[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-82 - 44 candidates

I am proposing cluster RECENT-82 for review and voting by the
Editorial Board.

Name: RECENT-82
Description: Candidates announced between 12/8/2001 and 12/31/2001
Size: 44

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-1193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1193
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011213 EFTP 2.0.8.346 directory content disclosure
Reference: URL:http://www.securityfocus.com/archive/1/245393
Reference: CONFIRM:http://www.eftp.org/releasehistory.html
Reference: BID:3691
Reference: URL:http://www.securityfocus.com/bid/3691

Directory traversal vulnerability in EFTP 2.0.8.346 allows local users
to read directories via a ... (modified dot dot) in the CWD command.

Analysis
----------------
ED_PRI CAN-2001-1193 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: In the release history, the entry for version
2.0.8.347, dated December 12, says "Fixed a security flaw where users
could inadvertantly change directory by changing to '...'"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1199
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/246044
Reference: CONFIRM:http://www.agoracgi.com/security.html
Reference: BID:3702
Reference: URL:http://www.securityfocus.com/bid/3702
Reference: XF:agora-cgi-css(7708)
Reference: URL:http://www.iss.net/security_center/static/7708.php

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through
4.0g, when debug mode is enabled, allows remote attackers to execute
Javascript on other clients via the cart_id parameter.

Analysis
----------------
ED_PRI CAN-2001-1199 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The Agoracgi security page says "The Cross-Site
Scripting vulnerability demonstrations (erroneously described as
running on 3.x stores) don't work with this patch installed...  No
store version 3.0a through 4.0g should run without [this patch]"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1201
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011217 New Advisory + Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100863301405266&w=2
Reference: BUGTRAQ:20011218 wmcube-gdk is vulnerable to a local exploit
Reference: URL:http://online.securityfocus.com/archive/1/246273
Reference: CONFIRM:http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz
Reference: BID:3706
Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3706
Reference: XF:wmcubegdk-object-file-bo(7720)
Reference: URL:http://www.iss.net/security_center/static/7720.php

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users
to execute arbitrary code via long lines in the object description
file.

Analysis
----------------
ED_PRI CAN-2001-1201 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the CHANGES file in wmcube-gdk-0.98p2.tar.gz includes
an entry dated 20011218, stating "drop kmem priviliges on FreeBSD
after opening kvm."  Given the timing of this file relative to the
Bugtraq announcement, and the fact that it would fix the issue being
discussed in this item, there is sufficient acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: DEBIAN:DSA-095
Reference: URL:http://www.debian.org/security/2001/dsa-095

Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18
allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-2001-1203 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1215
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011220 [CERT-intexxia] pfinger Format String Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/246656
Reference: CONFIRM:http://www.xelia.ch/unix/pfinger/ChangeLog
Reference: XF:pfinger-plan-format-string(7742)
Reference: URL:http://www.iss.net/security_center/static/7742.php
Reference: BID:3725
Reference: URL:http://online.securityfocus.com/bid/3725

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows
remote attackers to execute arbitrary code via format string
specifiers in a .plan file.

Analysis
----------------
ED_PRI CAN-2001-1215 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: in the Change Log, the entry dated 2001-12-19 says
"Security Fix: Malicious local user could induce a bad format string"
and credits the disclosers.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0057
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: BUGTRAQ:20011214 MSIE6 can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
Reference: BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366383408821&w=2
Reference: MS:MS02-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-008.asp
Reference: BID:3699
Reference: URL:http://online.securityfocus.com/bid/3699

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not
properly handle IE Security Zone settings, which allows remote
attackers to read arbitrary files by specifying a local file as an XML
Data Source.

Analysis
----------------
ED_PRI CAN-2002-0057 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011208 Winsock RSHD/NT 2.20.00 CPU overusage when invalid data is send
Reference: URL:http://www.securityfocus.com/archive/1/244580
Reference: BUGTRAQ:20011213 WRSHDNT 2.21.00 CPU overusage
Reference: URL:http://online.securityfocus.com/archive/1/245405
Reference: CONFIRM:http://www.denicomp.com/rshdnt.htm
Reference: XF:winsock-rshdnt-error-dos(7694)
Reference: URL:http://www.iss.net/security_center/static/7694.php
Reference: BID:3659
Reference: URL:http://www.securityfocus.com/bid/3659

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows
remote attackers to cause a denial of service (CPU consumption) via
(1) in 2.20.00 and earlier, an invalid port number such as a negative
number, which causes a connection attempt to that port and all ports
below 1024, and (2) in 2.21.00, a port number of 1024.

Analysis
----------------
ED_PRI CAN-2001-1184 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The comments for version 2.21.00 in the changelog
say: "If a malicious user wrote an rsh-like client that sent a
negative number as the stderr port, the wrshdsp.exe process would go
into a loop for a long period, eating up CPU cycles."
ABSTRACTION: The vendor did not completely fix the original problem,
so the 2 separate attack scenarios are merged into a single item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011210 AIO vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/244583
Reference: XF:bsd-aio-overwrite-memory(7693)
Reference: URL:http://www.iss.net/security_center/static/7693.php
Reference: BID:3661
Reference: URL:http://www.securityfocus.com/bid/3661

Some AIO operations in FreeBSD 4.4 may be delayed until after a call
to execve, which could allow a local user to overwrite memory of the
new process and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1185 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug.
Reference: URL:http://www.securityfocus.com/archive/1/244892
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack
Reference: URL:http://online.securityfocus.com/archive/1/244931
Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved)
Reference: URL:http://online.securityfocus.com/archive/1/245100
Reference: BID:3667
Reference: URL:http://www.securityfocus.com/bid/3667
Reference: XF:iis-false-content-length-dos(7691)
Reference: URL:http://www.iss.net/security_center/static/7691.php

Microsoft IIS 5.0 allows remote attackers to cause a denial of service
via an HTTP request with a content-length value that is larger than
the size of the request, which prevents IIS from timing out the
connection.

Analysis
----------------
ED_PRI CAN-2001-1186 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1187
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011211 CSVForm (Perl CGI) Remote Execution Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/244908
Reference: BID:3668
Reference: URL:http://online.securityfocus.com/bid/3668
Reference: XF:csvform-cgi-execute-commands(7692)
Reference: URL:http://www.iss.net/security_center/static/7692.php

csvform.pl 0.1 allows remote attackers to execute arbitrary commands
via metacharacters in the file parameter.

Analysis
----------------
ED_PRI CAN-2001-1187 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011211 SPAMMERS DELIGHT: as feeble as feeble can be
Reference: URL:http://www.securityfocus.com/archive/1/244909
Reference: BID:3669
Reference: URL:http://www.securityfocus.com/bid/3669

mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote
attackers to send SPAM e-mail through remote servers by modifying the
sendto, email, server, subject, and resulturl hidden form fields.

Analysis
----------------
ED_PRI CAN-2001-1188 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011213 IBM WebSphere on UNIX security alert !
Reference: URL:http://www.securityfocus.com/archive/1/245324
Reference: BID:3682
Reference: URL:http://www.securityfocus.com/bid/3682
Reference: XF:websphere-java-plaintext-passwords(7698)
Reference: URL:http://www.iss.net/security_center/static/7698.php

IBM Websphere Application Server 3.5.3 and earlier stores a password
in cleartext in the sas.server.props file, which allows local users to
obtain the passwords via a JSP script.

Analysis
----------------
ED_PRI CAN-2001-1189 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category:
Reference: MANDRAKE:MDKSA-2001:091
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-091.php3
Reference: BID:3683
Reference: URL:http://www.securityfocus.com/bid/3683
Reference: XF:linux-passwd-weak-encryption(7706)
Reference: URL:http://www.iss.net/security_center/static/7706.php

The default PAM files included with passwd in Mandrake Linux 8.1 do
not support MD5 passwords, which could result in a lower level of
password security than intended.

Analysis
----------------
ED_PRI CAN-2001-1190 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

INCLUSION: The advisory is not clear about the specific ramifications
of the default PAM files.  However, since this came from a vendor
advisory, CD:VAGUE suggests that it should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1191
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011211 Webseal 3.8
Reference: URL:http://www.securityfocus.com/archive/1/245283
Reference: BID:3685
Reference: URL:http://www.securityfocus.com/bid/3685

WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote
attackers to cause a denial of service (crash) via a URL that ends in
%2e.

Analysis
----------------
ED_PRI CAN-2001-1191 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CVE-2001-0982 describes a directory traversal issue in
WebSEAL, related to %2e.  It seems likely that in attempting to fix
that problem, the vendor introduced a new type of issue.  Since
CD:SF-LOC suggests splitting problems of different types, this item
should be separated from CVE-2001-0982.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1192
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011213 Kikkert Security Advisory: Potentially serious security flaw in Citrix Client
Reference: URL:http://www.securityfocus.com/archive/1/245342
Reference: BID:3688
Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3688

Citrix Independent Computing Architecture (ICA) Client for Windows 6.1
allows remote malicious web sites to execute arbitrary code via a.ICA
file, which is downloaded and automatically executed by the client.

Analysis
----------------
ED_PRI CAN-2001-1192 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1194
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
Reference: URL:http://www.securityfocus.com/archive/1/245498
Reference: BUGTRAQ:20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
Reference: URL:http://www.securityfocus.com/archive/1/246182
Reference: BID:3695
Reference: URL:http://www.securityfocus.com/bid/3695

Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to
cause a denial of service via malformed packets with (1) an IP length
less than actual packet size, or (2) fragmented packets whose size
exceeds 64 kilobytes after reassembly.

Analysis
----------------
ED_PRI CAN-2001-1194 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1195
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011215 Novell Groupwise servlet gateway default username and password
Reference: URL:http://www.securityfocus.com/archive/1/245871
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm
Reference: XF:groupwise-servlet-manager-default(7701)
Reference: URL:http://www.iss.net/security_center/static/7701.php
Reference: BID:3697
Reference: URL:http://online.securityfocus.com/bid/3697

Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a
default username and password for the servlet manager, which allows
remote attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1195 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

ACKNOWLEGDEMENT: The Novell acknowledgement is only for 5.5.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1196
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011217 webmin 0.91 ../.. problem
Reference: URL:http://www.securityfocus.com/archive/1/245980
Reference: BUGTRAQ:20011218 Re: webmin 0.91 ../.. problem
Reference: URL:http://marc.theaimsgroup.com/?l=webmin-l&m=100865390306103&w=2
Reference: BID:3698
Reference: URL:http://www.securityfocus.com/bid/3698
Reference: XF:webmin-dot-directory-traversal(7711)
Reference: URL:http://www.iss.net/security_center/static/7711.php

Directory traversal vulnerability in edit_action.cgi of Webmin
Directory 0.91 allows attackers to gain privileges via a '..' (dot
dot) in the argument.

Analysis
----------------
ED_PRI CAN-2001-1196 3
Vendor Acknowledgement: no disputed

INCLUSION: the vendor claims that root privileges are already required
to edit bootup actions.  If so, then the attacker does not gain any
privileges beyond what they already have, so it would not be a
vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1197
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011214 klprfax_filter symlink vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/245500
Reference: BUGTRAQ:20011214 Re: klprfax_filter symlink vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100837486611350&w=2
Reference: BID:3694
Reference: URL:http://www.securityfocus.com/bid/3694

klprfax_filter in KDE2 KDEUtils allows local users to overwrite
arbitrary files via a symlink attack on the klprfax.filter temporary
file.

Analysis
----------------
ED_PRI CAN-2001-1197 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1198
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011215 HP-UX setuid rlpdaemon induced to make illicit file writes
Reference: URL:http://www.securityfocus.com/archive/1/245690
Reference: BID:3701
Reference: URL:http://www.securityfocus.com/bid/3701
Reference: XF:hp-rlpd-create-log(7729)
Reference: URL:http://www.iss.net/security_center/static/7729.php

RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite
arbitrary files and gain privileges by specifying the target file in
the -L option.

Analysis
----------------
ED_PRI CAN-2001-1198 3
Vendor Acknowledgement: unknown vague
Content Decisions: VAGUE

ABSTRACTION: This sounds similar to CAN-2001-0817, but the ISS/HP
advisories for that item are vague.  However, CAN-2001-0817 was
remotely exploitable.  For this example, it's locally exploitable, and
it doesn't seem like a remote attacker would be able to specify
alternate log files.  Assuming that's true, then by CD:SF-LOC, this
issue should be treated differently.  In addition, ISS has created
separate XF references for this issue; their "inside knowledge" of
CAN-2001-0817 would therefore suggest further that these are different
issues.
The discloser for this issue says that HPSBUX0111-176 fixes this
problem, but it's uncertain whether the discloser is *assuming* it's
been fixed because rlpdaemon is mentioned in the advisory.  The issue
is that HPSBUX0111-176 is too vague, and in fact only alludes to "a"
vulnerability (i.e., one problem), assumably the ISS one.  However,
the discloser did say that they notified HP on August 8, which could
have allowed HP time to fix this problem in HPSBUX0111-176.
This is an interesting demonstration of the impact of vague advisories
on *other* issues that aren't vaguely described.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP
Reference: URL:http://www.securityfocus.com/archive/1/246014
Reference: BID:3703
Reference: URL:http://www.securityfocus.com/bid/3703
Reference: XF:winxp-hotkey-execute-programs(7713)
Reference: URL:http://www.iss.net/security_center/static/7713.php

Microsoft Windows XP allows local users to bypass a locked screen and
run certain programs that are associated with Hot Keys.

Analysis
----------------
ED_PRI CAN-2001-1200 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1202
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1202
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011228 DeleGate Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100956050432351&w=2
Reference: BID:3749
Reference: URL:http://online.securityfocus.com/bid/3749
Reference: XF:delegate-proxy-css(7745)
Reference: URL:http://www.iss.net/security_center/static/7745.php

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does
not quote scripting commands within a "403 Forbidden" error page,
which allows remote attackers to execute arbitrary Javascript on other
clients via a URL that generates an error.

Analysis
----------------
ED_PRI CAN-2001-1202 3
Vendor Acknowledgement: unknown

Removed space.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1204
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011228 PHP Rocket Add-in (file transversal vulnerability)
Reference: URL:http://www.securityfocus.com/archive/1/247559
Reference: BID:3751
Reference: URL:http://www.securityfocus.com/bid/3751

Directory traversal vulnerability in phprocketaddin in Total PC
Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers
to read arbitrary files via a .. (dot dot) in the page parameter.

Analysis
----------------
ED_PRI CAN-2001-1204 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1205
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1205
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns
Reference: URL:http://www.securityfocus.com/archive/1/247710
Reference: BID:3754
Reference: URL:http://www.securityfocus.com/bid/3754

Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0
allows remote attackers to read arbitrary files via a '..' (dot dot)
attack.

Analysis
----------------
ED_PRI CAN-2001-1205 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests a SPLIT between different problem
types, thus a different CVE item is being created for the directory
traversal versus the shell metacharacters.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1206
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1206
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category:
Reference: BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns
Reference: URL:http://www.securityfocus.com/archive/1/247710
Reference: BID:3755
Reference: URL:http://www.securityfocus.com/bid/3755

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute
arbitrary commands by failing to validate shell meta characters.

Analysis
----------------
ED_PRI CAN-2001-1206 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests a SPLIT between different problem
types, thus a different CVE item is being created for the directory
traversal versus the shell metacharacters.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1207
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011230 DayDream BBS buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/247708
Reference: CONFIRM:http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog
Reference: BID:3757
Reference: URL:http://www.securityfocus.com/bid/3757
Reference: XF:daydream-bbs-control-code-bo(7755)
Reference: URL:http://www.iss.net/security_center/static/7755.php

Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote
attackers to possibly execute arbitrary code via the control codes (1)
~#MC, (2) ~#TF, or (3) ~#RA.

Analysis
----------------
ED_PRI CAN-2001-1207 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1208
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1208
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011231 Daydream BBS Format strings issue.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100977623710528&w=2

Format string vulnerability in DayDream BBS allows remote attackers to
execute arbitrary code via format string specifiers in a file
containing a ~#RA control code.

Analysis
----------------
ED_PRI CAN-2001-1208 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1209
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011231 blackshell2: zml.cgi remote exploit
Reference: URL:http://www.securityfocus.com/archive/1/247742
Reference: VULNWATCH:20011231 [VulnWatch] blackshell2: zml.cgi remote exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0086.html
Reference: MISC:http://www.jero.cc/zml/zml.html
Reference: BID:3759
Reference: URL:http://www.securityfocus.com/bid/3759
Reference: XF:zml-cgi-directory-traversal(7751)
Reference: URL:http://www.iss.net/security_center/static/7751.php

Directory traversal vulnerability in zml.cgi allows remote attackers
to read arbitrary files via a .. (dot dot) in the file parameter.

Analysis
----------------
ED_PRI CAN-2001-1209 3
Vendor Acknowledgement: no disputed
Content Decisions: INCLUSION

INCLUSION: The author of the zml.cgi program says that the vulnerable
version is not his, and that zml.cgi does not take a file parameter.
If this is an adaptation of that zml.cgi program, and the adaptation
is not generally available, then it should not be included in CVE.
Almost all of the hits on Google for "zml.cgi" are references to the
reported vulnerability, and a search for "zml" doesn't turn up any
obvious web pages, so it cannot be determined if there is another
product that happens to use a script named zml.cgi.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1210
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011230 Possible security problem with Cisco ubr900 series routers
Reference: URL:http://www.securityfocus.com/archive/1/247718
Reference: BID:3758
Reference: URL:http://online.securityfocus.com/bid/3758
Reference: XF:cisco-docsis-default-strings(7806)
Reference: URL:http://www.iss.net/security_center/static/7806.php

Cisco ubr900 series routers that conform to the Data-over-Cable
Service Interface Specifications (DOCSIS) standard must ship without
SNMP access restrictions, which can allow remote attackers to read and
write information to the MIB using arbitrary community strings.

Analysis
----------------
ED_PRI CAN-2001-1210 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: CF

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1211
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/247786
Reference: MISC:http://support.ipswitch.com/kb/IM-20020301-DM02.htm
Reference: MISC:http://support.ipswitch.com/kb/IM-20011219-DM01.htm
Reference: BID:3766
Reference: URL:http://www.securityfocus.com/bid/3766
Reference: XF:imail-admin-domain-change(7752)
Reference: URL:http://www.iss.net/security_center/static/7752.php

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator
privileges to read and modify user alias and mailing list information
for other domains hosted by the same server via the (1) aliasadmin or
(2) listadm1 CGI programs, which do not properly verify that an
administrator is the administrator for the target domain.

Analysis
----------------
ED_PRI CAN-2001-1211 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the release notes for IMail 7.06 say "Fixed remote
handling on Info manager settings."  However, this item is not labeled
as a security fix, nor is it specific enough to be certain.  The
release notes for 7.05 say "iWebMsg: List, rule and alias security
hacks thwarted," which sounds more like the issue, but it's still not
quite clear enough to be certain that the vendor has acknowledged the
problem, especially since there are additional reports of *different*
vulnerabilities in the same version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1212
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1212
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011218 Aktivate Shopping System Cross Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/246274
Reference: XF:aktivate-shopping-css(7717)
Reference: URL:http://www.iss.net/security_center/static/7717.php
Reference: BID:3714
Reference: URL:http://online.securityfocus.com/bid/3714

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03
allows remote attackers to execute arbitrary Javascript via the desc
parameter.

Analysis
----------------
ED_PRI CAN-2001-1212 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1213
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011218 FTPXQ default install read/write capabilities
Reference: URL:http://www.securityfocus.com/archive/1/246285
Reference: XF:ftpxq-default-permissions(7715)
Reference: URL:http://www.iss.net/security_center/static/7715.php
Reference: BID:3716
Reference: URL:http://online.securityfocus.com/bid/3716

The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a
default username and password, which allows remote attackers to read
and write arbitrary files in the root folder.

Analysis
----------------
ED_PRI CAN-2001-1213 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1214
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011215 *ALERT* "Unix Manual" PHP-Script allows arbitrary code execution
Reference: URL:http://www.securityfocus.com/archive/1/247332
Reference: XF:unixmanual-php-command-execution(7719)
Reference: URL:http://www.iss.net/security_center/static/7719.php
Reference: BID:3718
Reference: URL:http://online.securityfocus.com/bid/3718

manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote
attackers to execute arbitrary code via a URL that contains shell
metacharacters.

Analysis
----------------
ED_PRI CAN-2001-1214 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1216
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1216
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)
Reference: URL:http://www.securityfocus.com/archive/1/246663
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
Reference: CERT-VN:VU#500203
Reference: URL:http://www.kb.cert.org/vuls/id/500203
Reference: XF:oracle-appserver-modplsql-bo(7727)
Reference: URL:http://www.iss.net/security_center/static/7727.php
Reference: BID:3726
Reference: URL:http://www.securityfocus.com/bid/3726

Buffer overflow in PL/SQL Apache module in Oracle 9i Application
Server allows remote attackers to execute arbitrary code via a long
request for a help page.

Analysis
----------------
ED_PRI CAN-2001-1216 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1217
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)
Reference: URL:http://www.securityfocus.com/archive/1/246663
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
Reference: XF:oracle-appserver-modplsql-traversal(7728)
Reference: URL:http://www.iss.net/security_center/static/7728.php
Reference: BID:3727
Reference: URL:http://www.securityfocus.com/bid/3727
Reference: CERT-VN:VU#758483
Reference: URL:http://www.kb.cert.org/vuls/id/758483

Directory traversal vulnerability in PL/SQL Apache module in Oracle
Oracle 9i Application Server allows remote attackers to access
sensitive information via a double encoded URL with .. (dot dot)
sequences.

Analysis
----------------
ED_PRI CAN-2001-1217 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1218
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1218
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition
Reference: URL:http://www.securityfocus.com/archive/1/246611
Reference: BID:3729
Reference: URL:http://online.securityfocus.com/bid/3729

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to
possibly cause a denial of service (crash) in CDE or the X server on
Solaris 2.6 by rapidly scrolling Chinese characters or maximizing
the window.

Analysis
----------------
ED_PRI CAN-2001-1218 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1219
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011220 MSIE DoS Using javascript
Reference: URL:http://www.securityfocus.com/archive/1/246649
Reference: BID:3730
Reference: URL:http://online.securityfocus.com/bid/3730

Microsoft Internet Explorer 6.0 and earlier allows malicious website
operators to cause a denial of service (client crash) via JavaScript
that continually refreshes the window via self.location.

Analysis
----------------
ED_PRI CAN-2001-1219 3
Vendor Acknowledgement: unknown
Content Decisions: EX-CLIENT-DOS

INCLUSION: The current version of CD:EX-CLIENT-DOS suggests that if
there is a client-side DoS which is only exploitable through a passive
attack, then if the scope is limited to the application only and it
can be fixed with a restart, then the problem should not be included
in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1220
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1220
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration
Reference: URL:http://www.securityfocus.com/archive/1/246849
Reference: BID:3735
Reference: URL:http://www.securityfocus.com/bid/3735
Reference: XF:dlink-ap-public-mib(7733)
Reference: URL:http://www.iss.net/security_center/static/7733.php

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point
stores the administrative password in plaintext in the default
Management Information Base (MIB), which allows remote attackers to
gain administrative privileges.

Analysis
----------------
ED_PRI CAN-2001-1220 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION

ABSTRACTION: CD:SF-LOC suggests a SPLIT between problems of different
types.  One issue is a plaintext password (lack of encryption) whose
scope is limited to those who know the community string - however,
there's a default community string, which is a different type of issue
(default), that makes the plaintext password problem worse than it
might originally be, but it is still a problem even if there is a
non-default community string.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1221
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration
Reference: URL:http://www.securityfocus.com/archive/1/246849
Reference: BID:3736
Reference: URL:http://www.securityfocus.com/bid/3736

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses
a default SNMP community string of 'public' which allows remote
attackers to gain sensitive information.

Analysis
----------------
ED_PRI CAN-2001-1221 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, CF-PASS

ABSTRACTION: CD:SF-LOC suggests a SPLIT between problems of different
types.  One issue is a plaintext password (lack of encryption) whose
scope is limited to those who know the community string - however,
there's a default community string, which is a different type of issue
(default), that makes the plaintext password problem worse than it
might originally be, but it is still a problem even if there is a
non-default community string.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1222
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011221 twlc advisory: plesk (psa) allows reading of .php files
Reference: URL:http://www.securityfocus.com/archive/1/246861
Reference: BID:3737
Reference: URL:http://www.securityfocus.com/bid/3737
Reference: XF:psa-php-reveal-source(7735)
Reference: URL:http://www.iss.net/security_center/static/7735.php

Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain
PHP source code via an HTTP request containing the target's IP address
and a valid account name for the domain.

Analysis
----------------
ED_PRI CAN-2001-1222 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1223
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011226 Phoenix Sistemi Security Advisory: ELSA Lancom 1100 Office Security Problems
Reference: URL:http://www.securityfocus.com/archive/1/247274
Reference: BID:3746
Reference: URL:http://www.securityfocus.com/bid/3746
Reference: XF:elsa-lancom-web-administration(7739)
Reference: URL:http://www.iss.net/security_center/static/7739.php

The web administration server for ELSA Lancom 1100 Office does not
require authentication, which allows arbitrary remote attackers to
gain administrative privileges by connecting to the server.

Analysis
----------------
ED_PRI CAN-2001-1223 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-NO-AUTH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1224
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011223 GOBBLES CGI MARATHON #001
Reference: URL:http://www.securityfocus.com/archive/1/246994
Reference: BID:3739
Reference: URL:http://www.securityfocus.com/bid/3739
Reference: XF:adrotate-sql-execute-commands(7736)
Reference: URL:http://www.iss.net/security_center/static/7736.php

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows
remote attackers to modify the database and possibly execute arbitrary
commands via a SQL code injection attack.

Analysis
----------------
ED_PRI CAN-2001-1224 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1225
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1225
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011226 msql DoS
Reference: URL:http://www.securityfocus.com/archive/1/247222
Reference: BID:3742
Reference: URL:http://www.securityfocus.com/bid/3742
Reference: XF:msql-char-array-dos(7746)
Reference: URL:http://www.iss.net/security_center/static/7746.php

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to
cause a denial of service by creating a very large array in a table,
which causes miniSQL to crash when the table is queried.

Analysis
----------------
ED_PRI CAN-2001-1225 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1226
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1226
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011225 GOBBLES CGI MARATHON #002
Reference: URL:http://www.securityfocus.com/archive/1/247126
Reference: BID:3741
Reference: URL:http://www.securityfocus.com/bid/3741
Reference: XF:adcycle-modify-sql-query(7762)
Reference: URL:http://www.iss.net/security_center/static/7762.php

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries,
which are not properly sanitized before being passed to the MySQL
database.

Analysis
----------------
ED_PRI CAN-2001-1226 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007