|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-81 - 61 candidates
I am proposing cluster RECENT-81 for review and voting by the Editorial Board. Name: RECENT-81 Description: Candidates announced between 8/2/2001 and 11/2/2001 Size: 61 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1100 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011007 Bug found at W3Mail Webmail Reference: URL:http://www.securityfocus.com/archive/1/218921 Reference: CONFIRM:http://www.w3mail.org/ChangeLog Reference: BID:3673 Reference: URL:http://www.securityfocus.com/bid/3673 Reference: XF:w3mail-metacharacters-command-execution(7230) Reference: URL:http://xforce.iss.net/static/7230.php sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. Analysis ---------------- ED_PRI CAN-2001-1100 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in Version 1.0.3 of the ChangeLog, dated December 4, 2001, the vendor says "Fixed potential security exploit by filtering special metacharacters." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1113 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26 Reference: URL:http://www.securityfocus.com/archive/1/203874 Reference: CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Reference: XF:trollftpd-long-path-bo(6974) Reference: URL:http://xforce.iss.net/static/6974.php Reference: BID:3174 Reference: URL:http://www.securityfocus.com/bid/3174 Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. Analysis ---------------- ED_PRI CAN-2001-1113 1 Vendor Acknowledgement: yes patch ACKNOWLEDGEMENT: the discloser says that a fixed version is at ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz. There is no clear acknowledgement on the web site or in the README file. A look at listdir() in ls.c indicates that snprintf is being used to copy pathnmes. So the question is, was this fix *always* there, or was it just added? Fortunately we can download troll-ftpd-1.26.tar.gz and do a diff between the ls.c files from 1.26 and 1.27... Sure enough, 1.26 used sprintf whereas 1.27 used snprintf. So we have indirect vendor acknowledgement through creation of a patch. QED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1117 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010810 Linksys router security fix Reference: URL:http://www.securityfocus.com/archive/1/203302 Reference: BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port Reference: URL:http://www.securityfocus.com/archive/1/201390 Reference: CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip Reference: XF:linksys-etherfast-reveal-passwords(6949) Reference: URL:http://xforce.iss.net/static/6949.php Reference: BID:3141 Reference: URL:http://www.securityfocus.com/bid/3141 LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. Analysis ---------------- ED_PRI CAN-2001-1117 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: In befsr-fw1402.zip available from the vendor, the notes for version 4.40.2 in ver.txt, dated October 24 2001, says "5. Fixed some time user can see the UI page without password problem" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1118 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable Reference: URL:http://www.securityfocus.com/archive/1/201476 Reference: BUGTRAQ:20010802 FW: Security alert: Remote user can access any file Reference: URL:http://www.securityfocus.com/archive/1/201499 Reference: CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html Reference: BID:3145 Reference: URL:http://www.securityfocus.com/bid/3145 Reference: XF:roxen-urlrectifier-retrieve-files(6937) Reference: URL:http://xforce.iss.net/static/6937.php A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL. Analysis ---------------- ED_PRI CAN-2001-1118 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1119 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#105347 Reference: URL:http://www.kb.cert.org/vuls/id/105347 Reference: SUSE:SuSE-SA:2001:025 Reference: URL:http://www.suse.de/de/support/security/2001_025_xmcd_txt.html Reference: BID:3148 Reference: URL:http://www.securityfocus.com/bid/3148 Reference: XF:xmcd-cda-symlink(6941) Reference: URL:http://xforce.iss.net/static/6941.php cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-1119 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1130 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability Reference: URL:http://www.securityfocus.com/archive/1/201216 Reference: SUSE:SuSE-SA:2001:027 Reference: URL:http://www.suse.de/de/support/security/2001_027_sdb_txt.txt Reference: XF:sdbsearch-cgi-command-execution(7003) Reference: URL:http://xforce.iss.net/static/7003.php Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file. Analysis ---------------- ED_PRI CAN-2001-1130 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1132 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: CONECTIVA:CLA-2001:420 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 Reference: XF:mailman-blank-passwords(7091) Reference: URL:http://xforce.iss.net/static/7091.php Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. Analysis ---------------- ED_PRI CAN-2001-1132 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1147 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011008 pam_limits.so Bug!! Reference: URL:http://www.securityfocus.com/archive/1/219175 Reference: REDHAT:RHSA-2001:132 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-132.html Reference: MANDRAKE:MDKSA-2001:084 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3 Reference: SUSE:SuSE-SA:2001:034 Reference: URL:http://www.suse.de/de/support/security/2001_034_shadow_txt.txt Reference: CIAC:M-009 Reference: URL:http://www.ciac.org/ciac/bulletins/m-009.shtml Reference: BID:3415 Reference: URL:URL:http://www.securityfocus.com/bid/3415 Reference: XF:utillinux-pamlimits-gain-privileges(7266) Reference: URL:http://www.iss.net/security_center/static/7266.php The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. Analysis ---------------- ED_PRI CAN-2001-1147 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1153 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CALDERA:CSSA-2001-SCO.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0391.html Reference: XF:openunix-lpsystem-bo(7041) Reference: URL:http://www.iss.net/security_center/static/7041.php Reference: BID:3248 Reference: URL:http://online.securityfocus.com/bid/3248 lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-1153 1 Vendor Acknowledgement: yes advisory The advisory describes behavior indicating a buffer overflow; hence, my choice given our limited time constraints. A long argument causes lpsystem to have a segmentation violation. Unfortunately this url does not get me there: ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.15/, so I contented myself with the neohapsis archive reference. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1155 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: FREEBSD:FreeBSD-SA-01:56 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. Analysis ---------------- ED_PRI CAN-2001-1155 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1166 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: FREEBSD:FreeBSD-SA-01:55 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc Reference: XF:linprocfs-process-memory-leak(7017) Reference: URL:http://www.iss.net/security_center/static/7017.php Reference: BID:3217 Reference: URL:http://www.securityfocus.com/bid/3217 linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. Analysis ---------------- ED_PRI CAN-2001-1166 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1089 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01 Reference: URL:http://www.securityfocus.com/archive/1/213331 Reference: BID:3314 Reference: URL:http://www.securityfocus.com/bid/3314 Reference: XF:postgresql-nss-authentication-modules(7111) Reference: URL:http://xforce.iss.net/static/7111.php libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. Analysis ---------------- ED_PRI CAN-2001-1089 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1095 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23401 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflow in uuq in AIX 4 could alllow local users to execute arbitrary code via a long -r parameter. Analysis ---------------- ED_PRI CAN-2001-1095 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1096 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23402 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. Analysis ---------------- ED_PRI CAN-2001-1096 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1099 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/212724 Reference: BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/213762 Reference: XF:nav-exchange-reveal-information(7093) Reference: URL:http://xforce.iss.net/static/7093.php Reference: BID:3305 Reference: URL:http://www.securityfocus.com/bid/3305 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. Analysis ---------------- ED_PRI CAN-2001-1099 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1116 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NTBUGTRAQ:20010802 Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71 Reference: NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724 Reference: XF:dentix-biologon-auth-bypass(6948) Reference: URL:http://xforce.iss.net/static/6948.php Reference: BID:3140 Reference: URL:http://www.securityfocus.com/bid/3140 Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. Analysis ---------------- ED_PRI CAN-2001-1116 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1149 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: VULN-DEV:20010821 RE: Bug report -- Incident number 240649 Reference: URL:http://www.securityfocus.com/archive/82/209328 Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. Analysis ---------------- ED_PRI CAN-2001-1149 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1090 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01 Reference: URL:http://www.securityfocus.com/archive/1/213331 Reference: BID:3315 Reference: URL:http://www.securityfocus.com/bid/3315 Reference: XF:postgresql-nss-authentication-modules(7111) Reference: URL:http://xforce.iss.net/static/7111.php nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. Analysis ---------------- ED_PRI CAN-2001-1090 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1091 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NETBSD:NetBSD-SA2001-014 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc Reference: XF:bsd-dump-tty-privileges(7037) Reference: URL:http://xforce.iss.net/static/7037.php The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. Analysis ---------------- ED_PRI CAN-2001-1091 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1092 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213238 Reference: CERT-VN:VU#440539 Reference: URL:http://www.kb.cert.org/vuls/id/440539 Reference: BID:3320 Reference: URL:http://www.securityfocus.com/bid/3320 Reference: XF:du-msgchk-symlink(7102) Reference: URL:http://xforce.iss.net/static/7102.php msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. Analysis ---------------- ED_PRI CAN-2001-1092 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1093 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213238 Reference: XF:du-msgchk-bo(7101) Reference: URL:http://xforce.iss.net/static/7101.php Reference: BID:3311 Reference: URL:http://www.securityfocus.com/bid/3311 Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-1093 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1094 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4 Reference: URL:http://www.securityfocus.com/archive/1/213516 Reference: BID:3321 Reference: URL:http://www.securityfocus.com/bid/3321 Reference: XF:netop-school-bypass-authentication(7120) Reference: URL:http://xforce.iss.net/static/7120.php NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. Analysis ---------------- ED_PRI CAN-2001-1094 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html Reference: XF:cisco-pfm-plaintext-password(7265) Reference: URL:http://xforce.iss.net/static/7265.php Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. Analysis ---------------- ED_PRI CAN-2001-1098 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1101 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1101 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010908 Bug in remote GUI access in CheckPoint Firewall Reference: URL:http://www.securityfocus.com/archive/1/212826 Reference: XF:fw1-log-file-overwrite(7095) Reference: URL:http://xforce.iss.net/static/7095.php Reference: BID:3303 Reference: URL:http://www.securityfocus.com/bid/3303 The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-1101 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1102 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010908 Bug in compile portion for older versions of CheckPoint Firewalls Reference: URL:http://www.securityfocus.com/archive/1/212824 Reference: XF:fw1-tmp-file-symlink(7094) Reference: URL:http://xforce.iss.net/static/7094.php Reference: BID:3300 Reference: URL:http://www.securityfocus.com/bid/3300 Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. Analysis ---------------- ED_PRI CAN-2001-1102 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1105 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CIAC:L-141 Reference: URL:http://www.ciac.org/ciac/bulletins/l-141.shtml Reference: CISCO:20010912 Vulnerable SSL Implementation in iCDN Reference: URL:http://www.cisco.com/warp/public/707/SSL-J-pub.html Reference: CONFIRM:http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html Reference: BID:3329 Reference: URL:http://www.securityfocus.com/bid/3329 Reference: XF:bsafe-ssl-bypass-authentication(7112) Reference: URL:http://xforce.iss.net/static/7112.php RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. Analysis ---------------- ED_PRI CAN-2001-1105 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1109 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213647 Reference: MISC:http://www.eftp.org/releasehistory.html Reference: XF:eftp-list-directory-traversal(7113) Reference: URL:http://xforce.iss.net/static/7113.php Reference: XF:eftp-quote-reveal-information(7114) Reference: URL:http://xforce.iss.net/static/7114.php Reference: BID:3331 Reference: URL:http://www.securityfocus.com/bid/3331 Reference: BID:3333 Reference: URL:http://www.securityfocus.com/bid/3333 Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. Analysis ---------------- ED_PRI CAN-2001-1109 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: possible ack in the release history for 2001.12.04: "Fixed some security flaws with directory listings." However, this is not clear enough to be absolutely certain. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1110 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213647 EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. Analysis ---------------- ED_PRI CAN-2001-1110 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1111 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213647 Reference: XF:eftp-plaintext-password(7116) Reference: URL:http://xforce.iss.net/static/7116.php Reference: BID:3332 Reference: URL:http://www.securityfocus.com/bid/3332 EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. Analysis ---------------- ED_PRI CAN-2001-1111 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1112 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/213647 Reference: BID:3330 Reference: URL:http://www.securityfocus.com/bid/3330 Reference: XF:eftp-lnk-bo(7115) Reference: URL:http://xforce.iss.net/static/7115.php Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. Analysis ---------------- ED_PRI CAN-2001-1112 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1114 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010813 NetCode NC Book 0.2b remote command execution vulnerability Reference: URL:http://www.securityfocus.com/archive/1/204094 Reference: XF:netcode-book-pipes-command(6986) Reference: URL:http://xforce.iss.net/static/6986.php Reference: BID:3178 Reference: URL:http://www.securityfocus.com/bid/3178 book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. Analysis ---------------- ED_PRI CAN-2001-1114 3 Vendor Acknowledgement: unknown foreign ACKNOWLEDGEMENT: Ack unknown ... can't read Russian: URL:http://www.lgg.ru/ Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1115 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010813 SIX-webboard 2.01 "show files" vulnerability Reference: URL:http://www.securityfocus.com/archive/1/204053 Reference: XF:sixwebboard-dot-directory-traversal(6975) Reference: URL:http://xforce.iss.net/static/6975.php Reference: BID:3175 Reference: URL:http://www.securityfocus.com/bid/3175 generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. Analysis ---------------- ED_PRI CAN-2001-1115 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1122 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010803 REPOST: A damaging local DoS in WinNT SP6a Reference: URL:http://www.securityfocus.com/archive/1/201722 Reference: XF:winnt-nt4all-dos(6943) Reference: URL:http://xforce.iss.net/static/6943.php Reference: BID:3144 Reference: URL:http://www.securityfocus.com/bid/3144 Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. Analysis ---------------- ED_PRI CAN-2001-1122 3 Vendor Acknowledgement: unknown Content Decisions: INCLUSION INCLUSION: the poster indicates that the user must have write access to winnt/system32 to exploit this. If such permissions are sufficient for a user to gain privileges *anyway* (e.g. by replacing a critical DLL), then there are no additional privileges or benefits gained beyond that which is already available to the user, and perhaps this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1123 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: HP:HPSBUX0110-170 Reference: URL:http://www.securityfocus.com/advisories/3585 Reference: HP:HPSBUX0112-177 Reference: URL:http://www.securityfocus.com/advisories/3723 Reference: BID:3399 Reference: URL:http://www.securityfocus.com/bid/3399 Reference: XF:openview-nmm-gain-privileges(7222) Reference: URL:http://xforce.iss.net/static/7222.php Reference: CERT-VN:VU#782155 Reference: URL:http://www.kb.cert.org/vuls/id/782155 Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. Analysis ---------------- ED_PRI CAN-2001-1123 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: It is uncertain why there are two separate HP advisories that appear to include the same patches and describe the same issue. The later advisory has no reference to the earlier one. There is a possibility that there are 2 separate issues here, but it's too hard to tell. MISC: The patch documentation provides slightly more details on the problem. See "PHSS_24842:" in URL:http://support.openview.hp.com/load.jsp?type=ov_patch&name=PHSS_25742 Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1124 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: HP:HPSBUX0110-169 Reference: URL:http://www.securityfocus.com/advisories/3586 Reference: CIAC:M-003 Reference: URL:http://www.ciac.org/ciac/bulletins/m-003.shtml Reference: XF:hp-rpcbind-dos(7221) Reference: URL:http://xforce.iss.net/static/7221.php Reference: BID:3400 Reference: URL:http://www.securityfocus.com/bid/3400 rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. Analysis ---------------- ED_PRI CAN-2001-1124 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE The HP advisory is vague about the cause of the problem, but the BID suggest that it may be due to an overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1125 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011005 Symantec LiveUpdate attacks Reference: URL:http://www.securityfocus.com/archive/1/218717 Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html Reference: BID:3403 Reference: URL:http://www.securityfocus.com/bid/3403 Reference: XF:liveupdate-host-verification(7235) Reference: URL:http://xforce.iss.net/static/7235.php Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. Analysis ---------------- ED_PRI CAN-2001-1125 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in the same version, which would suggest combining the code execution and DoS problems because both are due to an issue with DNS spoofing. However, the DoS issue still exists in 1.6 whereas the code execution does not, so CD:SF-LOC further suggests a SPLIT because there is a problem that appears in one version but not another. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1126 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011005 Symantec LiveUpdate attacks Reference: URL:http://www.securityfocus.com/archive/1/218717 Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html Reference: XF:liveupdate-host-verification(7235) Reference: URL:http://xforce.iss.net/static/7235.php Reference: BID:3413 Reference: URL:http://www.securityfocus.com/bid/3413 Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. Analysis ---------------- ED_PRI CAN-2001-1126 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in the same version, which would suggest combining the code execution and DoS problems because both are due to an issue with DNS spoofing. However, the DoS issue still exists in 1.6 whereas the code execution does not, so CD:SF-LOC further suggests a SPLIT because there is a problem that appears in one version but not another. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1127 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011005 Progress Database vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/218833 Reference: BID:3404 Reference: URL:http://www.securityfocus.com/bid/3404 Reference: XF:progress-strcpy-bo(7236) Reference: URL:http://xforce.iss.net/static/7236.php Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. Analysis ---------------- ED_PRI CAN-2001-1127 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: CD:SF-LOC suggests that if problems of the same type appear in different versions, they should be SPLIT. According to the discloser, the buffer overflows in PROMSGS/PROTERMCAP files were fixed, whereas the _proapsv/_mprosrv/etc. executables were not. These problems appear in different versions, so they should be SPLIT even though they are the same type of issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1128 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011008 Progress TERM (protermcap) overflows and PROMSGS overflows Reference: URL:http://www.securityfocus.com/archive/1/219174 Reference: XF:progress-protermcap-bo(7264) Reference: URL:http://xforce.iss.net/static/7264.php Reference: BID:3414 Reference: URL:http://www.securityfocus.com/bid/3414 Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. Analysis ---------------- ED_PRI CAN-2001-1128 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that if problems of the same type appear in different versions, they should be SPLIT. According to the discloser, the buffer overflows in PROMSGS/PROTERMCAP files were fixed, whereas the _proapsv/_mprosrv/etc. executables were not. These problems appear in different versions, so they should be SPLIT even though they are the same type of issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1129 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011102 Progres Databse PROMSGS Format strings issue. Reference: URL:http://www.securityfocus.com/archive/1/224395 Reference: BID:3502 Reference: URL:http://www.securityfocus.com/bid/3502 Reference: XF:progress-promsgs-format-string(7457) Reference: URL:http://xforce.iss.net/static/7457.php Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. Analysis ---------------- ED_PRI CAN-2001-1129 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1131 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: MISC:http://www.securiteam.com/windowsntfocus/5RP0L0055O.html Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command. Analysis ---------------- ED_PRI CAN-2001-1131 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1133 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1133 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010821 BSDi (3.0/3.1) reboot machine code as any user (non-specific) Reference: URL:http://www.securityfocus.com/archive/1/209192 Reference: XF:bsd-kernel-dos(7023) Reference: URL:http://www.iss.net/security_center/static/7023.php Reference: BID:3220 Reference: URL:http://www.securityfocus.com/bid/3220 Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions. Analysis ---------------- ED_PRI CAN-2001-1133 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1134 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1134 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010720 Re: Two birds with one worm Reference: URL:http://www.securityfocus.com/archive/1/198381 Reference: BUGTRAQ:20010809 Xerox N40 printers and Code Red worm Reference: URL:http://www.securityfocus.com/archive/1/203025 Reference: XF:xerox-docuprint-dos(6976) Reference: URL:http://www.iss.net/security_center/static/6976.php Reference: BID:3170 Reference: URL:http://online.securityfocus.com/bid/3170 Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. Analysis ---------------- ED_PRI CAN-2001-1134 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1135 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/204439 Reference: BUGTRAQ:20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password Reference: URL:http://www.securityfocus.com/archive/1/203592 Reference: BUGTRAQ:20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password Reference: URL:http://www.securityfocus.com/archive/1/203022 Reference: BUGTRAQ:20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network Reference: URL:http://www.securityfocus.com/archive/1/214971 Reference: BID:3346 Reference: URL:http://www.securityfocus.com/bid/3346 Reference: XF:prestige-wan-bypass-filter(7146) Reference: URL:http://xforce.iss.net/static/7146.php ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. Analysis ---------------- ED_PRI CAN-2001-1135 3 Vendor Acknowledgement: unknown discloser-claimed Vendor acknowledgment not found on vendor site. However discloser claimed contact and an attempt to fix the problem: http://www.securityfocus.com/archive/1/204439 Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1136 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: HP:HPSBUX0109-166 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0063.html Reference: CIAC:L-143 Reference: URL:http://www.ciac.org/ciac/bulletins/l-143.shtml Reference: XF:hp-virtualvault-libsecurity-dos(7124) Reference: URL:http://xforce.iss.net/static/7124.php Reference: BID:3338 Reference: URL:http://online.securityfocus.com/bid/3338 The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2001-1136 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE INCLUSION: CD:VAGUE states that an issue that is identified by a vague vendor advisory should be included in CVE, despite the risks of introducing inaccuracy. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1137 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010906 Malformed Fragmented Packets DoS Dlink Firewall/Routers Reference: URL:http://www.securityfocus.com/archive/1/212532 Reference: XF:dlink-fragmented-packet-dos(7090) Reference: URL:http://xforce.iss.net/static/7090.php Reference: BID:3306 Reference: URL:http://online.securityfocus.com/bid/3306 D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. Analysis ---------------- ED_PRI CAN-2001-1137 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1138 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010907 *** Security Advisory *** Power UP HTML Reference: URL:http://www.securityfocus.com/archive/1/212679 Reference: BID:3304 Reference: URL:http://www.securityfocus.com/bid/3304 Reference: XF:powerup-rcgi-directory-traversal(7092) Reference: URL:http://xforce.iss.net/static/7092.php Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. Analysis ---------------- ED_PRI CAN-2001-1138 3 Vendor Acknowledgement: unknown Content Decisions: EX-BETA INCLUSION: CD:EX-BETA suggests that beta versions of programs should be excluded from CVE, unless they are "permanent" beta. In this case, the program has been available on the web site since August 16, 2000, which should be close enough to "permanent" for inclusion in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1139 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010822 [SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/209414 Reference: MISC:http://www.tsc.ant.co.jp/products/download.htm Reference: BID:3219 Reference: URL:http://www.securityfocus.com/bid/3219 Reference: XF:winwrapper-dot-directory-traversal(7015) Reference: URL:http://www.iss.net/security_center/static/7015.php Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request. Analysis ---------------- ED_PRI CAN-2001-1139 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: acknowledgement cannot be determined because the product web pages are in Japanese. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1140 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010822 -- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory ] -- Reference: URL:http://www.securityfocus.com/archive/1/209545 Reference: XF:badblue-file-source-disclosure (7021) Reference: URL:http://xforce.iss.net/static/7021.php Reference: BID:3222 Reference: URL:http://www.securityfocus.com/bid/3222 BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. Analysis ---------------- ED_PRI CAN-2001-1140 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1150 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote Reference: URL:http://www.securityfocus.com/archive/1/209375 Reference: BUGTRAQ:20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/210087 Reference: BID:3216 Reference: URL:http://www.securityfocus.com/bid/3216 Reference: XF:officescan-iuser-read-files(7014) Reference: URL:http://www.iss.net/security_center/static/7014.php Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2001-1150 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1151 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition) Reference: URL:http://www.securityfocus.com/archive/1/220666 Reference: MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318 Reference: XF:officescan-config-file-access(7286) Reference: URL:http://xforce.iss.net/static/7286.php Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. Analysis ---------------- ED_PRI CAN-2001-1151 3 Vendor Acknowledgement: unknown foreign Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1152 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010905 Various problems in Baltimore WebSweeper URL filtering Reference: URL:http://www.securityfocus.com/archive/1/212283 Reference: MISC:http://www.mimesweeper.com/support/technotes/notes/1043.asp Reference: BID:3296 Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296 Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. Analysis ---------------- ED_PRI CAN-2001-1152 3 Vendor Acknowledgement: no disputed Content Decisions: SECTOOL-DESIGN INCLUSION: The tech note by the vendor states that "It is not practical to use WEBsweeper to manage blacklists. WEBsweeper's primary function is content analysis of a web traffic and is not designed as a URL blocker." Since the software is not being used for its advertised purposes, perhaps this issue should not be included in CVE. ABSTRACTION: A similar vulnerability is described in CAN-2001-1026, but for that one, URL filtering is explicitly listed as a feature of that product. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1154 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2 Reference: URL:http://www.securityfocus.com/archive/1/211056 Reference: BID:3260 Reference: URL:http://www.securityfocus.com/bid/3260 Reference: XF:cyrus-imap-php-dos(7053) Reference: URL:http://xforce.iss.net/static/7053.php Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. Analysis ---------------- ED_PRI CAN-2001-1154 3 Vendor Acknowledgement: no search-failed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1156 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011008 [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/219167 Reference: CONFIRM:http://membres.lycos.fr/typsoft/eng/history.html Reference: BID:3409 Reference: URL:http://www.securityfocus.com/bid/3409 Reference: XF:typsoft-ftp-retr-stor-dos(7247) Reference: URL:http://www.iss.net/security_center/static/7247.php TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. Analysis ---------------- ED_PRI CAN-2001-1156 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the Typsoft history file, obtained from the "history" button on the vendor's home page, includes a description for 0.97: "Fix a Security bug can cause the server to crash when an User do RETR ../../*" The home page indicates that this version was created around March 1, 2002, assuming "Mars" in French is March. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1157 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010812 Various problems in Baltimore's WEBSweeper Script filter ing Reference: URL:http://www.securityfocus.com/archive/1/203821 Reference: BID:3172 Reference: URL:http://www.securityfocus.com/bid/3172 Reference: BID:3173 Reference: URL:http://www.securityfocus.com/bid/3173 Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. Analysis ---------------- ED_PRI CAN-2001-1157 3 Vendor Acknowledgement: unknown Content Decisions: SECTOOL-DESIGN, SF-LOC INCLUSION/ABSTRACTION: Similar to the Ptacek/Newsham paper on IDS limitations, this particular attack seems to take advantage of peculiar behavior of end systems (in this case, web clients that are "forgiving" of malformed HTML), which could be regarded as a design limitation of all tools of this type. Therefore, it should be considered whether a problem of this type should be included in CVE, and if so, whethere there should be a single item for the general limitation regardless of the number of vendors/products, or multiple items, one for each product. This is the basis of a new CVE content decision, CD:SECTOOL-DESIGN. ABSTRACTION: It could be argued that the malformed SCRIPT tags and Unicode encodings are different types of problems; thus if CD:SECTOOL-DESIGN is resolved one way or another, Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1165 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: MISC:http://www.securemac.com/fileguard.php#disengage Reference: XF:fileguard-weak-password-encryption(7018) Reference: URL:http://www.iss.net/security_center/static/7018.php Reference: BID:3213 Reference: URL:http://www.securityfocus.com/bid/3213 Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool. Analysis ---------------- ED_PRI CAN-2001-1165 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: An email inquiry was sent to the vendor, who either did not understand the problem, or did not read the securemac.com post carefully. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1167 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: unknown Reference: HP:HPSBUX0108-165 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html Vulnerability in /opt/prm/bin of HP Process Resource Manager (PRM) C.01.08.2 and earlier allows local users to gain root privileges by altering libraries or environment variables. Analysis ---------------- ED_PRI CAN-2001-1167 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE INCLUSION: CD:VAGUE states that if a vendor acknowledges or publicizes an issue and says it's security related, but the vendor is vague about the details, it should still be included. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1168 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1168 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010829 eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0408.html Reference: BUGTRAQ:20010830 Re: eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0418.html Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter. Analysis ---------------- ED_PRI CAN-2001-1168 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1169 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010902 S/Key keyinit(1) authentication (lack thereof) + sudo(1) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. Analysis ---------------- ED_PRI CAN-2001-1169 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: Followup posts indicate that if an attacker has gained privileges as a user, then the attacker could accomplish the same results with other methods that don't require S/Key, such as keyboard logging. So there is some question as to whether this gains any additional privileges beyond that which is available by breaking into the account. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1170 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010929 Vulnerability in Amtote International homebet self service wagering system. Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=217373&start=2001-09-27&end=2001-10-03 Reference: BID:3370 Reference: URL:http://www.securityfocus.com/bid/3370 Reference: XF:homebet-view-logfile(7186) Reference: URL:http://xforce.iss.net/static/7186.php AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers. Analysis ---------------- ED_PRI CAN-2001-1170 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1171 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010907 Bug in compile portion for older versions of CheckPoint Firewalls Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0046.html Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy. Analysis ---------------- ED_PRI CAN-2001-1171 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
