference: VULN-DEV:20001202 UDP Ping-pong in Win2k Reference: URL:http://online.securityfocus.com/archive/82/148411 Reference: MS:MS01-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp Reference: XF:win2k-domain-controller-dos(6136) Reference: URL:http://xforce.iss.net/static/6136.php Reference: CIAC:L-049 Reference: URL:http://www.ciac.org/ciac/bulletins/l-049.shtml Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. Modifications: ADDREF XF:win2k-domain-controller-dos(6136) ADDREF CIAC:L-049 ADDREF VULN-DEV:20001202 UDP Ping-pong in Win2k INFERRED ACTION: CAN-2001-0018 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Ziese, Lawler, Prosser MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:win2k-domain-controller-dos(6136) Christey> This post may be related: BUGTRAQ:20001202 UDP Ping-pong in Win2k http://www.securityfocus.com/archive/1/148411 Prosser> MS01-011 Christey> Actually, isn't this post from VULN-DEV? Christey> Whoops, yes, the post is from VULN-DEV, and it is describing the same issue (confirmed). ====================================================== Candidate: CAN-2001-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0094 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020222-01 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: NETBSD:NetBSD-SA2000-017 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc Reference: FREEBSD:FreeBSD-SA-01:25 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc Reference: XF:kerberos4-auth-packet-overflow(5734) Reference: URL:http://xforce.iss.net/static/5734.php Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges. Modifications: ADDREF XF:kerberos4-auth-packet-overflow(5734) DESC include both NetBSD and FreeBSD ADDREF FREEBSD:FreeBSD-SA-01:25 INFERRED ACTION: CAN-2001-0094 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(2) Frech, Prosser NOOP(2) Ziese, Wall RECAST(1) Christey Voter Comments: Frech> XF:kerberos4-auth-packet-overflow(5734) Description states FreeBSD, but advisory is for NetBSD. Christey> Change description to *NetBSD* Prosser> FreeBSD 3.5 STABLE and 4.2 STABLE are vulnerable as well. See ref FreeBSD-SA-01:25 http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html or http://www.freebsd.org/security/security.html#adv Prosser> FreeBSD 3.5 STABLE and 4.2 STABLE are vulnerable as well. See ref FreeBSD-SA-01:25 http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html or http://www.freebsd.org/security/security.html#adv CHANGE> [Christey changed vote from NOOP to RECAST] Christey> This is a "soft" recast; I'm just adding another OS to the description. ====================================================== Candidate: CAN-2001-0122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0122 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010214 Assigned: 20010206 Category: SF Reference: BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html Reference: BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/security.html Reference: BID:2175 Reference: URL:http://www.securityfocus.com/bid/2175 Reference: XF:ibm-websphere-dos(5900) Reference: URL:http://xforce.iss.net/static/5900.php Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. Modifications: ADDREF XF:ibm-websphere-dos(5900) ADDREF CONFIRM ADDREF BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release) INFERRED ACTION: CAN-2001-0122 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Oliver MODIFY(1) Frech NOOP(4) Wall, Cole, Magdych, Christey Voter Comments: Frech> XF:ibm-websphere-dos(5900) Christey> XF:ibm-websphere-dos(5900) http://xforce.iss.net/static/5900.php Christey> Change spelling to "afpa" ADDREF BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release) http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html Baker> detailed review of IBM Websphere site has indicators that this is a problem, however, it is not directly stated. Information there leads me to believe this is an accurate representation of the problem Christey> Need to consult Troy Bollinger on this ====================================================== Candidate: CAN-2001-0156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0156 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010309 Assigned: 20010216 Category: CF Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html Reference: XF:vshell-port-forwarding-rule(6148) Reference: URL:http://xforce.iss.net/static/6148.php Reference: BID:2402 Reference: URL:http://online.securityfocus.com/bid/2402 VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users conduct arbitrary port forwarding to other systems. Modifications: ADDREF CONFIRM:http://www.vandyke.com/products/vshell/security102.html ADDREF XF:vshell-port-forwarding-rule(6148) ADDREF BID:2402 INFERRED ACTION: CAN-2001-0156 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Lawler MODIFY(1) Frech NOOP(1) Cole REVIEWING(1) Ziese Voter Comments: Frech> XF:vshell-port-forwarding-rule(6148) CONFIRM:http://www.vandyke.com/products/vshell/security102.html ====================================================== Candidate: CAN-2001-0204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0204 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS Reference: URL:http://www.securityfocus.com/archive/1/162965 Reference: BID:2369 Reference: URL:http://www.securityfocus.com/bid/2369 Reference: XF:firebox-pptp-dos(6109) Reference: URL:http://xforce.iss.net/static/6109.php Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. Modifications: ADDREF XF:firebox-pptp-dos(6109) INFERRED ACTION: CAN-2001-0204 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Lawler MODIFY(1) Frech NOOP(1) Cole REVIEWING(1) Ziese Voter Comments: Frech> XF:firebox-pptp-dos(6109) ====================================================== Candidate: CAN-2001-0236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0236 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010404 Assigned: 20010309 Category: SF Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2 Reference: CERT:CA-2001-05 Reference: URL:http://www.cert.org/advisories/CA-2001-05.html Reference: CIAC:L-065 Reference: URL:http://www.ciac.org/ciac/bulletins/l-065.shtml Reference: SUN:00207 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207 Reference: XF:solaris-snmpxdmid-bo(6245) Reference: URL:http://xforce.iss.net/static/6245.php Reference: BID:2417 Reference: URL:http://www.securityfocus.com/bid/2417 Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. Modifications: ADDREF XF:solaris-snmpxdmid-bo(6245) ADDREF SUN:00207 ADDREF CIAC:L-065a INFERRED ACTION: CAN-2001-0236 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Dik, Bishop MODIFY(1) Frech NOOP(3) Wall, Ziese, Christey Voter Comments: Frech> XF:solaris-snmpxdmid-bo(6245) Christey> SUN:00207 CHANGE> [Bishop changed vote from REVIEWING to ACCEPT] Christey> SUN:00207 URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207 ====================================================== Candidate: CAN-2001-0252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0252 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010404 Assigned: 20010329 Category: SF Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS Reference: URL:http://www.securityfocus.com/archive/1/157641 Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2 Reference: BID:2282 Reference: URL:http://www.securityfocus.com/bid/2282 Reference: XF:netscape-enterprise-dot-dos Reference: URL:http://xforce.iss.net/static/5983.php iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences. INFERRED ACTION: CAN-2001-0252 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Bishop NOOP(1) Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0265 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010402 Category: SF Reference: ATSTAKE:A040901-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt Reference: XF:pgp-armor-code-execution(6643) Reference: URL:http://xforce.iss.net/static/6643.php Reference: BID:2556 Reference: URL:http://online.securityfocus.com/bid/2556 ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. Modifications: ADDREF XF:pgp-armor-code-execution(6643) ADDREF BID:2556 INFERRED ACTION: CAN-2001-0265 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Cole, Ziese MODIFY(1) Frech NOOP(1) Oliver Voter Comments: Frech> XF:pgp-armor-code-execution(6643) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0269 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0269 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html Reference: SUNBUG:4384816 Reference: XF:solaris-pamldap-bypass-authentication(6440) Reference: URL:http://xforce.iss.net/static/6440.php pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. Modifications: ADDREF SUNBUG:4384816 ADDREF XF:solaris-pamldap-bypass-authentication(6440) INFERRED ACTION: CAN-2001-0269 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Dik MODIFY(1) Frech NOOP(3) Wall, Bishop, Ziese Voter Comments: Dik> bug 4384816 Frech> XF:solaris-pamldap-bypass-authentication(6440) CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0276 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2 Reference: CONFIRM:http://www.badblue.com/p010219.htm Reference: BID:2390 Reference: URL:http://www.securityfocus.com/bid/2390 Reference: XF:badblue-ext-reveal-path(6130) Reference: URL:http://xforce.iss.net/static/6130.php ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. Modifications: ADDREF XF:badblue-ext-reveal-path(6130) ADDREF CONFIRM:http://www.badblue.com/p010219.htm INFERRED ACTION: CAN-2001-0276 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Cole, Bishop, Ziese, Christey Voter Comments: Frech> XF:badblue-ext-reveal-path(6130) Christey> CONFIRM:http://www.badblue.com/p010219.htm CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0280 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0280 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html Reference: XF:mercur-expn-bo(6149) Reference: URL:http://xforce.iss.net/static/6149.php Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. Modifications: ADDREF XF:mercur-expn-bo(6149) INFERRED ACTION: CAN-2001-0280 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Wall, Bishop, Ziese Voter Comments: Frech> XF:mercur-expn-bo(6149) CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0321 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010404 Assigned: 20010404 Category: SF Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html Reference: XF:phpnuke-opendir-read-files(6512) Reference: URL:http://xforce.iss.net/static/6512.php opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. Modifications: ADDREF XF:phpnuke-opendir-read-files(6512) DESC fix typo INFERRED ACTION: CAN-2001-0321 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(4) Wall, Bishop, Ziese, Christey Voter Comments: Christey> Fix "n" typo. Frech> XF:phpnuke-opendir-read-files(6512) CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0327 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0327 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20010223-02 Proposed: 20010524 Assigned: 20010413 Category: SF Reference: ATSTAKE:A041601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a041601-1.txt Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html Reference: CERT-VN:VU#276767 Reference: URL:http://www.kb.cert.org/vuls/id/276767 iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. Modifications: ADDREF CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html ADDREF CERT-VN:VU#276767 DESC Clean up INFERRED ACTION: CAN-2001-0327 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Ziese, Renaud MODIFY(2) Frech, Williams NOOP(1) Christey Voter Comments: Frech> XF:oracle-appserver-ndwfn4-bo(6334) CONFIRM:http://www.iplanet.com/products/iplanet_web_enterpris e/iwsalert4.16.html Williams> The iPlanet is vulnerable to a flaw that allows a remote attacker to possibly gain sensitive information or cause a denial of service condition. The problem is due to how character transformation occurs between the HOST and LOCATION headers. An attacker can create a special HOST header that when processed may reveal sensitive portions of memory in a returned LOCATION error message, or may cause a denial of service. Christey> The XF reference is not related to iPlanet. ====================================================== Candidate: CAN-2001-0364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0364 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98467799732241&w=2 Reference: BID:2477 Reference: URL:http://www.securityfocus.com/bid/2477 Reference: XF:ssh-ssheloop-dos(6241) Reference: URL:http://xforce.iss.net/static/6241.php SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0364 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Cole, Frech, Ziese, Oliver Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0365 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010318 feeble.you!dora.exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2 Reference: XF:eudora-html-execute-code(6262) Reference: URL:http://xforce.iss.net/static/6262.php Reference: BID:2490 Reference: URL:http://www.securityfocus.com/bid/2490 Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0365 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Frech, Ziese NOOP(1) Oliver Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0366 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit Reference: URL:http://www.securityfocus.com/archive/1/180498 Reference: CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol Reference: BID:2662 Reference: URL:http://www.securityfocus.com/bid/2662 Reference: XF:linux-sap-execute-code(6487) Reference: URL:http://xforce.iss.net/static/6487.php saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. Modifications: ADDREF XF:linux-sap-execute-code(6487) ADDREF CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol INFERRED ACTION: CAN-2001-0366 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Ziese, Williams MODIFY(1) Frech NOOP(3) Wall, Renaud, Christey Voter Comments: Ziese> When we have changelog vs advisory in the advisory notes I think we might want to consider another voting strategy (FIXED-BUT-NOT-ACKNOWLEDGED) (Ziese) Frech> XF:linux-sap-execute-code(6487) Christey> The "analysis" section for this CAN should have provided details for where the acknowledgement in the changelog should have appeared, as well as a MISC or CONFIRM reference to the change log itself, for external verification. I can't find the changelog, and the content team member who created this CAN has left MITRE :-/ Christey> ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol has a modification date of April 27, 2 days before the problem was publicized. The last entry of the README is for 1.5, which says "security fixes for SUID." Since the type of problem that appears in this can only really happens in a setuid program, *and* the modification date of the README correlates with the date of the announcement, this seems like sufficient acknowledgement. ====================================================== Candidate: CAN-2001-0371 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0371 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: FREEBSD:FreeBSD-SA-01:30 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html Reference: XF:ufs-ext2fs-data-disclosure(6268) Reference: URL:http://xforce.iss.net/static/6268.php Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0371 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Frech, Ziese, Oliver NOOP(2) Wall, Christey Voter Comments: Ziese> I think the section about 'other operating systems' should either be removed or the impacted operating systems should be explicitly listed. Christey> Not saying "other operating systems" could make it less obvious that this CAN could go through a "soft recast" in the future. ====================================================== Candidate: CAN-2001-0373 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0373 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010524 Assigned: 20010524 Category: CF Reference: BUGTRAQ:20010323 NT crash dump files insecure by default Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html Reference: BID:2501 Reference: URL:http://www.securityfocus.com/bid/2501 Reference: XF:win-userdmp-insecure-permission(6275) Reference: URL:http://xforce.iss.net/static/6275.php The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. Modifications: CHANGEREF XF normalize INFERRED ACTION: CAN-2001-0373 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Oliver REVIEWING(1) Ziese ====================================================== Candidate: CAN-2001-0386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0386 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX) Reference: URL:http://www.securityfocus.com/archive/1/177156 Reference: BID:2608 Reference: URL:http://www.securityfocus.com/bid/2608 Reference: XF:analogx-simpleserver-aux-dos(6395) Reference: URL:http://xforce.iss.net/static/6395.php AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. Modifications: ADDREF XF:analogx-simpleserver-aux-dos(6395) INFERRED ACTION: CAN-2001-0386 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Ziese, Renaud MODIFY(1) Frech NOOP(2) Wall, Williams Voter Comments: Frech> XF:analogx-simpleserver-aux-dos(6395) CHANGE> [Williams changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0394 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html Reference: XF:website-pro-remote-dos(6295) Reference: URL:http://xforce.iss.net/static/6295.php Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0394 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Frech, Williams NOOP(5) Wall, Foat, Cole, Bishop, Ziese Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0407 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html Reference: XF:mysql-dot-directory-traversal(6617) Reference: URL:http://xforce.iss.net/static/6617.php Reference: BID:2522 Reference: URL:http://online.securityfocus.com/bid/2522 Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). Modifications: ADDREF XF:mysql-dot-directory-traversal(6617) ADDREF BID:2522 INFERRED ACTION: CAN-2001-0407 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Oliver, Wall, Cole, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:mysql-dot-directory-traversal(6617) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0416 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0416 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: DEBIAN:DSA-038 Reference: URL:http://www.debian.org/security/2001/dsa-038 Reference: REDHAT:RHSA-2001:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98477491130367&w=2 Reference: MANDRAKE:MDKSA-2001:030 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3 Reference: CONECTIVA:CLA-2001:390 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390 Reference: XF:sgmltools-symlink Reference: URL:http://xforce.iss.net/static/6201.php Reference: SUSE:SuSE-SA:2001:16 Reference: URL:http://www.suse.de/de/support/security/2001_016_sgmltool_txt.html Reference: BID:2683 Reference: URL:http://www.securityfocus.com/bid/2683 Reference: BID:2506 Reference: URL:http://www.securityfocus.com/bid/2506 sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. Modifications: ADDREF SUSE:SuSE-SA:2001:16 ADDREF BID:2683 ADDREF BID:2506 INFERRED ACTION: CAN-2001-0416 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Oliver, Baker, Cole, Frech, Ziese NOOP(2) Wall, Christey Voter Comments: Christey> SUSE:SuSE-SA:2001:16 BID:2683 ? BID:2506 ? ====================================================== Candidate: CAN-2001-0422 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0422 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html Reference: SUNBUG:4356377 Reference: SUNBUG:4425845 Reference: SUNBUG:4440161 Reference: BID:2561 Reference: URL:http://www.securityfocus.com/bid/2561 Reference: XF:solaris-xsun-home-bo(6343) Reference: URL:http://xforce.iss.net/static/6343.php Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. Modifications: ADDREF XF:solaris-xsun-home-bo(6343) ADDREF SUNBUG:4356377 ADDREF SUNBUG:4425845 ADDREF SUNBUG:4440161 INFERRED ACTION: CAN-2001-0422 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Dik, Williams MODIFY(1) Frech NOOP(3) Wall, Cole, Ziese Voter Comments: Frech> XF:solaris-xsun-home-bo(6343) Dik> sun bug: 4356377 (SPARC) 4425845(Intel) 4440161 (SunRAY) ====================================================== Candidate: CAN-2001-0442 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0442 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html Reference: BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/179217 Reference: BID:2641 Reference: URL:http://www.securityfocus.com/bid/2641 Reference: XF:mercury-mta-bo(6444) Reference: URL:http://www.iss.net/security_center/static/6444.php Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. Modifications: ADDREF XF:mercury-mta-bo(6444) DESC Add possibility of 1.48 in some NetWare versions ADDREF BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow INFERRED ACTION: CAN-2001-0442 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Cole MODIFY(2) Baker, Frech NOOP(4) Wall, Ziese, Balinsky, Williams Voter Comments: Frech> XF:mercury-mta-bo(6444) Baker> Others report that it still affects version 1.48 as well: See the bugtraq post of Wed Apr 25 2001 08:32:40 below - On Tue, Apr 24, 2001 at 01:09:59PM +0300, Atro Tossavainen wrote: >> My colleague reports that NetWare servers running Mercury 1.48 crash >> happily. >I've tested it on Mercury 1.48 on Netware 4.10 and it crashed. Mercury 1.48 >on Netware 4.11 didn't crashed. CHANGE> [Baker changed vote from REVIEWING to MODIFY] Baker> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=179571 ====================================================== Candidate: CAN-2001-0444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0444 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20010910-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html Reference: XF:cisco-cbos-gain-information(6453) Reference: URL:http://xforce.iss.net/static/6453.php Reference: BID:2635 Reference: URL:http://www.securityfocus.com/bid/2635 Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. Modifications: ADDREF XF:cisco-cbos-gain-information(6453) INFERRED ACTION: CAN-2001-0444 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Ziese MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:cisco-cbos-gain-information(6453) CONFIRM:http://www.cisco.com/warp/public/707/CBOS-multiple2-p ub.html Christey> The Cisco reference does not appear to mention anything about this problem. ====================================================== Candidate: CAN-2001-0449 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0449 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow Reference: URL:http://www.securityfocus.com/archive/1/166211 Reference: XF:winzip-zipandemail-bo(6191) Reference: URL:http://xforce.iss.net/static/6191.php Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option. Modifications: CHANGEREF XF normalize INFERRED ACTION: CAN-2001-0449 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Oliver, Baker, Frech NOOP(2) Wall, Cole REVIEWING(1) Ziese Voter Comments: CHANGE> [Oliver changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0461 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0461 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html Reference: XF:foldoc-cgi-execute-commands Reference: URL:http://xforce.iss.net/static/6217.php template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi. INFERRED ACTION: CAN-2001-0461 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Oliver, Baker, Cole, Frech, Ziese NOOP(2) Wall, Christey Voter Comments: Ziese> Is this a vulnerability or is it just an improperly configured web site?? Oliver> Perhaps we should find a way to lump all of the metacharacter attacks into a subgroup. Christey> It would appear that Kevin is right at first glance, in which case we would not approve this CAN due to CD:EX-ONLINE-SVC. However, the Bugtraq post says that foldoc was made available in Debian packages, which does appear to be the case. So, there are distributions of FOLDOC which need to be patched, and this CAN should be approved. ====================================================== Candidate: CAN-2001-0463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0463 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html Reference: BID:2663 Reference: URL:http://www.securityfocus.com/bid/2663 Reference: XF:perlcal-calmake-directory-traversal(6480) Reference: URL:http://xforce.iss.net/static/6480.php Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. Modifications: ADDREF XF:perlcal-calmake-directory-traversal(6480) INFERRED ACTION: CAN-2001-0463 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Renaud MODIFY(1) Frech NOOP(5) Oliver, Wall, Ziese, Balinsky, Williams Voter Comments: Frech> XF:perlcal-calmake-directory-traversal(6480) CHANGE> [Williams changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0487 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0487 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: AIXAPAR:IY17630 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0005.html Reference: XF:aix-snmpd-rst-dos(6996) Reference: URL:http://www.iss.net/security_center/static/6996.php AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. Modifications: ADDREF XF:aix-snmpd-rst-dos(6996) INFERRED ACTION: CAN-2001-0487 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Bollinger, Cole, Ziese, Renaud, Williams MODIFY(1) Frech NOOP(1) Wall Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:aix-snmpd-rst-dos(6996) ====================================================== Candidate: CAN-2001-0493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0493 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010424 Advisory for Small HTTP Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm Reference: BID:2649 Reference: URL:http://www.securityfocus.com/bid/2649 Reference: XF:small-http-aux-dos(6446) Reference: URL:http://xforce.iss.net/static/6446.php Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux. Modifications: ADDREF CONFIRM:http://home.lanck.net/mf/srv/index.htm ADDREF XF:small-http-aux-dos(6446) DESC Mention MS-DOS device names. INFERRED ACTION: CAN-2001-0493 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Oliver, Baker, Cole, Ziese, Renaud MODIFY(1) Frech NOOP(2) Wall, Williams Voter Comments: Oliver> Fix identified in ver 2.04 and higher, acknowledged on vendor home page. A revision in the description might be in order to include all system predefined names (Windows). Frech> XF:small-http-aux-dos(6446) CHANGE> [Ziese changed vote from REVIEWING to ACCEPT] Baker> http://home.lanck.net/mf/srv/index.htm vendor page, w/ack "[28.04.01] Version 2.04 Get it (70Kb) - Now, system predefined names (AUX,LPT1,PRN,etc.) are detected as bad request. + QUERY_STRING variable is visible for SSI. + Keys ssihtm, nossihtm have been added. Before SSI tags had been checked in .sht*,.sml*,.asp* files only. Now optional SSI could be checked in .htm* files too. " CHANGE> [Williams changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0497 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010604 Category: SF Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys Reference: URL:http://xforce.iss.net/alerts/advise78.php Reference: XF:bind-local-key-exposure(6694) Reference: URL:http://xforce.iss.net/static/6694.php dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. Modifications: ADDREF XF:bind-local-key-exposure(6694) INFERRED ACTION: CAN-2001-0497 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:bind-local-key-exposure(6694) Set URL for ISS at http://xforce.iss.net/alerts/advise78.php ====================================================== Candidate: CAN-2001-0500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0500 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-02 Proposed: 20010727 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access) Reference: URL:http://www.securityfocus.com/archive/1/191873 Reference: MS:MS01-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-033.asp Reference: CERT:CA-2001-13 Reference: URL:http://www.cert.org/advisories/CA-2001-13.html Reference: BID:2880 Reference: URL:http://www.securityfocus.com/bid/2880 Reference: XF:iis-isapi-idq-bo(6705) Reference: URL:http://www.iss.net/security_center/static/6705.php Reference: CIAC:L-098 Reference: URL:http://www.ciac.org/ciac/bulletins/l-098.shtml Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. Modifications: DESC Mention Code Red ADDREF XF:iis-isapi-idq-bo(6705) ADDREF CIAC:L-098 INFERRED ACTION: CAN-2001-0500 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Prosser, Wall, Foat, Cole, Collins, Ziese, Stracener MODIFY(2) Frech, Balinsky Voter Comments: Balinsky> Would it be worth adding "This vulnerability was the root of the Code Red worm."? We could at least add the CERT Code Red advisories: http://www.cert.org/advisories/CA-2001-19.html and http://www.cert.org/advisories/CA-2001-23.html Frech> XF:iis-isapi-idq-bo(6705) XF:backdoor-codered2(6992) ====================================================== Candidate: CAN-2001-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0501 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99325144322224&w=2 Reference: MS:MS01-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-034.asp Reference: BID:2876 Reference: URL:http://www.securityfocus.com/bid/2876 Reference: XF:msword-macro-bypass-security(6732) Reference: URL:http://xforce.iss.net/static/6732.php Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. Modifications: ADDREF XF:msword-macro-bypass-security(6732) INFERRED ACTION: CAN-2001-0501 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech Voter Comments: Frech> XF:msword-macro-bypass-security(6732) ====================================================== Candidate: CAN-2001-0502 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0502 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS01-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp Reference: CIAC:L-101 Reference: URL:http://www.ciac.org/ciac/bulletins/l-101.shtml Reference: XF:win2k-ldap-change-passwords(6745) Reference: URL:http://xforce.iss.net/static/6745.php Reference: BID:2929 Reference: URL:http://www.securityfocus.com/bid/2929 Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. Modifications: ADDREF XF:win2k-ldap-change-passwords(6745) ADDREF BID:2929 ADDREF CIAC:L-101 INFERRED ACTION: CAN-2001-0502 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:win2k-ldap-change-passwords(6745) Christey> BID:2929 URL:http://www.securityfocus.com/bid/2929 ====================================================== Candidate: CAN-2001-0503 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0503 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS00-077 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp Reference: XF:netmeeting-desktop-sharing-dos(5368) Reference: URL:http://www.iss.net/security_center/static/5368.php Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. Modifications: DESC Add version number ADDREF XF:netmeeting-desktop-sharing-dos(5368) INFERRED ACTION: CAN-2001-0503 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Ziese, Stracener MODIFY(2) Frech, Balinsky NOOP(1) Foat Voter Comments: Balinsky> Add version "NetMeeting 3.01" to description. Frech> XF:(5368) ====================================================== Candidate: CAN-2001-0504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0504 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010608 Category: SF Reference: MS:MS01-037 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp Reference: XF:win2k-smtp-mail-relay(6803) Reference: URL:http://xforce.iss.net/static/6803.php Reference: BID:2988 Reference: URL:http://online.securityfocus.com/bid/2988 Reference: CIAC:L-107 Reference: URL:http://www.ciac.org/ciac/bulletins/l-107.shtml Reference: CERT-VN:VU#435963 Reference: URL:http://www.kb.cert.org/vuls/id/435963 Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. Modifications: ADDREF XF:win2k-smtp-mail-relay(6803) ADDREF BID:2988 ADDREF CIAC:L-107 ADDREF CERT-VN:VU#435963 INFERRED ACTION: CAN-2001-0504 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech Voter Comments: Frech> XF:win2k-smtp-mail-relay(6803) ====================================================== Candidate: CAN-2001-0506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0506 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99802093532233&w=2 Reference: BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code Reference: URL:http://online.securityfocus.com/archive/1/242541 Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: CIAC:L-132 Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml Reference: BID:3190 Reference: URL:http://www.securityfocus.com/bid/3190 Reference: XF:iis-ssi-directive-bo(6984) Reference: URL:http://xforce.iss.net/static/6984.php Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. Modifications: ADDREF XF:iis-ssi-directive-bo(6984) ADDREF CIAC:L-132 ADDREF BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code DESC fix typo, rewrite desc INFERRED ACTION: CAN-2001-0506 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-ssi-directive-bo(6984) Christey> Fix typo: "names" NTBUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=99805217309795&w=2 Consider adding this one: BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689252614009&w=2 ... though a read of the exploit doesn't quite line up with the CVE description. Looks like I need to redo the description based on a re-read of the NSFOCUS report. ====================================================== Candidate: CAN-2001-0507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0507 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS Reference: URL:http://online.securityfocus.com/archive/1/205069 Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: XF:iis-relative-path-privilege-elevation(6985) Reference: URL:http://xforce.iss.net/static/6985.php Reference: CIAC:L-132 Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. Modifications: ADDREF XF:iis-relative-path-privilege-elevation(6985) ADDREF CIAC:L-132 ADDREF BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS INFERRED ACTION: CAN-2001-0507 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:iis-relative-path-privilege-elevation(6985) ====================================================== Candidate: CAN-2001-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0513 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010613 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20010619 Oracle Redirect Denial of Service Reference: URL:http://xforce.iss.net/alerts/advise81.php Reference: CERT-VN:VU#105259 Reference: URL:http://www.kb.cert.org/vuls/id/105259 Reference: XF:oracle-listener-redirect-dos(6717) Reference: URL:http://xforce.iss.net/static/6717.php Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. Modifications: ADDREF XF:oracle-listener-redirect-dos(6717) ADDREF CERT-VN:VU#105259 INFERRED ACTION: CAN-2001-0513 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:oracle-listener-redirect-dos(6717) ====================================================== Candidate: CAN-2001-0514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0514 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw Reference: URL:http://xforce.iss.net/alerts/advise83.php Reference: XF:atmel-vnetb-ap-snmp-security(6576) Reference: URL:http://xforce.iss.net/static/6576.php Reference: BID:2896 Reference: URL:http://www.securityfocus.com/bid/2896 SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Modifications: ADDREF XF:atmel-vnetb-ap-snmp-security(6576) ADDREF BID:2896 INFERRED ACTION: CAN-2001-0514 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Ziese, Stracener MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Frech> XF:atmel-vnetb-ap-snmp-security(6576) Christey> BID:2896 URL:http://www.securityfocus.com/bid/2896 ====================================================== Candidate: CAN-2001-0517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0517 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Reference: URL:http://xforce.iss.net/alerts/advise82.php Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf Reference: XF:oracle-listener-data-transport-dos(6715) Reference: URL:http://xforce.iss.net/static/6715.php Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. Modifications: ADDREF XF:oracle-listener-data-transport-dos(6715) ADDREF CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf INFERRED ACTION: CAN-2001-0517 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:oracle-listener-data-transport-dos(6715) ====================================================== Candidate: CAN-2001-0518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0518 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010613 Category: SF Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities Reference: URL:http://xforce.iss.net/alerts/advise82.php Reference: CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm Reference: XF:oracle-listener-fragmentation-dos(6716) Reference: URL:http://xforce.iss.net/static/6716.php Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. Modifications: ADDREF CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm ADDREF XF:oracle-listener-fragmentation-dos(6716) INFERRED ACTION: CAN-2001-0518 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:oracle-listener-fragmentation-dos(6716) ====================================================== Candidate: CAN-2001-0522 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0522 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0281.html Reference: BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) Reference: URL:http://online.securityfocus.com/archive/1/188218 Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529 Reference: MANDRAKE:MDKSA-2001:053 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3 Reference: CONECTIVA:CLA-2001:399 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399 Reference: DEBIAN:DSA-061 Reference: URL:http://www.debian.org/security/2001/dsa-061 Reference: IMMUNIX:IMNX-2001-70-023-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01 Reference: REDHAT:RHSA-2001:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-073.html Reference: CALDERA:CSSA-2001-020.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt Reference: SUSE:SuSE-SA:2001:020 Reference: URL:http://www.suse.de/de/support/security/2001_020_gpg_txt.html Reference: TURBO:TLSA2001028 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html Reference: XF:gnupg-tty-format-string(6642) Reference: URL:http://xforce.iss.net/static/6642.php Reference: BID:2797 Reference: URL:http://www.securityfocus.com/bid/2797 Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file. Modifications: ADDREF XF:gnupg-tty-format-string(6642) ADDREF BID:2797 DESC change desc slightly ADDREF CONECTIVA:CLA-2001:399 ADDREF DEBIAN:DSA-061 ADDREF IMMUNIX:IMNX-2001-70-023-01 ADDREF REDHAT:RHSA-2001:073 ADDREF CALDERA:CSSA-2001-020.0 ADDREF SUSE:SuSE-SA:2001:020 ADDREF BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG) ADDREF TURBO:TLSA2001028 INFERRED ACTION: CAN-2001-0522 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:gnupg-tty-format-string(6642) Christey> ADDREF BID:2797 Also add lots of related vendor advisories Christey> ADDREF RHSA-2001:073 (per Mark Cox of Red Hat) ====================================================== Candidate: CAN-2001-0525 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0525 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html Reference: XF:dqs-dsh-bo(6577) Reference: URL:http://xforce.iss.net/static/6577.php Reference: BID:2749 Reference: URL:http://online.securityfocus.com/bid/2749 Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument. Modifications: CHANGEREF XF [normalize] DESC rephrase ADDREF BID:2749 INFERRED ACTION: CAN-2001-0525 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0526 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0526 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html Reference: SUNBUG:4458476 Reference: XF:solaris-mailtool-openwinhome-bo(6626) Reference: URL:http://xforce.iss.net/static/6626.php Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable. Modifications: ADDREF SUNBUG:4458476 DESC add Xview library, rephrase INFERRED ACTION: CAN-2001-0526 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Frech, Dik NOOP(4) Wall, Foat, Cole, Ziese REVIEWING(1) Bishop Voter Comments: Dik> sub bug: 4458476 Dik> sub bug: 4458476 Bug in the Xview library Dik> sun bug: 4458476 Bug in the Xview library ====================================================== Candidate: CAN-2001-0527 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0527 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html Reference: XF:dcforum-cgi-admin-access(6538) Reference: URL:http://xforce.iss.net/static/6538.php Reference: BID:2728 Reference: URL:http://online.securityfocus.com/bid/2728 DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database. Modifications: ADDREF BID:2728 INFERRED ACTION: CAN-2001-0527 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0528 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html Reference: BID:2694 Reference: URL:http://www.securityfocus.com/bid/2694 Reference: XF:oracle-adi-plaintext-passwords(6501) Reference: URL:http://xforce.iss.net/static/6501.php Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. INFERRED ACTION: CAN-2001-0528 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0529 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010604 SSH allows deletion of other users files... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html Reference: BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info Reference: URL:http://online.securityfocus.com/archive/1/188737 Reference: NETBSD:NetBSD-SA2001-010 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc Reference: CALDERA:CSSA-2001-023.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt Reference: CERT-VN:VU#655259 Reference: URL:http://www.kb.cert.org/vuls/id/655259 Reference: OPENBSD:20010612 Reference: URL:http://www.openbsd.org/errata29.html Reference: IMMUNIX:IMNX-2001-70-034-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 Reference: CONECTIVA:CLA-2001:431 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 Reference: BID:2825 Reference: URL:http://www.securityfocus.com/bid/2825 Reference: XF:openssh-symlink-file-deletion(6676) Reference: URL:http://xforce.iss.net/static/6676.php OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. Modifications: ADDREF XF:openssh-symlink-file-deletion(6676) ADDREF BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info ADDREF CERT-VN:VU#655259 ADDREF OPENBSD:20010612 ADDREF IMMUNIX:IMNX-2001-70-034-01 ADDREF CONECTIVA:CLA-2001:431 INFERRED ACTION: CAN-2001-0529 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:openssh-symlink-file-deletion(6676) ====================================================== Candidate: CAN-2001-0530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0530 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010618 Category: SF Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html Reference: BUGTRAQ:20010607 SpearHead Security NetGAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html Reference: BID:2798 Reference: URL:http://www.securityfocus.com/bid/2798 Reference: XF:netgap-unicode-bypass-filter(6625) Reference: URL:http://xforce.iss.net/static/6625.php Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0530 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0533 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010619 Category: SF Reference: IBM:MSS-OAR-E01-2001:271.1 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt Reference: XF:aix-libi18n-lang-bo(6863) Reference: URL:http://xforce.iss.net/static/6863.php Reference: CIAC:L-123 Reference: URL:http://www.ciac.org/ciac/bulletins/l-123.shtml Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable. Modifications: ADDREF XF:aix-libi18n-lang-bo(6863) ADDREF CIAC:L-123 INFERRED ACTION: CAN-2001-0533 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Bollinger, Foat, Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:aix-libi18n-lang-bo(6863) ====================================================== Candidate: CAN-2001-0537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0537 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010628 Category: SF Reference: CISCO:20010627 IOS HTTP authorization vulnerability Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html Reference: CERT:CA-2001-14 Reference: URL:http://www.cert.org/advisories/CA-2001-14.html Reference: BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com Reference: BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit Reference: URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org Reference: BUGTRAQ:20010702 Cisco device HTTP exploit... Reference: URL:http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu Reference: BUGTRAQ:20010702 ios-http-auth.sh Reference: URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com Reference: XF:cisco-ios-admin-access(6749) Reference: URL:http://xforce.iss.net/static/6749.php Reference: BID:2936 Reference: URL:http://www.securityfocus.com/bid/2936 HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. Modifications: ADDREF XF:cisco-ios-admin-access(6749) DESC rephrase ADDREF BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability ADDREF BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit ADDREF BUGTRAQ:20010702 Cisco device HTTP exploit... ADDREF BUGTRAQ:20010702 ios-http-auth.sh ADDREF BID:2936 INFERRED ACTION: CAN-2001-0537 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:cisco-ios-admin-access(6749) Christey> BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org BUGTRAQ:20010702 Cisco device HTTP exploit... http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu BID:2936 URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=2936 BUGTRAQ:20010702 ios-http-auth.sh URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com One of the followup posts indicates that the "...." may have been Cisco's shorthand for a portion of the URL, and not an aspect of the problem itself, which (as described in the above references) deals with specifying high access levels in the request. ====================================================== Candidate: CAN-2001-0538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0538 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010710 Category: SF Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2 Reference: NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862 Reference: MS:MS01-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp Reference: CIAC:L-113 Reference: URL:http://www.ciac.org/ciac/bulletins/l-113.shtml Reference: CERT-VN:VU#131569 Reference: URL:http://www.kb.cert.org/vuls/id/131569 Reference: XF:outlook-activex-view-control(6831) Reference: URL:http://xforce.iss.net/static/6831.php Reference: BID:3025 Reference: URL:http://online.securityfocus.com/bid/3025 Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. Modifications: ADDREF XF:outlook-activex-view-control(6831) ADDREF CIAC:L-113 ADDREF CERT-VN:VU#131569 ADDREF NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control ADDREF BID:3025 INFERRED ACTION: CAN-2001-0538 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky MODIFY(1) Frech Voter Comments: Frech> XF:outlook-activex-view-control(6831) ====================================================== Candidate: CAN-2001-0540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0540 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020306-02 Proposed: 20011012 Assigned: 20010710 Category: SF Reference: MS:MS01-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-040.asp Reference: BID:3099 Reference: URL:http://online.securityfocus.com/bid/3099 Reference: XF:win-terminal-rdp-dos(6912) Reference: URL:http://xforce.iss.net/static/6912.php Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. Modifications: ADDREF BID:3099 ADDREF XF:win-terminal-rdp-dos(6912) DESC Change "Remote Data Protocol" to "Remote Desktop Protocol" INFERRED ACTION: CAN-2001-0540 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:win-terminal-rdp-dos(6912) ====================================================== Candidate: CAN-2001-0541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0541 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010710 Category: SF Reference: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/187001 Reference: MS:MS01-042 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-042.asp Reference: XF:mediaplayer-nsc-bo(6907) Reference: URL:http://xforce.iss.net/static/6907.php Reference: BID:3105 Reference: URL:http://www.securityfocus.com/bid/3105 Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. Modifications: ADDREF XF:mediaplayer-nsc-bo(6907) ADDREF BID:3105 INFERRED ACTION: CAN-2001-0541 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Prosser, Wall, Baker, Foat, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(1) Christey Voter Comments: Prosser> MS01-042 Frech> XF:mediaplayer-nsc-bo(6907) Christey> BID:3105 URL:http://www.securityfocus.com/bid/3105 Also, need to ask Microsoft if this is the original report of the problem: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/187001 ====================================================== Candidate: CAN-2001-0543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0543 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:MS01-043 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-043.asp Reference: XF:win-nntp-dos(6977) Reference: URL:http://xforce.iss.net/static/6977.php Reference: BID:3183 Reference: URL:http://online.securityfocus.com/bid/3183 Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. Modifications: ADDREF XF:win-nntp-dos(6977) ADDREF BID:3183 INFERRED ACTION: CAN-2001-0543 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:win-nntp-dos(6977) ====================================================== Candidate: CAN-2001-0544 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0544 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20011012 Assigned: 20010710 Category: SF Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: CIAC:L-132 Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml Reference: XF:iis-invalid-mime-header-dos(6983) Reference: URL:http://xforce.iss.net/static/6983.php Reference: BID:3195 Reference: URL:http://online.securityfocus.com/bid/3195 IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. Modifications: ADDREF XF:iis-invalid-mime-header-dos(6983) ADDREF CIAC:L-132 ADDREF BID:3195 INFERRED ACTION: CAN-2001-0544 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:iis-invalid-mime-header-dos(6983) ====================================================== Candidate: CAN-2001-0545 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0545 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20011012 Assigned: 20010710 Category: SF Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: XF:iis-url-redirection-dos(6981) Reference: URL:http://xforce.iss.net/static/6981.php Reference: CIAC:L-132 Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. Modifications: ADDREF XF:iis-url-redirection-dos(6981) ADDREF CIAC:L-132 INFERRED ACTION: CAN-2001-0545 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:iis-url-redirection-dos(6981) ====================================================== Candidate: CAN-2001-0546 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0546 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:MS01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Reference: XF:isa-h323-gatekeeper-dos(6989) Reference: URL:http://xforce.iss.net/static/6989.php Reference: BID:3196 Reference: URL:http://online.securityfocus.com/bid/3196 Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. Modifications: CHANGEREF MS fix typo ADDREF XF:isa-h323-gatekeeper-dos(6989) ADDREF BID:3196 INFERRED ACTION: CAN-2001-0546 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:isa-h323-gatekeeper-dos(6989) ====================================================== Candidate: CAN-2001-0547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0547 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010829 Assigned: 20010710 Category: SF Reference: MS:MS01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Reference: XF:isa-proxy-memory-leak-dos(6990) Reference: URL:http://xforce.iss.net/static/6990.php Reference: BID:3197 Reference: URL:http://online.securityfocus.com/bid/3197 Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). Modifications: CHANGEREF MS fix typo ADDREF XF:isa-proxy-memory-leak-dos(6990) ADDREF BID:3197 INFERRED ACTION: CAN-2001-0547 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:isa-proxy-memory-leak-dos(6990) ====================================================== Candidate: CAN-2001-0549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0549 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010718 Category: SF Reference: CERT-VN:VU#814187 Reference: URL:http://www.kb.cert.org/vuls/id/814187 Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html Reference: XF:liveupdate-obtain-proxy-password(7013) Reference: URL:http://xforce.iss.net/static/7013.php Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. Modifications: ADDREF XF:liveupdate-obtain-proxy-password(7013) INFERRED ACTION: CAN-2001-0549 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Prosser, Foat, Stracener MODIFY(1) Frech NOOP(3) Wall, Cole, Ziese Voter Comments: Frech> XF:liveupdate-obtain-proxy-password(7013) ====================================================== Candidate: CAN-2001-0554 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0554 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010724 Category: SF Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability Reference: URL:http://www.securityfocus.com/archive/1/197804 Reference: BUGTRAQ:20010725 Telnetd AYT overflow scanner Reference: URL:http://online.securityfocus.com/archive/1/199496 Reference: BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow Reference: URL:http://online.securityfocus.com/archive/1/203000 Reference: BUGTRAQ:20010725 SCO - Telnetd AYT overflow ? Reference: URL:http://online.securityfocus.com/archive/1/199541 Reference: CERT:CA-2000-21 Reference: URL:http://www.cert.org/advisories/CA-2001-21.html Reference: FREEBSD:FreeBSD-SA-01:49 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc Reference: NETBSD:NetBSD-SA2001-012 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc Reference: SGI:20010801-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P Reference: HP:HPSBUX0110-172 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html Reference: CALDERA:CSSA-2001-030.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt Reference: CALDERA:CSSA-2001-SCO.10 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt Reference: MANDRAKE:MDKSA-2001:068 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3 Reference: DEBIAN:DSA-070 Reference: URL:http://www.debian.org/security/2001/dsa-070 Reference: REDHAT:RHSA-2001:099 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-099.html Reference: CONECTIVA:CLA-2001:413 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413 Reference: SUSE:SuSE-SA:2001:029 Reference: URL:http://www.suse.de/de/support/security/2001_029_nkitb_txt.txt Reference: COMPAQ:SSRT0745U Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml Reference: CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml Reference: IBM:MSS-OAR-E01-2001:298 Reference: URL:http://online.securityfocus.com/advisories/3476 Reference: BID:3064 Reference: URL:http://www.securityfocus.com/bid/3064 Reference: XF:telnetd-option-telrcv-bo(6875) Reference: URL:http://xforce.iss.net/static/6875.php Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. Modifications: ADDREF SGI:20010801-01-P ADDREF HP:HPSBUX0110-172 ADDREF XF:telnetd-option-telrcv-bo(6875) ADDREF CALDERA:CSSA-2001-030.0 ADDREF MANDRAKE:MDKSA-2001:068 ADDREF DEBIAN:DSA-070 ADDREF BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow ADDREF REDHAT:RHSA-2001:099 ADDREF CONECTIVA:CLA-2001:413 ADDREF SUSE:SuSE-SA:2001:029 ADDREF COMPAQ:SSRT0745U ADDREF CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability ADDREF IBM:MSS-OAR-E01-2001:298 ADDREF BUGTRAQ:20010725 SCO - Telnetd AYT overflow ? ADDREF CALDERA:CSSA-2001-SCO.10 ADDREF BUGTRAQ:20010725 Telnetd AYT overflow scanner INFERRED ACTION: CAN-2001-0554 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Ziese, Stracener MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> ********************************************************************* Note that this candidate was inadvertently used in Microsoft bulletin MS01-044, for an unrelated vulnerability. The BSD telnetd buffer overflow is the correct vulnerability for CAN-2001-0554. A different candidate will be used for the problem described in the Microsoft bulletin. ********************************************************************* Christey> SGI:20010801-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P Frech> XF:telnetd-option-telrcv-bo(6875) Christey> HP:HPSBUX0110-172 URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html ====================================================== Candidate: CAN-2001-0558 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0558 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010507 Advisory for Jana server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html Reference: XF:jana-server-device-dos(6521) Reference: URL:http://xforce.iss.net/static/6521.php Reference: BID:2704 Reference: URL:http://www.securityfocus.com/bid/2704 T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0). INFERRED ACTION: CAN-2001-0558 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0559 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0559 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010507 Vixie cron vulnerability Reference: URL:http://www.securityfocus.com/archive/1/183029 Reference: DEBIAN:DSA-054 Reference: URL:http://www.debian.org/security/2001/dsa-054 Reference: MANDRAKE:MDKSA-2001:050 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3 Reference: SUSE:SuSE-SA:2001:17 Reference: URL:http://www.suse.de/de/support/security/2001_017_cron_txt.txt Reference: BID:2687 Reference: URL:http://www.securityfocus.com/bid/2687 Reference: XF:vixie-cron-gain-privileges(6508) Reference: URL:http://xforce.iss.net/static/6508.php crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error. Modifications: CHANGEREF XF [normalize] INFERRED ACTION: CAN-2001-0559 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat Voter Comments: Ziese> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2001-0560 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0560 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010210 vixie cron possible local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html Reference: AIXAPAR:IY17048 Reference: AIXAPAR:IY17261 Reference: MANDRAKE:MDKSA-2001:022 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3 Reference: REDHAT:RHSA-2001-014 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html Reference: XF:vixie-crontab-bo(6098) Reference: URL:http://xforce.iss.net/static/6098.php Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). INFERRED ACTION: CAN-2001-0560 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Williams, Baker, Bollinger, Frech, Bishop, Ziese NOOP(3) Wall, Foat, Cole Voter Comments: Bollinger> I only verified the AIX vulnerability and fix. Although AIX allows members of group security to create users, I doubt this is exploitable by a non-root user because the user creation commands limit usernames to 8 characters. ====================================================== Candidate: CAN-2001-0563 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0563 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html Reference: XF:electrocomm-telnet-dos(6514) Reference: URL:http://xforce.iss.net/static/6514.php Reference: BID:2706 Reference: URL:http://www.securityfocus.com/bid/2706 ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23. INFERRED ACTION: CAN-2001-0563 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0564 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0564 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html Reference: MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt Reference: XF:apc-telnet-dos(6199) Reference: URL:http://xforce.iss.net/static/6199.php Reference: BID:2430 Reference: URL:http://www.securityfocus.com/bid/2430 APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. Modifications: ADDREF MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt ADDREF XF:apc-telnet-dos(6199) ADDREF BID:2430 INFERRED ACTION: CAN-2001-0564 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech NOOP(5) Wall, Foat, Cole, Bishop, Ziese Voter Comments: Frech> XF:apc-telnet-dos(6199) CONFIRM:http://www.apc.com/tools/download/ Baker> ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/relnotes.txt ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/events.pdf ftp://ftp.apcftp.com/hardware/webcard/firmware/dp3e/v301/addendum.pdf The notes indicate you can access the card via serial connection, web, ftp, snmp, telnet simultaneously, but not multiple instances of each type. Another side issue here is the default admin username/password on all the services of .....drum roll please..... apc/apc ====================================================== Candidate: CAN-2001-0565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0565 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html Reference: BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC) Reference: URL:http://online.securityfocus.com/archive/1/184210 Reference: SUNBUG:4452732 Reference: XF:solaris-mailx-f-bo(8246) Reference: URL:http://xforce.iss.net/static/8246.php Reference: CERT-VN:VU#446864 Reference: URL:http://www.kb.cert.org/vuls/id/446864 Reference: BID:2610 Reference: URL:http://www.securityfocus.com/bid/2610 Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. Modifications: ADDREF SUNBUG:4452732 DELREF XF:mailx-bo(6181) ADDREF XF:solaris-mailx-f-bo(8246) ADDREF CERT-VN:VU#446864 ADDREF BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC) ADDREF BID:2610 INFERRED ACTION: CAN-2001-0565 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Foat, Frech, Dik NOOP(4) Christey, Wall, Cole, Ziese REVIEWING(1) Bishop Voter Comments: Dik> sun bug : 4452732 Christey> Reference changes, thanks to ISS. CHANGEREF XF solaris-mailx-f-bo(8246) ADDREF BID:2610 BUGTRAQ:20020511 Solaris /usr/bin/mailx exploit (SPARC) URL:http://online.securityfocus.com/archive/1/184210 ADDREF CERT-VN:VU#446864 URL:http://www.kb.cert.org/vuls/id/446864 CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F41400&zone_32=4152234 ====================================================== Candidate: CAN-2001-0567 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0567 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert Reference: DEBIAN:DSA-055 Reference: URL:http://www.debian.org/security/2001/dsa-055 Reference: MANDRAKE:MDKSA-2001:049 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3 Reference: REDHAT:RHSA-2001:065 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html Reference: CONECTIVA:CLA-2001:407 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407 Reference: XF:zope-zclass-gain-privileges(6958) Reference: URL:http://xforce.iss.net/static/6958.php Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. Modifications: ADDREF XF:zope-zclass-gain-privileges(6958) ADDREF CONECTIVA:CLA-2001:407 INFERRED ACTION: CAN-2001-0567 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Bishop, Ziese MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Frech> XF:zope-zclass-gain-privileges(6958) Christey> ADDREF CONECTIVA:CLA-2001:407 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407 ====================================================== Candidate: CAN-2001-0573 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0573 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: AIXAPAR:IY16909 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0000.html Reference: XF:aix-lsfs-path(7007) Reference: URL:http://xforce.iss.net/static/7007.php Reference: CERT-VN:VU#123651 Reference: URL:http://www.kb.cert.org/vuls/id/123651 lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory. Modifications: ADDREF XF:aix-lsfs-path(7007) ADDREF CERT-VN:VU#123651 INFERRED ACTION: CAN-2001-0573 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Bollinger, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:aix-lsfs-path(7007) For the version, see http://techsupport.services.ibm.com/cgi-bin/support/rs6000.support/fdg et?fixdb=aix4&srchtype=apar&hits-menu=IY16909+-+%28AIXV43+only%29+secu rity+risk+in+lsfs&aix_level=AIX+4.3.3&select_site=us&select_lang=ALL ====================================================== Candidate: CAN-2001-0574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0574 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010507 Advisory for MP3Mystic Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml Reference: XF:mp3mystic-dot-directory-traversal(6504) Reference: URL:http://xforce.iss.net/static/6504.php Reference: BID:2699 Reference: URL:http://www.securityfocus.com/bid/2699 Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL. INFERRED ACTION: CAN-2001-0574 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0585 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0585 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html Reference: BID:2494 Reference: URL:http://www.securityfocus.com/bid/2494 Reference: XF:ntmail-long-url-dos(6249) Reference: URL:http://xforce.iss.net/static/6249.php Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000. INFERRED ACTION: CAN-2001-0585 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Williams, Cole, Frech NOOP(4) Wall, Foat, Bishop, Ziese Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0586 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0586 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html Reference: XF:scanmail-reveals-credentials(6311) Reference: URL:http://xforce.iss.net/static/6311.php TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. Modifications: ADDREF XF:scanmail-reveals-credentials(6311) INFERRED ACTION: CAN-2001-0586 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Williams, Wall, Baker MODIFY(1) Frech NOOP(4) Foat, Cole, Bishop, Ziese Voter Comments: Frech> XF:scanmail-reveals-credentials(6311) CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0589 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0589 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html Reference: BID:2523 Reference: URL:http://www.securityfocus.com/bid/2523 Reference: XF:netscreen-screenos-bypass-firewall(6317) Reference: URL:http://xforce.iss.net/static/6317.php NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. Modifications: ADDREF XF:netscreen-screenos-bypass-firewall(6317) INFERRED ACTION: CAN-2001-0589 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Williams, Baker, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:netscreen-screenos-bypass-firewall(6317) ====================================================== Candidate: CAN-2001-0590 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0590 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html Reference: HP:HPSBTL0112-004 Reference: URL:http://online.securityfocus.com/advisories/3724 Reference: XF:jakarta-tomcat-jsp-source(6971) Reference: URL:http://xforce.iss.net/static/6971.php Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). Modifications: ADDREF XF:jakarta-tomcat-jsp-source(6971) DESC End sentence with a period. ADDREF HP:HPSBTL0112-004 INFERRED ACTION: CAN-2001-0590 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF: jakarta-tomcat-jsp-source(6971) Description sentence should end with a period. :-) ====================================================== Candidate: CAN-2001-0591 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0591 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html Reference: BID:2286 Reference: URL:http://www.securityfocus.com/bid/2286 Reference: XF:oracle-handlers-directory-traversal(5986) Reference: URL:http://xforce.iss.net/static/5986.php Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. Modifications: ADDREF XF:oracle-handlers-directory-traversal(5986) INFERRED ACTION: CAN-2001-0591 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Williams, Wall, Baker, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:oracle-handlers-directory-traversal(5986) ====================================================== Candidate: CAN-2001-0593 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0593 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html Reference: MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip Reference: BID:2512 Reference: URL:http://www.securityfocus.com/bid/2512 Reference: XF:anaconda-clipper-directory-traversal(6286) Reference: URL:http://xforce.iss.net/static/6286.php Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. Modifications: ADDREF MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip INFERRED ACTION: CAN-2001-0593 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Williams, Cole, Frech, Bishop NOOP(4) Christey, Wall, Foat, Ziese Voter Comments: Christey> Confirmation request sent to support@anaconda.net 2/25/2002. ====================================================== Candidate: CAN-2001-0594 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0594 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010409 Solaris kcms_configure vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html Reference: SUNBUG:4199722 Reference: BID:2558 Reference: URL:http://www.securityfocus.com/bid/2558 Reference: XF:solaris-kcms-command-bo(6359) Reference: URL:http://xforce.iss.net/static/6359.php kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. Modifications: ADDREF SUNBUG:4199722 INFERRED ACTION: CAN-2001-0594 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Baker, Foat, Cole, Frech, Dik, Bishop, Ziese NOOP(1) Wall Voter Comments: Dik> sun bug: 4199722 ====================================================== Candidate: CAN-2001-0595 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0595 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html Reference: SUNBUG:4415570 Reference: XF:solaris-kcssunwiosolf-bo(6365) Reference: URL:http://xforce.iss.net/static/6365.php Reference: BID:2605 Reference: URL:http://online.securityfocus.com/bid/2605 Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environmental variable, e.g. in the kcms_configure program.as with the kcms_configure program. Modifications: ADDREF SUNBUG:4415570 ADDREF BID:2605 INFERRED ACTION: CAN-2001-0595 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Frech, Dik, Bishop NOOP(3) Wall, Cole, Ziese Voter Comments: Dik> sun bug: 4415570 ====================================================== Candidate: CAN-2001-0596 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0596 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010409 Netscape 4.76 gif comment flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98685237415117&w=2 Reference: DEBIAN:DSA-051 Reference: URL:http://www.debian.org/security/2001/dsa-051 Reference: CONECTIVA:CLA-2001:393 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393 Reference: REDHAT:RHSA-2001:046 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-046.html Reference: XF:netscape-javascript-access-data(6344) Reference: URL:http://xforce.iss.net/static/6344.php Reference: BID:2637 Reference: URL:http://online.securityfocus.com/bid/2637 Reference: IMMUNIX:IMNX-2001-70-014-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01 Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. Modifications: ADDREF BID:2637 ADDREF IMMUNIX:IMNX-2001-70-014-01 DESC Rephrase INFERRED ACTION: CAN-2001-0596 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Frech, Bishop NOOP(2) Foat, Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0611 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0611 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html Reference: BID:2723 Reference: URL:http://www.securityfocus.com/bid/2723 Reference: XF:becky-mail-message-bo(6531) Reference: URL:http://xforce.iss.net/static/6531.php Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters. INFERRED ACTION: CAN-2001-0611 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0613 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0613 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html Reference: XF:omnihttpd-post-dos(6540) Reference: URL:http://xforce.iss.net/static/6540.php Reference: BID:2730 Reference: URL:http://www.securityfocus.com/bid/2730 Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request. Modifications: DESC remove minor details ADDREF MISC:http://www.omnicron.ca/httpd/docs/release.html INFERRED ACTION: CAN-2001-0613 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0615 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0615 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html Reference: BID:2776 Reference: URL:http://www.securityfocus.com/bid/2776 Reference: XF:freestyle-chat-directory-traversal(6601) Reference: URL:http://xforce.iss.net/static/6601.php Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. INFERRED ACTION: CAN-2001-0615 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0616 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0616 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html Reference: BID:2777 Reference: URL:http://www.securityfocus.com/bid/2777 Reference: XF:freestyle-chat-device-dos(6602) Reference: URL:http://xforce.iss.net/static/6602.php Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0). INFERRED ACTION: CAN-2001-0616 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0621 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0621 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml Reference: CIAC:L-085 Reference: URL:http://www.ciac.org/ciac/bulletins/l-085.shtml Reference: XF:cisco-css-ftp-commands(6557) Reference: URL:http://xforce.iss.net/static/6557.php Reference: BID:2745 Reference: URL:http://online.securityfocus.com/bid/2745 The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. Modifications: ADDREF CIAC:L-085 ADDREF BID:2745 CHANGEREF CISCO fix title INFERRED ACTION: CAN-2001-0621 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Bishop, Ziese NOOP(1) Wall ====================================================== Candidate: CAN-2001-0622 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0622 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml Reference: XF:cisco-css-web-management(6631) Reference: URL:http://xforce.iss.net/static/6631.php Reference: BID:2806 Reference: URL:http://www.securityfocus.com/bid/2806 The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. Modifications: CHANGEREF CISCO [fix title] DESC fix typo ADDREF XF:cisco-css-web-management(6631) ADDREF BID:2806 INFERRED ACTION: CAN-2001-0622 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:cisco-css-web-management(6631) Christey> fix "the the" typo ====================================================== Candidate: CAN-2001-0625 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0625 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html Reference: XF:inoculateit-ftpdownload-symlink(6607) Reference: URL:http://xforce.iss.net/static/6607.php Reference: BID:2778 Reference: URL:http://www.securityfocus.com/bid/2778 ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log . INFERRED ACTION: CAN-2001-0625 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Prosser, Frech, Bishop, Ziese NOOP(3) Wall, Foat, Cole Voter Comments: Prosser> From the Bugtraq ID 2778 solution. CA acknowledges the problem for UNIX/Linux versions and provides link to solution download. CHANGE> [Bishop changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0626 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0626 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html Reference: BID:2488 Reference: URL:http://www.securityfocus.com/bid/2488 Reference: XF:website-pro-dir-path(3839) Reference: URL:http://xforce.iss.net/static/3839.php O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. Modifications: ADDREF XF:website-pro-dir-path(3839) INFERRED ACTION: CAN-2001-0626 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Williams, Prosser, Baker MODIFY(1) Frech NOOP(5) Wall, Foat, Cole, Bishop, Ziese Voter Comments: Frech> XF:website-pro-dir-path(3839) Possible duplicate with CAN-2000-0066: WebSite Pro allows remote attackers to determine the real pathname of web directories via a malformed URL request. Baker> I am not sure it is the same. 2000-0066 discusses modifying a Get statement with a space before the last backslash of the command line which results in those versions disclosing the real path in the 404 message. Could be same, but could be different. Now that O'Reilley has turned it over to Deerfield, we could lose the old release notes... Nothing is yet available at website.deerfield.com Williams> this is NOT the same as the 2000-0066 issue. exploit is slightly different and affects different versions of the product. the solution is the same for both though - install freely available WSAPI extensions that allow custom 404 error messages. CHANGE> [Baker changed vote from REVIEWING to ACCEPT] CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0627 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html Reference: CALDERA:CSSA-2001-SCO.17 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.17/CSSA-2001-SCO.17.txt Reference: CERT-VN:VU#747736 Reference: URL:http://www.kb.cert.org/vuls/id/747736 Reference: BID:2752 Reference: URL:http://www.securityfocus.com/bid/2752 Reference: XF:sco-openserver-vi-symlink(6588) Reference: URL:http://xforce.iss.net/static/6588.php vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:sco-openserver-vi-symlink(6588) ADDREF CERT-VN:VU#747736 ADDREF CALDERA:CSSA-2001-SCO.17 INFERRED ACTION: CAN-2001-0627 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Ziese MODIFY(1) Frech NOOP(3) Wall, Foat, Bishop Voter Comments: Frech> XF:sco-openserver-vi-symlink(6588) CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0628 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0628 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: MSKB:Q274228 Reference: URL:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp Reference: BID:2760 Reference: URL:http://www.securityfocus.com/bid/2760 Reference: XF:word-asd-macro-execution(6614) Reference: URL:http://xforce.iss.net/static/6614.php Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. Modifications: DESC rephrase INFERRED ACTION: CAN-2001-0628 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Bishop, Ziese ====================================================== Candidate: CAN-2001-0629 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0629 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html Reference: HP:HPSBUX0107-158 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0006.html Reference: BID:2761 Reference: URL:http://www.securityfocus.com/bid/2761 Reference: XF:openview-nnm-ecsd-bo(6582) Reference: URL:http://xforce.iss.net/static/6582.php HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter. INFERRED ACTION: CAN-2001-0629 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Bishop, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0630 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010523 Vulnerability in viewsrc.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html Reference: BID:2762 Reference: URL:http://www.securityfocus.com/bid/2762 Reference: XF:viewsrc-cgi-view-files(6583) Reference: URL:http://xforce.iss.net/static/6583.php Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable. Modifications: ADDREF XF:viewsrc-cgi-view-files(6583) INFERRED ACTION: CAN-2001-0630 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Ziese MODIFY(1) Frech NOOP(4) Christey, Wall, Foat, Bishop Voter Comments: Frech> XF:viewsrc-cgi-view-files(6583) CHANGE> [Bishop changed vote from REVIEWING to NOOP] Christey> I verified this via code review. ====================================================== Candidate: CAN-2001-0631 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0631 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity" Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html Reference: XF:centrinity-firstclass-email-spoofing(6192) Reference: URL:http://xforce.iss.net/static/6192.php Reference: BID:2423 Reference: URL:http://www.securityfocus.com/bid/2423 Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. Modifications: ADDREF XF:centrinity-firstclass-email-spoofing(6192) ADDREF BID:2423 INFERRED ACTION: CAN-2001-0631 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Prosser, Baker, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(3) Williams, Wall, Foat Voter Comments: Frech> XF:centrinity-firstclass-email-spoofing(6192) Prosser> http://www.securityfocus.com/bid/2423. Vendor acknowledged and says fix will be in next upgrade. CHANGE> [Williams changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0634 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0634 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: CF Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html Reference: XF:chilisoft-asp-license-dos(6176) Reference: URL:http://xforce.iss.net/static/6176.php Reference: BID:2409 Reference: URL:http://www.securityfocus.com/bid/2409 Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service. Modifications: ADDREF XF:chilisoft-asp-license-dos(6176) DESC rephrase ADDREF BID:2409 INFERRED ACTION: CAN-2001-0634 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Williams, Baker, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:chilisoft-asp-license-dos(6176) ====================================================== Candidate: CAN-2001-0635 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0635 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: REDHAT:RHSA-2001:058 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-058.html Reference: XF:mount-swap-world-readable(6493) Reference: URL:http://xforce.iss.net/static/6493.php Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords. Modifications: ADDREF XF:mount-swap-world-readable(6493) INFERRED ACTION: CAN-2001-0635 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Foat, Cole, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:mount-swap-world-readable(6493) ====================================================== Candidate: CAN-2001-0641 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0641 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010513 RH 7.0:/usr/bin/man exploit: gid man + more Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html Reference: BUGTRAQ:20010612 man 1.5h10 + man 1.5i-4 exploits Reference: URL:http://www.securityfocus.com/archive/1/190136 Reference: REDHAT:RHSA-2001:069 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-069.html Reference: SUSE:SuSE-SA:2001:019 Reference: URL:http://www.suse.de/de/support/security/2001_019_man_txt.txt Reference: XF:man-s-bo(6530) Reference: URL:http://xforce.iss.net/static/6530.php Reference: BID:2711 Reference: URL:http://www.securityfocus.com/bid/2711 Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. INFERRED ACTION: CAN-2001-0641 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener NOOP(1) Wall ====================================================== Candidate: CAN-2001-0644 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0644 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010515 Rumpus FTP DoS Reference: URL:http://www.securityfocus.com/archive/1/184751 Reference: BID:2718 Reference: URL:http://www.securityfocus.com/bid/2718 Reference: XF:rumpus-plaintext-passwords(6543) Reference: URL:http://xforce.iss.net/static/6543.php Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. INFERRED ACTION: CAN-2001-0644 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Stracener ====================================================== Candidate: CAN-2001-0646 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0646 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010515 Rumpus FTP DoS Reference: URL:http://www.securityfocus.com/archive/1/184751 Reference: BID:2716 Reference: URL:http://www.securityfocus.com/bid/2716 Reference: XF:rumpus-long-directory-dos(6542) Reference: URL:http://xforce.iss.net/static/6542.php Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. INFERRED ACTION: CAN-2001-0646 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Stracener NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0648 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010508 security hole in os groupware suite PHProjekt Reference: URL:http://www.securityfocus.com/archive/1/184215 Reference: BID:2702 Reference: URL:http://www.securityfocus.com/bid/2702 Reference: XF:phprojekt-dot-directory-traversal(6522) Reference: URL:http://xforce.iss.net/static/6522.php Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module. INFERRED ACTION: CAN-2001-0648 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Frech, Ziese, Stracener NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0650 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0650 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010806 Category: SF Reference: CISCO:20010510 Cisco IOS BGP Attribute Corruption Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml Reference: CERT-VN:VU#106392 Reference: URL:http://www.kb.cert.org/vuls/id/106392 Reference: CIAC:L-082 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-082.shtml Reference: XF:cisco-ios-bgp-dos(6566) Reference: URL:http://xforce.iss.net/static/6566.php Reference: BID:2733 Reference: URL:http://www.securityfocus.com/bid/2733 Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. Modifications: ADDREF BID:2733 INFERRED ACTION: CAN-2001-0650 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener NOOP(1) Wall Voter Comments: Prosser> http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml ====================================================== Candidate: CAN-2001-0652 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0652 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010809 Category: SF Reference: BUGTRAQ:20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99745571104126&w=2 Reference: SUNBUG:4483090 Reference: XF:solaris-xlock-bo(6967) Reference: URL:http://xforce.iss.net/static/6967.php Reference: BID:3160 Reference: URL:http://online.securityfocus.com/bid/3160 Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. Modifications: ADDREF XF:solaris-xlock-bo(6967) ADDREF BID:3160 ADDREF SUNBUG:4483090 INFERRED ACTION: CAN-2001-0652 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Foat, Dik MODIFY(1) Frech NOOP(4) Christey, Wall, Cole, Armstrong Voter Comments: Frech> XF:solaris-xlock-bo(6967) CONFIRM:4483090 xlock buffer overflow Christey> CALDERA:CSSA-2001-SCO.34 may also address this problem, but the advisory does not have sufficient details to be absolutely certain. ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/CSSA-2001-SCO.34.txt ====================================================== Candidate: CAN-2001-0653 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0653 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010814 Category: SF Reference: BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99841063100516&w=2 Reference: CONFIRM:http://www.sendmail.org/8.11.html Reference: NETBSD:NetBSD-SA2001-017 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc Reference: REDHAT:RHSA-2001-106 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-106.html Reference: MANDRAKE:MDKSA-2001:075 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3 Reference: IMMUNIX:IMNX-2001-70-032-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01 Reference: CONECTIVA:CLA-2001:412 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412 Reference: SUSE:SuSE-SA:2001:028 Reference: URL:http://www.suse.de/de/support/security/2001_028_sendmail_txt.txt Reference: CALDERA:CSSA-2001-032.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt Reference: CIAC:L-133 Reference: URL:http://www.ciac.org/ciac/bulletins/l-133.shtml Reference: BID:3163 Reference: URL:http://www.securityfocus.com/bid/3163 Reference: XF:sendmail-debug-signed-int-overflow(7016) Reference: URL:http://xforce.iss.net/static/7016.php Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number. Modifications: ADDREF XF:sendmail-debug-signed-int-overflow(7016) ADDREF NETBSD:NetBSD-SA2001-017 ADDREF REDHAT:RHSA-2001-106 ADDREF MANDRAKE:MDKSA-2001:075 ADDREF IMMUNIX:IMNX-2001-70-032-01 ADDREF CONECTIVA:CLA-2001:412 ADDREF SUSE:SuSE-SA:2001:028 ADDREF CALDERA:CSSA-2001-032.0 ADDREF CIAC:L-133 INFERRED ACTION: CAN-2001-0653 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:sendmail-debug-signed-int-overflow(7016) Christey> ADDREF NETBSD:NetBSD-SA2001-017 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc REDHAT:RHSA-2001-106 URL:http://www.redhat.com/support/errata/RHSA-2001-106.html MANDRAKE:MDKSA-2001:075 URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3 IMMUNIX:IMNX-2001-70-032-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01 CONECTIVA:CLA-2001:412 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412 SUSE:SuSE-SA:2001:028 URL:http://www.suse.de/de/support/security/2001_028_sendmail_txt.txt CALDERA:CSSA-2001-032.0 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt ====================================================== Candidate: CAN-2001-0658 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0658 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010815 Category: SF Reference: MS:MS01-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp Reference: XF:isa-cross-site-scripting(6991) Reference: URL:http://xforce.iss.net/static/6991.php Reference: BID:3198 Reference: URL:http://online.securityfocus.com/bid/3198 Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. Modifications: ADDREF XF:isa-cross-site-scripting(6991) ADDREF BID:3198 INFERRED ACTION: CAN-2001-0658 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:isa-cross-site-scripting(6991) ====================================================== Candidate: CAN-2001-0659 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0659 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010815 Category: SF Reference: BUGTRAQ:20010821 IrDA semiremote vulnerability Reference: URL:http://online.securityfocus.com/archive/1/209385 Reference: MS:MS01-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-046.asp Reference: XF:win2k-irda-dos(7008) Reference: URL:http://xforce.iss.net/static/7008.php Reference: BID:3215 Reference: URL:http://online.securityfocus.com/bid/3215 Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. Modifications: ADDREF XF:win2k-irda-dos(7008) ADDREF BID:3215 ADDREF BUGTRAQ:20010821 IrDA semiremote vulnerability INFERRED ACTION: CAN-2001-0659 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech Voter Comments: Frech> XF:win2k-irda-dos(7008) ====================================================== Candidate: CAN-2001-0660 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0660 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: MS:MS01-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-047.asp Reference: MSKB:Q307195 Reference: URL:http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP Reference: XF:exchange-owa-obtain-addresses(7089) Reference: URL:http://xforce.iss.net/static/7089.php Reference: BID:3301 Reference: URL:http://online.securityfocus.com/bid/3301 Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL). Modifications: ADDREF XF:exchange-owa-obtain-addresses(7089) ADDREF BID:3301 INFERRED ACTION: CAN-2001-0660 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:exchange-owa-obtain-addresses(7089) ====================================================== Candidate: CAN-2001-0662 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0662 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: MS:MS01-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-048.asp Reference: XF:winnt-rpc-endpoint-dos(7105) Reference: URL:http://xforce.iss.net/static/7105.php Reference: CIAC:L-142 Reference: URL:http://www.ciac.org/ciac/bulletins/l-142.shtml Reference: BID:3313 Reference: URL:http://www.securityfocus.com/bid/3313 RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request. Modifications: ADDREF XF:winnt-rpc-endpoint-dos(7105) ADDREF CIAC:L-142 ADDREF BID:3313 INFERRED ACTION: CAN-2001-0662 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:winnt-rpc-endpoint-dos(7105) ====================================================== Candidate: CAN-2001-0663 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0663 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020306-02 Proposed: 20011122 Assigned: 20010815 Category: SF Reference: MS:MS01-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-052.asp Reference: XF:win-rdp-packet-dos(7302) Reference: URL:http://xforce.iss.net/static/7302.php Reference: BID:3445 Reference: URL:http://online.securityfocus.com/bid/3445 Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. Modifications: ADDREF XF:win-rdp-packet-dos(7302) ADDREF BID:3445 DESC Change "Remote Data Protocol" to "Remote Desktop Protocol" INFERRED ACTION: CAN-2001-0663 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(2) Frech, Meunier NOOP(1) Christey Voter Comments: Frech> XF:win-rdp-packet-dos(7302) Meunier> Unless there are two Microsoft protocols called RDP, Microsoft says it's called the "remote display protocol", not "Remote Data Protocol". http://www.microsoft.com/windows2000/techinfo/howitworks/terminal/rdpfandp.asp Christey> MS:MS01-052 explicitly states that RDP means "Remote Data Protocol," so one would assume this is correct. MS01-040 also uses "remote data protocol." However, a search on microsoft.com for "RDP" includes "Remote Desktop Protocol" ====================================================== Candidate: CAN-2001-0664 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0664 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100281551611595&w=2 Reference: MS:MS01-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp Reference: XF:ie-incorrect-security-zone(7258) Reference: URL:http://xforce.iss.net/static/7258.php Reference: BID:3420 Reference: URL:http://www.securityfocus.com/bid/3420 Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." Modifications: ADDREF XF:ie-incorrect-security-zone(7258) ADDREF BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing ADDREF BID:3420 INFERRED ACTION: CAN-2001-0664 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:ie-incorrect-security-zone(7258) ====================================================== Candidate: CAN-2001-0665 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0665 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: MS:MS01-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp Reference: XF:ie-url-http-requests(7259) Reference: URL:http://xforce.iss.net/static/7259.php Reference: BID:3421 Reference: URL:http://online.securityfocus.com/bid/3421 Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." Modifications: ADDREF XF:ie-url-http-requests(7259) ADDREF BID:3421 INFERRED ACTION: CAN-2001-0665 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:ie-url-http-requests(7259) ====================================================== Candidate: CAN-2001-0666 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0666 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: MS:MS01-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-049.asp Reference: XF:exchange-owa-folder-request-dos(7168) Reference: URL:http://xforce.iss.net/static/7168.php Reference: BID:3368 Reference: URL:http://www.securityfocus.com/bid/3368 Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. Modifications: ADDREF XF:exchange-owa-folder-request-dos(7168) ADDREF BID:3368 INFERRED ACTION: CAN-2001-0666 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:exchange-owa-folder-request-dos(7168) Christey> ADDREF BID:3368 URL:http://www.securityfocus.com/bid/3368 ====================================================== Candidate: CAN-2001-0667 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0667 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010815 Category: SF Reference: MS:MS01-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp Reference: CIAC:M-024 Reference: URL:http://www.ciac.org/ciac/bulletins/m-024.shtml Reference: CERT-VN:VU#952611 Reference: URL:http://www.kb.cert.org/vuls/id/952611 Reference: XF:ie-telnet-command-execution-variant(7260) Reference: URL:http://xforce.iss.net/static/7260.php Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150. Modifications: ADDREF XF:ie-telnet-command-execution-variant(7260) ADDREF CIAC:M-024 ADDREF CERT-VN:VU#952611 INFERRED ACTION: CAN-2001-0667 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:ie-telnet-command-execution-variant(7260) ====================================================== Candidate: CAN-2001-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0668 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010823 Category: SF Reference: ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon Reference: URL:http://xforce.iss.net/alerts/advise93.php Reference: HP:HPSBUX0108-163 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0047.html Reference: CIAC:L-134 Reference: URL:http://www.ciac.org/ciac/bulletins/l-134.shtml Reference: CERT-VN:VU#966075 Reference: URL:http://www.kb.cert.org/vuls/id/966075 Reference: CERT:CA-2001-30 Reference: URL:http://www.cert.org/advisories/CA-2001-30.html Reference: XF:hpux-rlpd-bo(6811) Reference: URL:http://xforce.iss.net/static/6811.php Reference: BID:3240 Reference: URL:http://www.securityfocus.com/bid/3240 Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. Modifications: ADDREF XF:hpux-rlpd-bo(6811) ADDREF BID:3240 ADDREF CIAC:L-134 ADDREF CERT-VN:VU#966075 ADDREF CERT:CA-2001-30 INFERRED ACTION: CAN-2001-0668 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(3) Christey, Wall, Armstrong Voter Comments: Frech> XF:hpux-rlpd-bo(6811) Christey> BID:3240 URL:http://www.securityfocus.com/bid/3240 CIAC:L-134 URL:http://www.ciac.org/ciac/bulletins/l-134.shtml CERT-VN:VU#966075 URL:http://www.kb.cert.org/vuls/id/966075 CERT:CA-2001-30 URL:http://www.cert.org/advisories/CA-2001-30.html Christey> BID:3240 ====================================================== Candidate: CAN-2001-0670 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0670 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010827 Category: SF Reference: ISS:20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon Reference: URL:http://xforce.iss.net/alerts/advise94.php Reference: CERT:CA-2001-30 Reference: URL:http://www.cert.org/advisories/CA-2001-30.html Reference: OPENBSD:20010829 Reference: URL:http://www.openbsd.com/errata28.html Reference: CALDERA:CSSA-2001-SCO.20 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt Reference: NETBSD:NetBSD-SA2001-018 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc Reference: CERT-VN:VU#274043 Reference: URL:http://www.kb.cert.org/vuls/id/274043 Reference: XF:bsd-lpd-bo(7046) Reference: URL:http://xforce.iss.net/static/7046.php Reference: BID:3252 Reference: URL:http://www.securityfocus.com/bid/3252 Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. Modifications: ADDREF XF:bsd-lpd-bo(7046) ADDREF CERT-VN:VU#274043 ADDREF CERT:CA-2001-30 ADDREF BID:3252 ADDREF NETBSD:NetBSD-SA2001-018 INFERRED ACTION: CAN-2001-0670 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:bsd-lpd-bo(7046) Christey> ADDREF CERT-VN:VU#274043 http://www.kb.cert.org/vuls/id/274043 ADDREF CERT:CA-2001-30 URL:http://www.cert.org/advisories/CA-2001-30.html BID:3252 http://www.securityfocus.com/bid/3252 Christey> NETBSD:NetBSD-SA2001-018 Christey> NETBSD:NetBSD-SA2001-018 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc ====================================================== Candidate: CAN-2001-0675 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0675 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010418 SECURITY.NNOV: The Bat! <cr> bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html Reference: BUGTRAQ:20010421 Re: SECURITY.NNOV: The Bat! <cr> bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html Reference: BUGTRAQ:20010423 Re: SECURITY.NNOV: The Bat! <cr> bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html Reference: XF:thebat-pop3-dos(6423) Reference: URL:http://xforce.iss.net/static/6423.php Reference: BID:2636 Reference: URL:http://online.securityfocus.com/bid/2636 Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>. Modifications: ADDREF BID:2636 INFERRED ACTION: CAN-2001-0675 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Ziese NOOP(2) Foat, Stracener Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0676 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0676 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release) Reference: URL:http://www.securityfocus.com/archive/1/154359 Reference: XF:thebat-attachment-directory-traversal(5871) Reference: URL:http://xforce.iss.net/static/5871.php Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. INFERRED ACTION: CAN-2001-0676 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Frech, Ziese NOOP(2) Foat, Stracener Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0677 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0677 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010418 Eudora file leakage problem (still) Reference: URL:http://www.securityfocus.com/archive/1/177369 Reference: XF:eudora-plain-text-attachment(6431) Reference: URL:http://xforce.iss.net/static/6431.php Reference: BID:2616 Reference: URL:http://online.securityfocus.com/bid/2616 Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. Modifications: ADDREF BID:2616 INFERRED ACTION: CAN-2001-0677 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Cole, Frech, Ziese NOOP(2) Foat, Stracener Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0680 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0680 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/176712 Reference: BUGTRAQ:20010925 Vulnerabilities in QVT/Term Reference: URL:http://online.securityfocus.com/archive/1/216555 Reference: XF:qpc-ftpd-directory-traversal(6375) Reference: URL:http://xforce.iss.net/static/6375.php Reference: BID:2618 Reference: URL:http://online.securityfocus.com/bid/2618 Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command. Modifications: ADDREF BID:2618 ADDREF BUGTRAQ:20010925 Vulnerabilities in QVT/Term INFERRED ACTION: CAN-2001-0680 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0682 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0682 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010912 Assigned: 20010829 Category: SF Reference: NTBUGTRAQ:20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97818917222992&w=2 Reference: XF:zonealarm-mutex-dos(5821) Reference: URL:http://xforce.iss.net/static/5821.php ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting. INFERRED ACTION: CAN-2001-0682 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Foat, Cole, Frech, Stracener, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2001-0685 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0685 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98339581702282&w=2 Reference: CONFIRM:http://fcron.free.fr/CHANGES.html Reference: BID:2835 Reference: URL:http://www.securityfocus.com/bid/2835 Reference: XF:fcron-tmpfile-symlink(7127) Reference: URL:http://xforce.iss.net/static/7127.php Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file. Modifications: ADDREF XF:fcron-tmpfile-symlink(7127) ADDREF CONFIRM:http://fcron.free.fr/CHANGES.html INFERRED ACTION: CAN-2001-0685 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese MODIFY(1) Frech NOOP(3) Christey, Wall, Armstrong Voter Comments: Frech> XF:fcron-tmpfile-symlink(7127) Christey> CONFIRM:http://fcron.free.fr/CHANGES.html The section "From version 1.1.0 to 1.1.1" says: "security fix : sym link attack against fcrontab." ====================================================== Candidate: CAN-2001-0686 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0686 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html Reference: SUNBUG:4465086 Reference: BID:2819 Reference: URL:http://www.securityfocus.com/bid/2819 Reference: XF:solaris-mail-home-bo(6638) Reference: URL:http://xforce.iss.net/static/6638.php Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable. Modifications: ADDREF XF:solaris-mail-home-bo(6638) ADDREF SUNBUG:4465086 DESC rephrase INFERRED ACTION: CAN-2001-0686 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Dik, Ziese MODIFY(1) Frech NOOP(4) Wall, Cole, Armstrong, Bishop Voter Comments: Frech> XF:solaris-mail-home-bo(6638) Dik> sub bug: 4465086 ====================================================== Candidate: CAN-2001-0690 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0690 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010606 lil' exim format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html Reference: DEBIAN:DSA-058 Reference: URL:http://www.debian.org/security/2001/dsa-058 Reference: CONECTIVA:CLA-2001:402 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402 Reference: REDHAT:RHSA-2001:078 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-078.html Reference: XF:exim-syntax-format-string(6671) Reference: URL:http://xforce.iss.net/static/6671.php Reference: BID:2828 Reference: URL:http://online.securityfocus.com/bid/2828 Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. Modifications: ADDREF XF:exim-syntax-format-string(6671) ADDREF BID:2828 INFERRED ACTION: CAN-2001-0690 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Stracener MODIFY(1) Frech NOOP(3) Wall, Bishop, Ziese Voter Comments: Frech> XF:exim-syntax-format-string(6671) CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0692 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010608 WatchGuard SMTP Proxy issue Reference: URL:http://www.securityfocus.com/archive/1/189783 Reference: BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99379787421319&w=2 Reference: XF:firebox-smtp-bypass-filter(6682) Reference: URL:http://xforce.iss.net/static/6682.php Reference: BID:2855 Reference: URL:http://www.securityfocus.com/bid/2855 SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes. INFERRED ACTION: CAN-2001-0692 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Bishop, Ziese NOOP(1) Foat ====================================================== Candidate: CAN-2001-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0696 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/191916 Reference: MISC:http://netwinsite.com/surgeftp/manual/updates.htm Reference: BID:2891 Reference: URL:http://www.securityfocus.com/bid/2891 Reference: XF:surgeftp-concon-dos(6712) Reference: URL:http://xforce.iss.net/static/6712.php NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. Modifications: ADDREF MISC:http://netwinsite.com/surgeftp/manual/updates.htm INFERRED ACTION: CAN-2001-0696 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(4) Wall, Foat, Armstrong, Bishop ====================================================== Candidate: CAN-2001-0697 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0697 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010228 SurgeFTP Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/165816 Reference: WIN2KSEC:20010301 SurgeFTP 1.0b Denial of Service Reference: URL:http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200 Reference: CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm Reference: XF:surgeftp-listing-dos(6168) Reference: URL:http://xforce.iss.net/static/6168.php Reference: BID:2442 Reference: URL:http://online.securityfocus.com/bid/2442 NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. Modifications: ADDREF CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm ADDREF BID:2442 INFERRED ACTION: CAN-2001-0697 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Frech, Ziese, Stracener NOOP(3) Wall, Foat, Cole Voter Comments: Stracener> CONFIRM: http://www.netwinsite.com/surgeftp/manual/updates.htm ====================================================== Candidate: CAN-2001-0698 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0698 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/191916 Reference: CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm Reference: BID:2892 Reference: URL:http://www.securityfocus.com/bid/2892 Reference: XF:surgeftp-nlist-directory-traversal(6711) Reference: URL:http://xforce.iss.net/static/6711.php Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. Modifications: ADDREF CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm INFERRED ACTION: CAN-2001-0698 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Frech, Ziese NOOP(4) Wall, Foat, Armstrong, Bishop Voter Comments: Frech> CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm ====================================================== Candidate: CAN-2001-0699 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0699 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192299 Reference: SUNBUG:4469366 Reference: BID:2893 Reference: URL:http://www.securityfocus.com/bid/2893 Reference: XF:sun-cbreset-bo(6726) Reference: URL:http://xforce.iss.net/static/6726.php Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument. Modifications: ADDREF SUNBUG:4469366 INFERRED ACTION: CAN-2001-0699 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Frech, Dik, Ziese NOOP(3) Wall, Armstrong, Bishop Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] Dik> sun bug: 4469366 ====================================================== Candidate: CAN-2001-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0700 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192371 Reference: CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html Reference: XF:w3m-mime-header-bo(6725) Reference: URL:http://xforce.iss.net/static/6725.php Reference: BID:2895 Reference: URL:http://www.securityfocus.com/bid/2895 Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. INFERRED ACTION: CAN-2001-0700 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Frech, Bishop, Ziese NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-0701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0701 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/192667 Reference: SUNBUG:4469370 Reference: BID:2898 Reference: URL:http://www.securityfocus.com/bid/2898 Reference: XF:sunvts-ptexec-bo(6736) Reference: URL:http://xforce.iss.net/static/6736.php Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. Modifications: ADDREF SUNBUG:4469370 INFERRED ACTION: CAN-2001-0701 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Frech, Dik, Ziese NOOP(3) Wall, Armstrong, Bishop Voter Comments: Dik> Sun bug: 4469370 ====================================================== Candidate: CAN-2001-0706 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0706 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20010829 Assigned: 20010829 Category: SF Reference: BUGTRAQ:20010612 Rumpus FTP DoS vol. 2 Reference: URL:http://www.securityfocus.com/archive/1/190932 Reference: XF:rumpus-ftp-directory-dos(6699) Reference: URL:http://xforce.iss.net/static/6699.php Reference: BID:2864 Reference: URL:http://www.securityfocus.com/bid/2864 Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. INFERRED ACTION: CAN-2001-0706 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Prosser, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Bishop Voter Comments: Prosser> http://www.securityfocus.com/archive/1/190932 ====================================================== Candidate: CAN-2001-0710 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0710 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20010829 Assigned: 20010829 Category: Reference: FREEBSD:FreeBSD-SA-01:52 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc Reference: NETBSD:NetBSD-SA2001-006 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc Reference: XF:bsd-ip-fragments-dos(6636) Reference: URL:http://xforce.iss.net/static/6636.php Reference: BID:2799 Reference: URL:http://www.securityfocus.com/bid/2799 NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. Modifications: DESC fix typo CHANGEREF XF [fix typo] INFERRED ACTION: CAN-2001-0710 FINAL (Final Decision 20020309) Current Votes: ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener NOOP(2) Christey, Wall Voter Comments: Christey> I love spotting a "fragements" typo less than a day after actually creating a candidate! :-) Frech> In description, "fragements" should be "fragments". XF:bsd-ip fragments-dos(6636) should be XF:bsd-ip-fragments-dos(6636) (missing hyphen) ====================================================== Candidate: CAN-2001-0716 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0716 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20010926 Category: SF Reference: ISS:20011016 Citrix MetaFrame Remote Denial of Service Vulnerability Reference: URL:http://xforce.iss.net/alerts/advise99.php Reference: XF:metaframe-multiple-sessions-dos(7068) Reference: URL:http://xforce.iss.net/static/7068.php Reference: BID:3440 Reference: URL:http://online.securityfocus.com/bid/3440 Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. Modifications: ADDREF XF:metaframe-multiple-sessions-dos(7068) ADDREF BID:3440 INFERRED ACTION: CAN-2001-0716 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Foat REVIEWING(1) Wall Voter Comments: Frech> XF:metaframe-multiple-sessions-dos(7068) ====================================================== Candidate: CAN-2001-0717 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0717 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010926 Category: SF Reference: ISS:20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service Reference: URL:http://xforce.iss.net/alerts/advise98.php Reference: CERT:CA-2001-27 Reference: URL:http://www.cert.org/advisories/CA-2001-27.html Reference: CIAC:M-002 Reference: URL:http://www.ciac.org/ciac/bulletins/m-002.shtml Reference: HP:HPSBUX0110-168 Reference: SUN:00212 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212 Reference: COMPAQ:SSRT0767U Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml Reference: HP:HPSBUX0110-168 Reference: URL:http://online.securityfocus.com/advisories/3584 Reference: CALDERA:CSSA-2001-SCO.28 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt Reference: BID:3382 Reference: URL:http://www.securityfocus.com/bid/3382 Reference: XF:tooltalk-ttdbserverd-format-string(7069) Reference: URL:http://xforce.iss.net/static/7069.php Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. Modifications: ADDREF XF:tooltalk-ttdbserverd-format-string(7069) ADDREF SUN:00212 ADDREF CERT:CA-2001-27 ADDREF COMPAQ:SSRT0767U ADDREF HP:HPSBUX0110-168 ADDREF CIAC:M-002 ADDREF CALDERA:CSSA-2001-SCO.28 ADDREF BID:3382 INFERRED ACTION: CAN-2001-0717 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:tooltalk-ttdbserverd-format-string(7069) Christey> SUN:00212 URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212 (anyway, that's where it SHOULD be. But currently it's not, so try http://marc.theaimsgroup.com/?l=bugtraq&m=100568936023605&w=2) CERT:CA-2001-27 http://www.cert.org/advisories/CA-2001-27.html Christey> COMPAQ:SSRT0767U URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml ====================================================== Candidate: CAN-2001-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0718 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features Reference: URL:http://online.securityfocus.com/archive/1/218802 Reference: MS:MS01-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-050.asp Reference: CERT:CA-2001-28 Reference: URL:http://www.cert.org/advisories/CA-2001-28.html Reference: XF:ms-malformed-document-macro(7223) Reference: URL:http://xforce.iss.net/static/7223.php Reference: BID:3402 Reference: URL:http://online.securityfocus.com/bid/3402 Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. Modifications: ADDREF XF:ms-malformed-document-macro(7223) ADDREF BID:3402 ADDREF BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features INFERRED ACTION: CAN-2001-0718 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech Voter Comments: Frech> XF:ms-malformed-document-macro(7223) ====================================================== Candidate: CAN-2001-0719 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0719 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011122 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow Reference: URL:http://online.securityfocus.com/archive/1/202470 Reference: MS:MS01-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-056.asp Reference: XF:mediaplayer-asf-marker-bo(6962) Reference: URL:http://www.iss.net/security_center/static/6962.php Reference: BID:3156 Reference: URL:http://online.securityfocus.com/bid/3156 Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. Modifications: ADDREF XF:mediaplayer-asf-marker-bo(6962) ADDREF BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow ADDREF BID:3156 INFERRED ACTION: CAN-2001-0719 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech Voter Comments: Frech> XF:mediaplayer-asf-marker-bo(6962) ====================================================== Candidate: CAN-2001-0720 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0720 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011122 Assigned: 20010927 Category: SF Reference: MS:MS01-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-053.asp Reference: CIAC:M-013 Reference: URL:http://www.ciac.org/ciac/bulletins/m-013.shtml Reference: XF:ie-mac-downloaded-file-execution(7336) Reference: URL:http://xforce.iss.net/static/7336.php Reference: BID:3471 Reference: URL:http://online.securityfocus.com/bid/3471 Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled. Modifications: ADDREF XF:ie-mac-downloaded-file-execution(7336) ADDREF CIAC:M-013 ADDREF BID:3471 INFERRED ACTION: CAN-2001-0720 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech Voter Comments: Frech> XF:ie-mac-downloaded-file-execution(7336) ====================================================== Candidate: CAN-2001-0722 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0722 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011122 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100527618108521&w=2 Reference: BUGTRAQ:20011019 Minor IE vulnerability: about: URLs Reference: URL:http://www.securityfocus.com/archive/1/221612 Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Reference: XF:ie-about-cookie-information(7486) Reference: URL:http://xforce.iss.net/static/7486.php Reference: CIAC:M-016 Reference: URL:http://www.ciac.org/ciac/bulletins/m-016.shtml Reference: BID:3513 Reference: URL:http://online.securityfocus.com/bid/3513 Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." Modifications: ADDREF XF:ie-about-cookie-information(7486) ADDREF CIAC:M-016 ADDREF BID:3513 DESC add "aka" INFERRED ACTION: CAN-2001-0722 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:ie-about-cookie-information(7486) Christey> aka "First Cookie Handling Vulnerability" ====================================================== Candidate: CAN-2001-0723 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0723 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Reference: BID:3546 Reference: URL:http://online.securityfocus.com/bid/3546 Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." Modifications: ADDREF BID:3546 INFERRED ACTION: CAN-2001-0723 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Wall, Baker, Cole NOOP(1) Foat ====================================================== Candidate: CAN-2001-0728 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0728 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020225-01 Proposed: 20011012 Assigned: 20011002 Category: SF Reference: COMPAQ:SSRT0758 Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory2.html Reference: CERT-VN:VU#275979 Reference: URL:http://www.kb.cert.org/vuls/id/275979 Reference: XF:compaq-wbm-bo(7189) Reference: URL:http://xforce.iss.net/static/7189.php Reference: BID:3376 Reference: URL:http://www.securityfocus.com/bid/3376 Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges. Modifications: ADDREF XF:compaq-wbm-bo(7189) ADDREF CERT-VN:VU#275979 ADDREF BID:3376 INFERRED ACTION: CAN-2001-0728 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Frech> XF:compaq-wbm-bo(7189) Christey> CERT-VN:VU#275979 URL:http://www.kb.cert.org/vuls/id/275979 BID:3376 URL:http://www.securityfocus.com/bid/3376 ====================================================== Candidate: CAN-2001-0730 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0730 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011012 Assigned: 20011008 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/01-09-28#security Reference: MANDRAKE:MDKSA-2001:077 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3 Reference: CONECTIVA:CLA-2001:430 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430 Reference: ENGARDE:ESA-20011019-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1649.html Reference: XF:apache-log-file-overwrite(7419) Reference: URL:http://xforce.iss.net/static/7419.php split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. Modifications: ADDREF XF:apache-log-file-overwrite(7419) ADDREF MANDRAKE:MDKSA-2001:077 ADDREF CONECTIVA:CLA-2001:430 ADDREF ENGARDE:ESA-20011019-01 INFERRED ACTION: CAN-2001-0730 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:apache-log-file-overwrite(7419) ====================================================== Candidate: CAN-2001-0733 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0733 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010621 bugtraq submission Reference: URL:http://www.securityfocus.com/archive/1/192711 Reference: BID:2912 Reference: URL:http://www.securityfocus.com/bid/2912 Reference: XF:eperl-embedded-code-execution(6743) Reference: URL:http://xforce.iss.net/static/6743.php The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code. INFERRED ACTION: CAN-2001-0733 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Frech NOOP(1) Wall ====================================================== Candidate: CAN-2001-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0738 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-02 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99258618906506&w=2 Reference: CERT-VN:VU#249579 Reference: URL:http://www.kb.cert.org/vuls/id/249579 Reference: IMMUNIX:IMNX-2001-70-026-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01 Reference: XF:klogd-null-byte-dos(7098) Reference: URL:http://xforce.iss.net/static/7098.php LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages. Modifications: Changed CERT-VU: source to CERT-VN ADDREF IMMUNIX:IMNX-2001-70-026-01 INFERRED ACTION: CAN-2001-0738 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(2) Christey, Wall Voter Comments: Christey> IMMUNIX:IMNX-2001-70-026-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01 ====================================================== Candidate: CAN-2001-0739 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0739 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: ENGARDE:ESA-20010529-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1404.html Reference: XF:linux-webtool-inherit-privileges(7404) Reference: URL:http://xforce.iss.net/static/7404.php Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges. Modifications: ADDREF XF:linux-webtool-inherit-privileges(7404) INFERRED ACTION: CAN-2001-0739 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-webtool-inherit-privileges(7404) ====================================================== Candidate: CAN-2001-0740 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0740 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html Reference: BUGTRAQ:20010921 3Com OfficeConnect 812/840 Router DoS exploit code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119572524232&w=2 Reference: BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100137290421828&w=2 Reference: XF:3com-officeconnect-http-dos(6573) Reference: URL:http://xforce.iss.net/static/6573.php Reference: BID:2721 Reference: URL:http://www.securityfocus.com/bid/2721 3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability. INFERRED ACTION: CAN-2001-0740 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Frech MODIFY(1) Armstrong NOOP(1) Wall Voter Comments: Armstrong> The 840 apperas to be an SDSL router vice an ADSL one. Minor correction. ====================================================== Candidate: CAN-2001-0745 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0745 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html Reference: XF:netscape-user-info-retrieval(7417) Reference: URL:http://xforce.iss.net/static/7417.php Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. Modifications: ADDREF XF:netscape-user-info-retrieval(7417) INFERRED ACTION: CAN-2001-0745 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Foat, Cole MODIFY(1) Frech NOOP(1) Armstrong REVIEWING(1) Wall Voter Comments: Frech> XF:netscape-user-info-retrieval(7417) CHANGE> [Armstrong changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0750 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0750 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010524 IOS Reload after Scanning Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml Reference: XF:cisco-ios-tcp-dos(6589) Reference: URL:http://xforce.iss.net/static/6589.php Reference: BID:2804 Reference: URL:http://online.securityfocus.com/bid/2804 Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. Modifications: ADDREF BID:2804 INFERRED ACTION: CAN-2001-0750 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(1) Wall ====================================================== Candidate: CAN-2001-0751 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0751 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Reference: XF:tcp-seq-predict(139) Reference: URL:http://xforce.iss.net/static/139.php Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. Modifications: ADDREF XF:tcp-seq-predict(139) INFERRED ACTION: CAN-2001-0751 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:tcp-seq-predict(139) ====================================================== Candidate: CAN-2001-0752 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0752 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Reference: XF:cisco-cbos-record-dos(7298) Reference: URL:http://xforce.iss.net/static/7298.php Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. Modifications: ADDREF XF:cisco-cbos-record-dos(7298) INFERRED ACTION: CAN-2001-0752 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-cbos-record-dos(7298) ====================================================== Candidate: CAN-2001-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0754 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html Reference: XF:cisco-cbos-multiple-echo(7299) Reference: URL:http://xforce.iss.net/static/7299.php Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. Modifications: ADDREF XF:cisco-cbos-multiple-echo(7299) INFERRED ACTION: CAN-2001-0754 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> Need to see what the difference is between this and CVE-2001-0057. Frech> XF:cisco-cbos-multiple-echo(7299) Christey> OK, the difference is in the affected version numbers. ====================================================== Candidate: CAN-2001-0757 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0757 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml Reference: BID:2874 Reference: URL:http://www.securityfocus.com/bid/2874 Reference: XF:cisco-nrp2-telnet-access(6691) Reference: URL:http://xforce.iss.net/static/6691.php Reference: CERT-VN:VU#516659 Reference: URL:http://www.kb.cert.org/vuls/id/516659 Reference: CIAC:L-097 Reference: URL:http://www.ciac.org/ciac/bulletins/l-097.shtml Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. Modifications: ADDREF XF:cisco-nrp2-telnet-access(6691) ADDREF CERT-VN:VU#516659 ADDREF CIAC:L-097 INFERRED ACTION: CAN-2001-0757 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-nrp2-telnet-access(6691) ====================================================== Candidate: CAN-2001-0760 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0760 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010630 Nfuse reveals full path Reference: URL:http://www.securityfocus.com/archive/1/194449 Reference: BUGTRAQ:20010702 Re: Nfuse reveals full path Reference: URL:http://www.securityfocus.com/archive/1/194522 Reference: BID:2956 Reference: URL:http://www.securityfocus.com/bid/2956 Reference: XF:citrix-nfuse-path-disclosure(6786) Reference: URL:http://xforce.iss.net/static/6786.php Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. Modifications: ADDREF XF:citrix-nfuse-path-disclosure(6786) DESC add launch.asp INFERRED ACTION: CAN-2001-0760 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Baker MODIFY(2) Foat, Frech NOOP(5) Christey, Oliver, Wall, Cole, Armstrong Voter Comments: Frech> XF:citrix-nfuse-path-disclosure(6786) Christey> Consider adding launch.asp to the description to facilitate search. Foat> Be sure to include the / at the end of the URL to verify the vulnerability. ====================================================== Candidate: CAN-2001-0764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0764 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: VULN-DEV:20010609 suid scotty / ntping overflow Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html Reference: VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd) Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html Reference: BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd) Reference: URL:http://www.securityfocus.com/archive/1/192664 Reference: SUSE:SuSE-SA:2001:023 Reference: URL:http://www.suse.de/de/support/security/2001_023_scotty_txt.txt Reference: XF:scotty-ntping-bo(6735) Reference: URL:http://xforce.iss.net/static/6735.php Reference: BID:2911 Reference: URL:http://www.securityfocus.com/bid/2911 Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. INFERRED ACTION: CAN-2001-0764 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(1) Wall ====================================================== Candidate: CAN-2001-0765 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0765 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html Reference: CONFIRM:http://www.bisonftp.com/ServRev.htm Reference: BID:2963 Reference: URL:http://www.securityfocus.com/bid/2963 Reference: XF:bisonftp-bdl-directory-traversal(6782) Reference: URL:http://xforce.iss.net/static/6782.php BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. Modifications: ADDREF XF:bisonftp-bdl-directory-traversal(6782) INFERRED ACTION: CAN-2001-0765 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bisonftp-bdl-directory-traversal(6782) ====================================================== Candidate: CAN-2001-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0773 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap Reference: URL:http://www.securityfocus.com/archive/1/195644 Reference: BID:3001 Reference: URL:http://www.securityfocus.com/bid/3001 Reference: XF:cayman-dsl-portscan-dos(6825) Reference: URL:http://xforce.iss.net/static/6825.php Reference: CERT-VN:VU#312761 Reference: URL:http://www.kb.cert.org/vuls/id/312761 Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. Modifications: ADDREF XF:cayman-dsl-portscan-dos(6825) ADDREF CERT-VN:VU#312761 INFERRED ACTION: CAN-2001-0773 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Armstrong MODIFY(1) Frech NOOP(5) Christey, Oliver, Wall, Foat, Cole Voter Comments: Frech> XF:cayman-dsl-portscan-dos(6825) Christey> CERT-VN:VU#312761 URL:http://www.kb.cert.org/vuls/id/312761 ====================================================== Candidate: CAN-2001-0774 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0774 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010709 Tripwire temporary files Reference: URL:http://www.securityfocus.com/archive/1/195617 Reference: BID:3003 Reference: URL:http://www.securityfocus.com/bid/3003 Reference: XF:tripwire-tmpfile-symlink(6820) Reference: URL:http://xforce.iss.net/static/6820.php Reference: CERT-VN:VU#349019 Reference: URL:http://www.kb.cert.org/vuls/id/349019 Reference: MANDRAKE:MDKSA-2001:064 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3 Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. Modifications: ADDREF XF:tripwire-tmpfile-symlink(6820) ADDREF CERT-VN:VU#349019 ADDREF MANDRAKE:MDKSA-2001:064 DESC fix typo INFERRED ACTION: CAN-2001-0774 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:tripwire-tmpfile-symlink(6820) CONFIRM:http://www.linux-mandrake.com/en/security/2001/MDKSA- 2001-064.php3?dis=8.0 CHANGE> [Wall changed vote from REVIEWING to ACCEPT] Christey> Fix typo: "ovperwrite" ====================================================== Candidate: CAN-2001-0779 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0779 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability Reference: URL:http://www.securityfocus.com/archive/1/187086 Reference: BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available Reference: URL:http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu Reference: SUNBUG:4456994 Reference: CERT-VN:VU#327281 Reference: URL:http://www.kb.cert.org/vuls/id/327281 Reference: SUN:00209 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/209 Reference: CIAC:M-008 Reference: URL:http://www.ciac.org/ciac/bulletins/m-008.shtml Reference: XF:solaris-yppasswd-bo(6629) Reference: URL:http://xforce.iss.net/static/6629.php Reference: BID:2763 Reference: URL:http://www.securityfocus.com/bid/2763 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. Modifications: ADDREF SUNBUG:4456994 ADDREF CERT-VN:VU#327281 ADDREF SUN:00209 ADDREF CIAC:M-008 INFERRED ACTION: CAN-2001-0779 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Armstrong, Frech, Dik NOOP(1) Cole Voter Comments: Frech> Sun Bug ID 4456994 rpc.yppasswdd contains a buffer overflow CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0784 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010626 Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html Reference: BID:2932 Reference: URL:http://www.securityfocus.com/bid/2932 Reference: XF:icecast-dot-directory-traversal(6752) Reference: URL:http://xforce.iss.net/static/6752.php Reference: DEBIAN:DSA-089 Reference: URL:http://www.debian.org/security/2001/dsa-089 Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. Modifications: ADDREF XF:icecast-dot-directory-traversal(6752) ADDREF DEBIAN:DSA-089 INFERRED ACTION: CAN-2001-0784 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(4) Christey, Wall, Foat, Armstrong Voter Comments: Frech> XF:icecast-dot-directory-traversal(6752) Christey> MISC:http://www.icecast.org/index.html On August 7, 2001 (more than a month after the initial disclosure), the news page states "contains a couple security updates." There is insufficient information to be confident whether the vendor is fixing the DoS or directory traversal problems identified on Bugtraq. Christey> Inquiry sent to team@icecast.org on 2/25/2002 for completeness, received a reply stating "Afaik, the current released version of icecast resolves all reported security issues. Debian advisory is certainly sufficient acknowledgement. ====================================================== Candidate: CAN-2001-0787 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0787 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: REDHAT:RHSA-2001:077 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-077.html Reference: CIAC:L-096 Reference: URL:http://www.ciac.org/ciac/bulletins/l-096.shtml Reference: BID:2865 Reference: URL:http://www.securityfocus.com/bid/2865 Reference: XF:lprng-supplementary-groups(6703) Reference: URL:http://xforce.iss.net/static/6703.php LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. Modifications: ADDREF CIAC:L-096 ADDREF BID:2865 ADDREF XF:lprng-supplementary-groups(6703) INFERRED ACTION: CAN-2001-0787 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:lprng-supplementary-groups(6703) Christey> CIAC:L-096 http://www.ciac.org/ciac/bulletins/l-096.shtml BID:2865 http://www.securityfocus.com/bid/2865 ====================================================== Candidate: CAN-2001-0796 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0796 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011023 Category: SF Reference: SGI:20011001-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=8990 Reference: XF:irix-igmp-dos(7332) Reference: URL:http://xforce.iss.net/static/7332.php Reference: BID:3463 Reference: URL:http://online.securityfocus.com/bid/3463 SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay. Modifications: ADDREF XF:irix-igmp-dos(7332) ADDREF BID:3463 INFERRED ACTION: CAN-2001-0796 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:irix-igmp-dos(7332) ====================================================== Candidate: CAN-2001-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0801 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011025 Category: SF Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2 Reference: SGI:20011003-02-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P Reference: XF:irix-lpstat-net-type-library(7639) Reference: URL:http://xforce.iss.net/static/7639.php lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library Modifications: ADDREF XF:irix-lpstat-net-type-library(7639) INFERRED ACTION: CAN-2001-0801 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:irix-lpstat-net-type-library(7639) ====================================================== Candidate: CAN-2001-0803 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0803 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011029 Category: SF Reference: ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service Reference: URL:http://xforce.iss.net/alerts/advise101.php Reference: CERT:CA-2001-31 Reference: URL:http://www.cert.org/advisories/CA-2001-31.html Reference: CERT:CA-2002-01 Reference: URL:http://www.cert.org/advisories/CA-2002-01.html Reference: CERT-VN:VU#172583 Reference: URL:http://www.kb.cert.org/vuls/id/172583 Reference: SUN:00214 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214 Reference: HP:HPSBUX0111-175 Reference: URL:http://www.securityfocus.com/advisories/3651 Reference: CALDERA:CSSA-2001-SCO.30 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/ Reference: SGI:20011107-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P Reference: BID:3517 Reference: URL:http://www.securityfocus.com/bid/3517 Reference: XF:cde-dtspcd-bo(7396) Reference: URL:http://xforce.iss.net/static/7396.php Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands Modifications: ADDREF XF:cde-dtspcd-bo(7396) ADDREF SUN:00214 ADDREF CERT:CA-2002-01 ADDREF SGI:20011107-01-P INFERRED ACTION: CAN-2001-0803 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Armstrong, Dik, Bishop MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:cde-dtspcd-bo(7396) Christey> ADDREF SUN:00214 Christey> ADDREF CERT:CA-2002-01 Dik> Sun bug: 4527363 ====================================================== Candidate: CAN-2001-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0804 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com Reference: CONFIRM:http://www.valeriemates.com/story_download.html Reference: XF:interactive-story-next-directory-traversal(6843) Reference: URL:http://xforce.iss.net/static/6843.php Reference: BID:3028 Reference: URL:http://www.securityfocus.com/bid/3028 Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter. INFERRED ACTION: CAN-2001-0804 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Bishop NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0805 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi Reference: URL:http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com Reference: BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi Reference: URL:http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com Reference: XF:tarantella-ttawebtop-read-files(6723) Reference: URL:http://xforce.iss.net/static/6723.php Reference: BID:2890 Reference: URL:http://www.securityfocus.com/bid/2890 Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. INFERRED ACTION: CAN-2001-0805 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Frech, Bishop NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0806 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011030 Category: CF Reference: BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99358249631139&w=2 Reference: BUGTRAQ:20011007 OS X 10.1 and localized desktop folder still vulnerable Reference: URL:http://online.securityfocus.com/archive/1/219166 Reference: BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99436289015729&w=2 Reference: BID:2930 Reference: URL:http://www.securityfocus.com/bid/2930 Reference: XF:macos-desktop-insecure-permissions(6750) Reference: URL:http://xforce.iss.net/static/6750.php Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. Modifications: ADDREF XF:macos-desktop-insecure-permissions(6750) CHANGEREF BUGTRAQ add date INFERRED ACTION: CAN-2001-0806 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(3) Wall, Armstrong, Bishop Voter Comments: Frech> XF:macos-desktop-insecure-permissions(6750) ====================================================== Candidate: CAN-2001-0815 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0815 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011113 Category: SF Reference: BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100583978302585&w=2 Reference: CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062 Reference: BID:3526 Reference: URL:http://www.securityfocus.com/bid/3526 Reference: XF:activeperl-perlis-filename-bo(7539) Reference: URL:http://xforce.iss.net/static/7539.php Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to exute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. Modifications: ADDREF XF:activeperl-perlis-filename-bo(7539) INFERRED ACTION: CAN-2001-0815 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(4) Wall, Foat, Armstrong, Bishop Voter Comments: Frech> XF:activeperl-perlis-filename-bo(7539) ====================================================== Candidate: CAN-2001-0816 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011113 Category: SF Reference: BUGTRAQ:20010918 OpenSSH: sftp & bypassing keypair auth restrictions Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html Reference: CONECTIVA:CLSA-2001:431 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431 Reference: IMMUNIX:IMNX-2001-70-034-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01 Reference: REDHAT:RHSA-2001:154 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-154.html Reference: XF:openssh-sftp-bypass-restrictions(7634) Reference: URL:http://xforce.iss.net/static/7634.php OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. Modifications: ADDREF XF:openssh-sftp-bypass-restrictions(7634) ADDREF CONECTIVA:CLSA-2001:431 ADDREF IMMUNIX:IMNX-2001-70-034-01 ADDREF REDHAT:RHSA-2001:154 INFERRED ACTION: CAN-2001-0816 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:openssh-sftp-bypass-restrictions(7634) ====================================================== Candidate: CAN-2001-0819 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0819 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: DEBIAN:DSA-060 Reference: URL:http://www.debian.org/security/2001/dsa-060 Reference: ENGARDE:ESA-20010620-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1451.html Reference: MANDRAKE:MDKSA-2001:063 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1 Reference: CALDERA:CSSA-2001-022.1 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt Reference: CONECTIVA:CLA-2001:403 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403 Reference: FREEBSD:FreeBSD-SA-01:43 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:43.fetchmail.asc Reference: IMMUNIX:IMNX-2001-70-025-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-025-01 Reference: BID:2877 Reference: URL:http://www.securityfocus.com/bid/2877 Reference: XF:fetchmail-long-header-bo(6704) Reference: URL:http://xforce.iss.net/static/6704.php Reference: SUSE:SuSE-SA:2001:026 Reference: URL:http://www.suse.com/de/support/security/2001_026_fetchmail_txt.html A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. Modifications: ADDREF FREEBSD:FreeBSD-SA-01:43 ADDREF IMMUNIX:IMNX-2001-70-025-01 ADDREF SUSE:SuSE-SA:2001:026 INFERRED ACTION: CAN-2001-0819 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0822 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0822 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99167206319643&w=2 Reference: CONFIRM:http://www.pkcrew.org/news.php Reference: XF:linux-fpf-kernel-dos(6659) Reference: URL:http://xforce.iss.net/static/6659.php Reference: BID:2816 Reference: URL:http://www.securityfocus.com/bid/2816 FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. INFERRED ACTION: CAN-2001-0822 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0823 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0823 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010618 pmpost - another nice symlink follower Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99290754901708&w=2 Reference: BUGTRAQ:20010619 Re: pmpost - another nice symlink follower Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html Reference: SGI:20010601-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A Reference: XF:irix-pcp-pmpost-symlink(6724) Reference: URL:http://xforce.iss.net/static/6724.php Reference: BID:2887 Reference: URL:http://www.securityfocus.com/bid/2887 The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR). INFERRED ACTION: CAN-2001-0823 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop NOOP(1) Wall ====================================================== Candidate: CAN-2001-0828 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0828 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: CONFIRM:http://www.caucho.com/products/resin/changes.xtp Reference: BID:2981 Reference: URL:http://www.securityfocus.com/bid/2981 Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://xforce.iss.net/static/6793.php Reference: CERT-VN:VU#981651 Reference: URL:http://www.kb.cert.org/vuls/id/981651 A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. Modifications: ADDREF XF:java-servlet-crosssite-scripting(6793) ADDREF CERT-VN:VU#981651 INFERRED ACTION: CAN-2001-0828 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Armstrong, Bishop MODIFY(1) Frech NOOP(4) Christey, Wall, Foat, Cole Voter Comments: Frech> XF:java-servlet-crosssite-scripting(6793) Christey> CERT-VN:VU#981651 URL:http://www.kb.cert.org/vuls/id/981651 ====================================================== Candidate: CAN-2001-0830 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0830 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011023 Remote DoS in 6tunnel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386451702966&w=2 Reference: CONFIRM:ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz Reference: XF:6tunnel-open-socket-dos(7337) Reference: URL:http://xforce.iss.net/static/7337.php Reference: BID:3467 Reference: URL:http://online.securityfocus.com/bid/3467 6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server. Modifications: ADDREF XF:6tunnel-open-socket-dos(7337) ADDREF BID:3467 INFERRED ACTION: CAN-2001-0830 FINAL (Final Decision 20020309) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Foat, Cole, Armstrong, Bishop Voter Comments: Frech> XF:6tunnel-open-socket-dos(7337) ====================================================== Candidate: CAN-2001-0833 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0833 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020308-02 Proposed: 20011122 Assigned: 20011122 Category: CF Reference: BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5. Reference: URL:http://online.securityfocus.com/archive/1/201295 Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2 Reference: BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/222612 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf Reference: CIAC:M-011 Reference: URL:http://www.ciac.org/ciac/bulletins/m-011.shtml Reference: XF:oracle-binary-symlink(6940) Reference: URL:http://xforce.iss.net/static/6940.php Reference: BID:3139 Reference: URL:http://online.securityfocus.com/bid/3139 Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." Modifications: ADDREF XF:oracle-binary-symlink(6940) ADDREF BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5. ADDREF BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability ADDREF BID:3139 ADDREF CIAC:M-011 INFERRED ACTION: CAN-2001-0833 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:oracle-otrcrep-bo(6933) Christey> CIAC:M-011 URL:http://www.ciac.org/ciac/bulletins/m-011.shtml ====================================================== Candidate: CAN-2001-0834 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0834 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593 Reference: BUGTRAQ:20011007 Re: Bug found in ht://Dig htsearch CGI Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2 Reference: CONECTIVA:CLA-2001:429 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 Reference: SUSE:SuSE-SA:2001:035 Reference: URL:http://www.suse.com/de/support/security/2001_035_htdig_txt.txt Reference: DEBIAN:DSA-080 Reference: URL:http://www.debian.org/security/2001/dsa-080 Reference: REDHAT:RHSA-2001:139 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-139.html Reference: CALDERA:CSSA-2001-035.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt Reference: MANDRAKE:MDKSA-2001:083 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 Reference: BID:3410 Reference: URL:http://www.securityfocus.com/bid/3410 Reference: XF:htdig-htsearch-infinite-loop(7262) Reference: URL:http://xforce.iss.net/static/7262.php Reference: XF:htdig-htsearch-retrieve-files(7263) Reference: URL:http://xforce.iss.net/static/7263.php htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. Modifications: ADDREF XF:htdig-htsearch-infinite-loop(7262) ADDREF XF:htdig-htsearch-retrieve-files(7263) ADDREF REDHAT:RHSA-2001:139 ADDREF CALDERA:CSSA-2001-035.0 ADDREF BID:3410 ADDREF MANDRAKE:MDKSA-2001:083 INFERRED ACTION: CAN-2001-0834 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:htdig-htsearch-infinite-loop(7262) XF:htdig-htsearch-retrieve-files(7263) Christey> ADDREF RHSA-2001:139 (per Mark Cox of Red Hat) Christey> MANDRAKE:MDKSA-2001:083 URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3 CALDERA:CSSA-2001-035.0 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt BID:3410 URL:http://www.securityfocus.com/bid/3410 ====================================================== Candidate: CAN-2001-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0836 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: Reference: BUGTRAQ:20011018 def-2001-30 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100342151132277&w=2 Reference: BUGTRAQ:20011024 Oracle9iAS Web Cache Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395487007578&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf Reference: CERT:CA-2001-29 Reference: URL:http://www.cert.org/advisories/CA-2001-29.html Reference: CERT-VN:VU#649979 Reference: URL:http://www.kb.cert.org/vuls/id/649979 Reference: XF:oracle-appserver-http-bo(7306) Reference: URL:http://xforce.iss.net/static/7306.php Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. Modifications: ADDREF XF:oracle-appserver-http-bo(7306) ADDREF CERT:CA-2001-29 ADDREF CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf ADDREF CERT-VN:VU#649979 INFERRED ACTION: CAN-2001-0836 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:oracle-appserver-http-bo(7306) ====================================================== Candidate: CAN-2001-0843 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0843 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020308-02 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010921 squid DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100109679010256&w=2 Reference: REDHAT:RHSA-2001:113 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-113.html Reference: SUSE:SuSE-SA:2001:037 Reference: URL:http://www.suse.de/de/support/security/2001_037_squid_txt.txt Reference: MANDRAKE:MDKSA-2001:088 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3 Reference: DEBIAN:DSA-077 Reference: URL:http://www.debian.org/security/2001/dsa-077 Reference: XF:squid-mkdir-put-dos(7157) Reference: URL:http://xforce.iss.net/static/7157.php Reference: BID:3354 Reference: URL:http://online.securityfocus.com/bid/3354 Reference: CONECTIVA:CLA-2001:426 Reference: URL:http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request. Modifications: ADDREF XF:squid-mkdir-put-dos(7157) ADDREF MANDRAKE:MDKSA-2001:088 ADDREF DEBIAN:DSA-077 ADDREF BID:3354 ADDREF CONECTIVA:CLA-2001:426 INFERRED ACTION: CAN-2001-0843 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:squid-mkdir-put-dos(7157) Christey> MANDRAKE:MDKSA-2001:088 URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3 ====================================================== Candidate: CAN-2001-0846 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0846 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100448721830960&w=2 Reference: XF:lotus-domino-replicaid-access(7424) Reference: URL:http://xforce.iss.net/static/7424.php Reference: BID:3491 Reference: URL:http://www.iss.net/security_center/static/7424.php Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). Modifications: ADDREF XF:lotus-domino-replicaid-access(7424) ADDREF BID:3491 INFERRED ACTION: CAN-2001-0846 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Wall, Foat, Bishop Voter Comments: Frech> XF:lotus-domino-replicaid-access(7424) ====================================================== Candidate: CAN-2001-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0850 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CALDERA:CSSA-2001-037.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt Reference: XF:openlinux-libdb-bo(7427) Reference: URL:http://xforce.iss.net/static/7427.php A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. Modifications: ADDREF XF:openlinux-libdb-bo(7427) INFERRED ACTION: CAN-2001-0850 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:openlinux-libdb-bo(7427) ====================================================== Candidate: CAN-2001-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0851 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: ENGARDE:ESA-20011106-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1683.html Reference: CALDERA:CSSA-2001-38.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt Reference: SUSE:SuSE-SA:2001:039 Reference: URL:http://www.suse.de/de/support/security/2001_039_kernel2_txt.txt Reference: XF:linux-syncookie-bypass-filter(7461) Reference: URL:http://xforce.iss.net/static/7461.php Reference: REDHAT:RHSA-2001:142 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html Reference: CONECTIVA:CLA-2001:432 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. Modifications: ADDREF XF:linux-syncookie-bypass-filter(7461) ADDREF REDHAT:RHSA-2001:142 ADDREF CONECTIVA:CLA-2001:432 ADDREF MANDRAKE:MDKSA-2001:082 INFERRED ACTION: CAN-2001-0851 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Frech> XF:linux-syncookie-bypass-filter(7461) Christey> ADDREF RHSA-2001:142 (per Mark Cox of Red Hat) ====================================================== Candidate: CAN-2001-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0852 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011105 RH Linux Tux HTTPD DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498100112191&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tux-list&m=100584714702328&w=2 Reference: REDHAT:RHSA-2001:142 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html Reference: XF:tux-http-host-dos(7464) Reference: URL:http://xforce.iss.net/static/7464.php Reference: BID:3506 Reference: URL:http://online.securityfocus.com/bid/3506 TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header. Modifications: ADDREF XF:tux-http-host-dos(7464) ADDREF BID:3506 DESC rephrase, add details INFERRED ACTION: CAN-2001-0852 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:tux-http-host-dos(7464) Christey> ADDREF RHSA-2001:142 (per Mark Cox of Red Hat) ====================================================== Candidate: CAN-2001-0857 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0857 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2 Reference: BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2 Reference: CONECTIVA:CLA-2001:437 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437 Reference: CALDERA:CSSA-2001-039.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt Reference: XF:imp-css-steal-cookies(7496) Reference: URL:http://xforce.iss.net/static/7496.php Reference: BID:3525 Reference: URL:http://www.securityfocus.com/bid/3525 Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. Modifications: ADDREF XF:imp-css-steal-cookies(7496) ADDREF CONECTIVA:CLA-2001:437 ADDREF BID:3525 ADDREF CALDERA:CSSA-2001-039.0 INFERRED ACTION: CAN-2001-0857 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Frech> XF:imp-css-steal-cookies(7496) CONFIRM:http://www.horde.org/imp/2.2/ Christey> CONECTIVA:CLA-2001:437 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100595247710753&w=2 BID:3525 URL:http://www.securityfocus.com/bid/3525 Christey> CALDERA:CSSA-2001-039.0 URL:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt ====================================================== Candidate: CAN-2001-0859 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0859 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: REDHAT:RHSA-2001:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-148.html Reference: HP:HPSBTL0112-006 Reference: URL:http://online.securityfocus.com/advisories/3725 Reference: XF:linux-korean-default-umask(7549) Reference: URL:http://xforce.iss.net/static/7549.php Reference: BID:3527 Reference: URL:http://online.securityfocus.com/bid/3527 2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions. Modifications: ADDREF XF:linux-korean-default-umask(7549) ADDREF BID:3527 ADDREF HP:HPSBTL0112-006 INFERRED ACTION: CAN-2001-0859 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop MODIFY(1) Frech Voter Comments: Frech> XF:linux-korean-default-umask(7549) ====================================================== Candidate: CAN-2001-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0860 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100578220002083&w=2 Reference: XF:win-terminal-spoof-address(7538) Reference: URL:http://xforce.iss.net/static/7538.php Reference: BID:3541 Reference: URL:http://online.securityfocus.com/bid/3541 Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). Modifications: ADDREF XF:win-terminal-spoof-address(7538) ADDREF BID:3541 INFERRED ACTION: CAN-2001-0860 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) LeBlanc, Prosser, Baker, Foat MODIFY(1) Frech NOOP(2) Cole, Bishop REVIEWING(1) Wall Voter Comments: Frech> XF:win-terminal-spoof-address(7538) ====================================================== Candidate: CAN-2001-0861 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0861 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml Reference: XF:cisco-icmp-unreachable-dos(7536) Reference: URL:http://xforce.iss.net/static/7536.php Reference: BID:3534 Reference: URL:http://online.securityfocus.com/bid/3534 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. Modifications: ADDREF XF:cisco-icmp-unreachable-dos(7536) ADDREF BID:3534 ADDREF CIAC:M-018 INFERRED ACTION: CAN-2001-0861 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-icmp-unreachable-dos(7536) ====================================================== Candidate: CAN-2001-0862 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0862 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml Reference: XF:cisco-acl-noninital-dos(7550) Reference: URL:http://xforce.iss.net/static/7550.php Reference: BID:3535 Reference: URL:http://online.securityfocus.com/bid/3535 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. Modifications: ADDREF XF:cisco-acl-noninital-dos(7550) ADDREF BID:3535 ADDREF CIAC:M-018 INFERRED ACTION: CAN-2001-0862 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-acl-noninital-dos(7550) ====================================================== Candidate: CAN-2001-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0863 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml Reference: XF:cisco-acl-outgoing-fragment(7551) Reference: URL:http://xforce.iss.net/static/7551.php Reference: BID:3539 Reference: URL:http://online.securityfocus.com/bid/3539 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. Modifications: ADDREF XF:cisco-acl-outgoing-fragment(7551) ADDREF CIAC:M-018 ADDREF BID:3539 INFERRED ACTION: CAN-2001-0863 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-acl-outgoing-fragment(7551) ====================================================== Candidate: CAN-2001-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0864 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.iss.net/security_center/static/7553.php Reference: XF:cisco-acl-deny-ip(7553) Reference: URL:http://xforce.iss.net/static/7553.php Reference: BID:3536 Reference: URL:http://online.securityfocus.com/bid/3536 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. Modifications: ADDREF CIAC:M-018 ADDREF BID:3536 ADDREF XF:cisco-acl-deny-ip(7553) INFERRED ACTION: CAN-2001-0864 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-acl-deny-ip(7553) ====================================================== Candidate: CAN-2001-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0865 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.iss.net/security_center/static/7552.php Reference: BID:3540 Reference: URL:http://online.securityfocus.com/bid/3540 Reference: XF:cisco-turbo-acl-dos(7552) Reference: URL:http://xforce.iss.net/static/7552.php Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. Modifications: ADDREF XF:cisco-turbo-acl-dos(7552) ADDREF CIAC:M-018 ADDREF BID:3540 INFERRED ACTION: CAN-2001-0865 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-turbo-acl-dos(7552) ====================================================== Candidate: CAN-2001-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0866 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml Reference: XF:cisco-input-acl-configured(7554) Reference: URL:http://www.iss.net/security_center/static/7554.php Reference: BID:3537 Reference: URL:http://www.securityfocus.com/bid/3537 Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. Modifications: ADDREF XF:cisco-input-acl-configured(7554) ADDREF CIAC:M-018 ADDREF BID:3537 INFERRED ACTION: CAN-2001-0866 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Bishop MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:cisco-input-acl-configured(7554) ====================================================== Candidate: CAN-2001-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0867 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020226-01 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Reference: CIAC:M-018 Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml Reference: XF:cisco-acl-fragment-bypass(7555) Reference: URL:http://xforce.iss.net/static/7555.php Reference: BID:3538 Reference: URL:http://www.securityfocus.com/bid/3538 Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. Modifications: ADDREF XF:cisco-acl-fragment-bypass(7555) ADDREF CIAC:M-018 ADDREF BID:3538 INFERRED ACTION: CAN-2001-0867 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Bishop MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:cisco-acl-fragment-bypass(7555) ====================================================== Candidate: CAN-2001-0874 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0874 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: XF:ie-frame-verification-variant2(7702) Reference: URL:http://xforce.iss.net/static/7702.php Reference: BID:3693 Reference: URL:http://www.securityfocus.com/bid/3693 Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. INFERRED ACTION: CAN-2001-0874 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0875 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0875 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog Reference: URL:http://www.securityfocus.com/archive/1/245594 Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: XF:ie-file-download-ext-spoof(7636) Reference: URL:http://xforce.iss.net/static/7636.php Reference: BID:3597 Reference: URL:http://www.securityfocus.com/bid/3597 Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. INFERRED ACTION: CAN-2001-0875 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0876 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0876 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020308-01 Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2 Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2 Reference: MS:MS01-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp Reference: CERT:CA-2001-37 Reference: URL:http://www.cert.org/advisories/CA-2001-37.html Reference: CERT-VN:VU#951555 Reference: URL:http://www.kb.cert.org/vuls/id/951555 Reference: XF:win-upnp-notify-bo(7721) Reference: URL:http://xforce.iss.net/static/7721.php Reference: BID:3723 Reference: URL:http://www.securityfocus.com/bid/3723 Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. Modifications: DESC fix typo: "98E" should be "98SE" INFERRED ACTION: CAN-2001-0876 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech Voter Comments: Frech> ADDREF:ISS:Multiple Vulnerabilities in Universal Plug and Play Service URL:http://xforce.iss.net/alerts/advise106.php Is Windows 98E perhaps supposed to be Windows 98SE (Second Edition)? ====================================================== Candidate: CAN-2001-0877 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0877 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20011211 Category: SF Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2 Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2 Reference: BUGTRAQ:20020109 UPNP Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/249238 Reference: MS:MS01-059 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp Reference: CERT:CA-2001-37 Reference: URL:http://www.cert.org/advisories/CA-2001-37.html Reference: CERT-VN:VU#411059 Reference: URL:http://www.kb.cert.org/vuls/id/411059 Reference: XF:win-upnp-udp-dos(7722) Reference: URL:http://xforce.iss.net/static/7722.php Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. Modifications: DESC fix typo INFERRED ACTION: CAN-2001-0877 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech Voter Comments: Frech> ADDREF:ISS:Multiple Vulnerabilities in Universal Plug and Play Service URL:http://xforce.iss.net/alerts/advise106.php Is Windows 98E perhaps supposed to be Windows 98SE (Second Edition)? ====================================================== Candidate: CAN-2001-0879 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0879 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20011211 Category: SF Reference: ATSTAKE:A122001-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2 Reference: MS:MS01-060 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp Reference: XF:mssql-c-runtime-format-string(7725) Reference: URL:http://xforce.iss.net/static/7725.php Reference: BID:3732 Reference: URL:http://www.securityfocus.com/bid/3732 Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. INFERRED ACTION: CAN-2001-0879 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0954 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0954 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780146532131&w=2L:1 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B Reference: XF:lotus-domino-database-dos(7684) Reference: URL:http://xforce.iss.net/static/7684.php Reference: BID:3656 Reference: URL:http://www.securityfocus.com/bid/3656 Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. INFERRED ACTION: CAN-2001-0954 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0963 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0963 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml Reference: XF:spoonftp-dot-directory-traversal(7147) Reference: URL:http://xforce.iss.net/static/7147.php Reference: BID:3351 Reference: URL:http://online.securityfocus.com/bid/3351 Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. Modifications: ADDREF BID:3351 INFERRED ACTION: CAN-2001-0963 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0965 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0965 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html Reference: CONFIRM:http://www.glftpd.org/ Reference: BID:3201 Reference: URL:http://www.securityfocus.com/bid/3201 Reference: XF:glftpd-list-dos(7001) Reference: URL:http://www.iss.net/security_center/static/7001.php glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. Modifications: ADDREF XF:glftpd-list-dos(7001) INFERRED ACTION: CAN-2001-0965 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Green, Baker, Cole, Armstrong NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0969 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: FREEBSD:FreeBSD-SA-01:53 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc Reference: XF:ipfw-me-unauthorized-access(7002) Reference: URL:http://xforce.iss.net/static/7002.php Reference: BID:3206 Reference: URL:http://www.securityfocus.com/bid/3206 ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. INFERRED ACTION: CAN-2001-0969 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Green, Baker, Cole, Armstrong NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0973 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0973 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010822 BSCW symlink vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt Reference: CERT-VN:VU#465971 Reference: URL:http://www.kb.cert.org/vuls/id/465971 Reference: BID:3227 Reference: URL:http://online.securityfocus.com/bid/3227 Reference: XF:bscw-extracted-file-symlink(7029) Reference: URL:http://www.iss.net/security_center/static/7029.php BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. Modifications: ADDREF BID:3227 ADDREF CERT-VN:VU#465971 ADDREF XF:bscw-extracted-file-symlink(7029) INFERRED ACTION: CAN-2001-0973 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Green, Baker, Foat, Cole, Armstrong NOOP(1) Wall ====================================================== Candidate: CAN-2001-0980 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0980 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-026.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt Reference: XF:docview-httpd-command-execution(6854) Reference: URL:http://xforce.iss.net/static/6854.php Reference: BID:3052 Reference: URL:http://www.securityfocus.com/bid/3052 docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. INFERRED ACTION: CAN-2001-0980 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Green, Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0982 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0982 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html Reference: AIXAPAR:IY18152 Reference: CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README Reference: XF:tivoli-secureway-dot-directory-traversal(6884) Reference: URL:http://xforce.iss.net/static/6884.php Reference: BID:3080 Reference: URL:http://www.securityfocus.com/bid/3080 Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. INFERRED ACTION: CAN-2001-0982 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Green, Baker, Bollinger, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0987 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html Reference: CONFIRM:http://cgiwrap.sourceforge.net/changes.html Reference: BID:3084 Reference: URL:http://www.securityfocus.com/bid/3084 Reference: XF:cgiwrap-cross-site-scripting(6886) Reference: URL:http://xforce.iss.net/static/6886.php Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. INFERRED ACTION: CAN-2001-0987 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Green, Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0993 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: NETBSD:NetBSD-SA2001-011 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html Reference: XF:bsd-kernel-sendmsg-dos(6908) Reference: URL:http://xforce.iss.net/static/6908.php Reference: BID:3088 Reference: URL:http://www.securityfocus.com/bid/3088 sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. INFERRED ACTION: CAN-2001-0993 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Green, Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0995 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt Reference: URL:http://www.securityfocus.com/archive/1/210349 Reference: MISC:http://www.phprojekt.com/ChangeLog Reference: BID:3239 Reference: URL:http://www.securityfocus.com/bid/3239 Reference: XF:phprojekt-id-modify(7035) Reference: URL:http://xforce.iss.net/static/7035.php PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. INFERRED ACTION: CAN-2001-0995 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Green, Baker, Cole, Armstrong NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0998 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0998 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010924 HACMP and port scans Reference: URL:http://www.securityfocus.com/archive/1/216105 Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability" Reference: URL:http://www.securityfocus.com/archive/1/217910 Reference: AIXAPAR:IY20943 Reference: AIXAPAR:IY17630 Reference: XF:hacmp-portscan-dos(7165) Reference: URL:http://xforce.iss.net/static/7165.php Reference: BID:3358 Reference: URL:http://www.securityfocus.com/bid/3358 IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. INFERRED ACTION: CAN-2001-0998 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Green, Baker, Cole NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1010 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010721 Sambar Web Server pagecount exploit code Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: XF:sambar-pagecount-overwrite-files(6916) Reference: URL:http://xforce.iss.net/static/6916.php Reference: BID:3092 Reference: URL:http://www.securityfocus.com/bid/3092 Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. INFERRED ACTION: CAN-2001-1010 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1011 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html Reference: CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz Reference: BID:3093 Reference: URL:http://www.securityfocus.com/bid/3093 Reference: XF:mambo-phpsessid-gain-privileges(6910) Reference: URL:http://xforce.iss.net/static/6910.php index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. INFERRED ACTION: CAN-2001-1011 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1016 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/211806 Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp Reference: BID:3280 Reference: URL:http://www.securityfocus.com/bid/3280 Reference: XF:pgp-invalid-key-display(7081) Reference: URL:http://xforce.iss.net/static/7081.php PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." INFERRED ACTION: CAN-2001-1016 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1017 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: FREEBSD:FreeBSD-SA-01:59 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc Reference: XF:rmuser-insecure-password-file(7086) Reference: URL:http://xforce.iss.net/static/7086.php Reference: BID:3282 Reference: URL:http://www.securityfocus.com/bid/3282 rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. INFERRED ACTION: CAN-2001-1017 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1020 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010905 directorymanager bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589 Reference: BID:3288 Reference: URL:http://www.securityfocus.com/bid/3288 Reference: XF:directory-manager-execute-commands(7079) Reference: URL:http://xforce.iss.net/static/7079.php edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function. INFERRED ACTION: CAN-2001-1020 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1035 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-078 Reference: URL:http://www.debian.org/security/2001/dsa-078 Reference: BID:3364 Reference: URL:http://www.securityfocus.com/bid/3364 Reference: XF:slrn-decode-script-execution(7166) Reference: URL:http://xforce.iss.net/static/7166.php Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post. INFERRED ACTION: CAN-2001-1035 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1037 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html Reference: XF:cisco-sn-gain-access(6827) Reference: URL:http://xforce.iss.net/static/6827.php Reference: BID:3131 Reference: URL:http://www.securityfocus.com/bid/3131 Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. INFERRED ACTION: CAN-2001-1037 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1038 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html Reference: CIAC:L-112 Reference: URL:http://www.ciac.org/ciac/bulletins/l-112.shtml Reference: XF:cisco-sn-dos(6826) Reference: URL:http://xforce.iss.net/static/6826.php Reference: BID:3014 Reference: URL:http://online.securityfocus.com/bid/3014 Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. Modifications: ADDREF BID:3014 INFERRED ACTION: CAN-2001-1038 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1048 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/ Reference: BID:3387 Reference: URL:http://www.securityfocus.com/bid/3387 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Modifications: ADDREF XF:php-includedir-code-execution(7215) INFERRED ACTION: CAN-2001-1048 FINAL (Final Decision 20020309) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Green NOOP(2) Wall, Foat Voter Comments: Green> CLARIFICATION FROM VENDOR MISSING ====================================================== Candidate: CAN-2001-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1049 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://phorecast.org/ Reference: BID:3388 Reference: URL:http://www.securityfocus.com/bid/3388 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1049 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1054 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952 Reference: BID:3392 Reference: URL:http://www.securityfocus.com/bid/3392 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1054 FINAL (Final Decision 20020309) Current Votes: ACCEPT(3) Baker, Cole, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1056 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html Reference: BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html Reference: BID:3117 Reference: URL:http://www.securityfocus.com/bid/3117 Reference: XF:linux-ipmasqirc-bypass-protection(6923) Reference: URL:http://www.iss.net/security_center/static/6923.php IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. Modifications: ADDREF XF:linux-ipmasqirc-bypass-protection(6923) INFERRED ACTION: CAN-2001-1056 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-ipmasqirc-bypass-protection(6923) ====================================================== Candidate: CAN-2001-1063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1063 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.14 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt Reference: BID:3244 Reference: URL:http://www.securityfocus.com/bid/3244 Reference: XF:unixware-openunix-uidadmin-bo(7036) Reference: URL:http://xforce.iss.net/static/7036.php Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. INFERRED ACTION: CAN-2001-1063 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1067 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html Reference: BUGTRAQ:20010906 AOLserver exploit code Reference: URL:http://www.securityfocus.com/archive/1/213041 Reference: BID:3230 Reference: URL:http://www.securityfocus.com/bid/3230 Reference: XF:aolserver-long-password-dos(7030) Reference: URL:http://xforce.iss.net/static/7030.php Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. INFERRED ACTION: CAN-2001-1067 FINAL (Final Decision 20020309) Current Votes: ACCEPT(4) Wall, Baker, Cole, Green NOOP(2) Foat, Armstrong ====================================================== Candidate: CAN-2001-1075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1075 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html Reference: BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html Reference: XF:cobalt-poprelayd-mail-relay(6806) Reference: URL:http://xforce.iss.net/static/6806.php Reference: BID:2986 Reference: URL:http://www.securityfocus.com/bid/2986 poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. INFERRED ACTION: CAN-2001-1075 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1080 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: IBM:MSS-OAR-E01-2001:225.1 Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt Reference: XF:aix-diagrpt-root-shell(6734) Reference: URL:http://xforce.iss.net/static/6734.php Reference: BID:2916 Reference: URL:http://online.securityfocus.com/bid/2916 diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. Modifications: ADDREF BID:2916 INFERRED ACTION: CAN-2001-1080 FINAL (Final Decision 20020309) Current Votes: ACCEPT(6) Baker, Bollinger, Cole, Armstrong, Frech, Green NOOP(3) Wall, Foat, Christey Voter Comments: Green> Rather vague description, but since vendor acknowledges..... Christey> This is a relatively common problem. The description is sufficiently detailed. ====================================================== Candidate: CAN-2002-0005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005 Final-Decision: 20020309 Interim-Decision: 20020301 Modified: Proposed: 20020131 Assigned: 20020107 Category: SF Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2 Reference: BUGTRAQ:20020102 AIM addendum Reference: URL:http://www.securityfocus.com/archive/1/247944 Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability) Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72 Reference: NTBUGTRAQ:20020102 AIM addendum Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198 Reference: BID:3769 Reference: URL:http://www.securityfocus.com/bid/3769 Reference: XF:aim-game-overflow(7743) Reference: URL:http://xforce.iss.net/static/7743.php Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). INFERRED ACTION: CAN-2002-0005 FINAL (Final Decision 20020309) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Green NOOP(1) Foat
|
||||
