[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2001-002 - 42 candidates



I am proposing cluster MISC-2001-002 for review and voting by the
Editorial Board.

Name: MISC-2001-002
Description: Misc. Candidates announced between 7/3/2001 and 7/30/2001
Size: 42

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.
Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-1237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1237
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: CONFIRM:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
Reference: BID:3393
Reference: URL:http://www.securityfocus.com/bid/3393
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803

Phormation PHP script 0.9.1 and earlier allows remote attackers to
execute arbitrary code by including files from remote web sites, using
an HTTP request that modifies the phormationdir variable.

Analysis
----------------
ED_PRI CAN-2001-1237 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: Ack is in /phormation-0.9.2/phormation/CHANGELOG: -
"changed the $phormationdir variable to be a constant. This closes a
huge security hole: The client could set the variable to something
like 'http://his_site.com'. Then your script would include
http://his_site.com/form.php and execute his code! (assuming you
haven't turned off certain php options)"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1240
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: ENGARDE:ESA-20010711-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1493.html

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows
any user in the admin group to run certain commands that could be
leveraged to gain full root access.

Analysis
----------------
ED_PRI CAN-2001-1240 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://dnhttpd.sourceforge.net/changelog.html
Reference: MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html

Directory traversal vulnerability in Doug Neal's HTTPD Daemon
(DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files
via a .. (dot dot) attack using the dot hex code '%2E'.

Analysis
----------------
ED_PRI CAN-2001-1266 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the change log for version 0.4.1 says: "Just a
bug/security fix. I mistakenly put the bit that checked for '..' in
the URL *before* the bit that translated hex codes in URLs to ASCII,
so you could use %2E%2E in place of '..' and view any directory
listing or file in the filesystem that the server has read access to."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

Directory traversal vulnerability in GNU tar 1.13.19 and earlier
allows local users overwrite arbitrary files during archive extraction
via a tar file whose filenames contain a .. (dot dot).

Analysis
----------------
ED_PRI CAN-2001-1267 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: in the ChangeLog file for 1.13.25, the entry dated
2001-08-27 says "(extract_archive): Fix test for absolute pathnames
and/or '..'."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: REDHAT:RHSA-2001:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html
Reference: FREEBSD:FreeBSD-SA-01:48
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc
Reference: BID:3065
Reference: URL:http://online.securityfocus.com/bid/3065

Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via AFS RPC packets with invalid lengths that trigger
an integer signedness error, a different vulnerability than
CVE-2000-1026.

Analysis
----------------
ED_PRI CAN-2001-1279 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1235
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/21800
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
Reference: BID:3395
Reference: URL:http://www.securityfocus.com/bid/3395

pSlash PHP script 0.7 and earlier allows remote attackers to execute
arbitrary code by including files from remote web sites, using an HTTP
request that modifies the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1235 2
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: Could not find ACK and the software has not been
updated on sourceforge since Jun 05, 2001, 5 months before this
vulnerability was announced.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1236
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: BID:3394
Reference: URL:http://www.securityfocus.com/bid/3394
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers
to execute arbitrary code by including files from remote web sites,
using an HTTP request that modifies the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1236 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010716 W2k: Unkillable Applications
Reference: URL:http://www.securityfocus.com/archive/1/197195
Reference: XF:win2k-taskmanager-unkillable-process(6919)
Reference: URL:http://xforce.iss.net/static/6919.php
Reference: BID:3033
Reference: URL:http://www.securityfocus.com/bid/3033

Task Manager in Windows 2000 does not allow local users to end
processes with uppercase letters named (1) winlogon.exe, (2)
csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which
could allow local users to install Trojan horses that cannot be
stopped with the Task Manager.

Analysis
----------------
ED_PRI CAN-2001-1238 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1241
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010717 multiple vulnerabilities in un-cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
Reference: BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi.html
Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html
Reference: BID:3057
Reference: URL:http://online.securityfocus.com/bid/3057
Reference: XF:uncgi-unexecutable-cgi(6847)
Reference: URL:http://www.iss.net/security_center/static/6847.php

Un-CGI 1.9 and earlier does not verify that a CGI script has the
execution bits set before executing it, which allows remote attackers
to execute arbitrary commands by directing Un-CGI to a document that
begins with "#!"  and the desired program name.

Analysis
----------------
ED_PRI CAN-2001-1241 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The home page describes Un-CGI 1.10 and includes a
SECURITY section that says "EXECUTABLES_ONLY - If set, Un-CGI's
ability to execute shell scripts that begin with '#!' but don't have
execute permission set in the filesystem is disabled."  The change log
for version 1.10 says "Add security-related compile-time option
EXECUTABLES_ONLY," which would address the problem being described here.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010717 multiple vulnerabilities in un-cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
Reference: BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple vulnerabilities in un-cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html
Reference: BID:3056
Reference: URL:http://online.securityfocus.com/bid/3056
Reference: XF:uncgi-dot-directory-traversal(6846)
Reference: URL:http://www.iss.net/security_center/static/6846.php

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows
remote attackers to execute arbitrary code via a .. (dot dot) in an
HTML form.

Analysis
----------------
ED_PRI CAN-2001-1242 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1243
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010704 NERF Advisory #4: MS IIS local and remote DoS
Reference: URL:http://www.securityfocus.com/archive/1/194919
Reference: BID:2973
Reference: URL:http://www.securityfocus.com/bid/2973
Reference: XF:iis-device-asp-dos(6800)
Reference: URL:http://www.iss.net/security_center/static/6800.php

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0
allows local or remote attackers to cause a denial of service (crash)
via (1) creating an ASP program that uses Scripting.FileSystemObject
to open a file with an MS-DOS device name, or (2) remotely injecting
the device name into ASP programs that internally use
Scripting.FileSystemObject.

Analysis
----------------
ED_PRI CAN-2001-1243 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20010708 Small TCP packets == very large overhead == DoS?
Reference: URL:http://www.securityfocus.com/archive/1/195457
Reference: BID:2997
Reference: URL:http://www.securityfocus.com/bid/2997
Reference: XF:tcp-mss-dos(6824)
Reference: URL:http://xforce.iss.net/static/6824.php

Multiple TCP implementations could allow remote attackers to cause a
denial of service (bandwidth and CPU exhaustion) by setting the
maximum segment size (MSS) to a very small number and requesting large
amounts of data, which generates more packets with less TCP-level data
that amplify network traffic and consume more server CPU to process.

Analysis
----------------
ED_PRI CAN-2001-1244 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 Re: Opera Browser Heap Overflow (Session Replay Attack)
Reference: URL:http://online.securityfocus.com/archive/1/196980
Reference: XF:opera-browser-header-bo(6838)
Reference: URL:http://www.iss.net/security_center/static/6838.php
Reference: BID:3012
Reference: URL:http://www.securityfocus.com/bid/3012

Opera 5.0 for Linux does not properly handle malformed HTTP headers,
which allows remote attackers to cause a denial of service, possibly
with a header whose value is the same as a MIME header name.

Analysis
----------------
ED_PRI CAN-2001-1245 3
Vendor Acknowledgement: unknown
Content Decisions: EX-CLIENT-DOS

DETAIL: The Bugtraq posting is a response to a message that was
supposedly posted at
http://www.securiteam.com/securitynews/5MP0B004UW.html, but that URL
no longer exists, and there is no information on the SecuriTeam web
site.  The Bugtraq post does not provide specific details to
understand what causes the problem, but it does use "X" as a value and
a possible header name.  When combined with the claim that the problem
is due to a "mismatched new/delete[] pair," one could guess at the
cause.
INCLUSION: CD:EX-CLIENT-DOS recommends that DoSes that only affect a
client and can be cleared by restarting, could be excluded from CVE.
However, CD:EX-CLIENT-DOS is not final as of this writing.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
Reference: URL:http://online.securityfocus.com/archive/1/198495
Reference: CALDERA:CSSA-2001-027.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
Reference: DEBIAN:DSA-073
Reference: URL:http://www.debian.org/security/2001/dsa-073
Reference: CONFIRM:http://online.securityfocus.com/archive/1/198495
Reference: CONECTIVA:CLA-2001:410
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
Reference: BID:3082
Reference: URL:http://www.securityfocus.com/bid/3082
Reference: XF:imp-cross-site-scripting(6905)
Reference: URL:http://www.iss.net/security_center/static/6905.php

Cross-site scripting vulnerability in Horde Internet Messaging Program
(IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute
arbitrary Javascript embedded in an email.

Analysis
----------------
ED_PRI CAN-2001-1257 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
Reference: URL:http://online.securityfocus.com/archive/1/198495
Reference: CALDERA:CSSA-2001-027.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
Reference: CONECTIVA:CLA-2001:410
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
Reference: CONFIRM:http://online.securityfocus.com/archive/1/198495
Reference: DEBIAN:DSA-073
Reference: URL:http://www.debian.org/security/2001/dsa-073
Reference: XF:imp-prefslang-gain-privileges(6906)
Reference: URL:http://www.iss.net/security_center/static/6906.php
Reference: BID:3083
Reference: URL:http://www.securityfocus.com/bid/3083

Horde Internet Messaging Program (IMP) before 2.2.6 allows local users
to read IMP configuration files and steal the Horde database password
by placing the prefs.lang file containing PHP code on the server.

Analysis
----------------
ED_PRI CAN-2001-1258 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: HP:HPSBUX0107-161
Reference: URL:http://www.securityfocus.com/advisories/3459
Reference: CIAC:L-119
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-119.shtml
Reference: CERT-VN:VU#420475
Reference: URL:http://www.kb.cert.org/vuls/id/420475
Reference: XF:hp-virtualvault-mkacct-privilege-elevation(6867)
Reference: URL:http://xforce.iss.net/static/6867.php
Reference: BID:3072
Reference: URL:http://www.securityfocus.com/bid/3072

Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating
System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.

Analysis
----------------
ED_PRI CAN-2001-1264 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

INCLUSION: While there is very little information about this issue,
CD:VAGUE says that problems that are identified by vague vendor
advisories should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010720 IBM TFTP Server for Java vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/198297
Reference: BID:3076
Reference: URL:http://www.securityfocus.com/bid/3076
Reference: XF:ibm-tftp-directory-traversal(6864)
Reference: URL:http://xforce.iss.net/static/6864.php

Directory traversal vulnerability in IBM alphaWorks Java TFTP server
1.21 allows remote attackers to conduct unauthorized operations on
arbitrary files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-1265 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html

Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier
allows attackers to overwrite arbitrary files during archive
extraction via a .. (dot dot) in an extracted filename.

Analysis
----------------
ED_PRI CAN-2001-1268 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: In a prominent orange box on the vendor page, the
vendor states: "all versions of UnZip prior to 5.50 (i.e., 5.42 and
earlier) have a directory-traversal vulnerability that allows them to
unpack files in unexpected places. Specifically, if an archive
contains files with leading '/' characters (i.e., relative to the root
directory) or with '..' components...  This bug is fixed in 5.50 and
later."  The statement includes a link to the Bugtraq reference.
ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues.
While some people use "directory traversal" to refer to both .. and
leading-slash problems, if a programmer fixes one problem, there is
still a strong possibility that they have not fixed the other issue.
Therefore, the problems are different enough that they should be
SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html

Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite
arbitrary files during archive extraction via filenames in the archive
that begin with the '/' (slash) character.

Analysis
----------------
ED_PRI CAN-2001-1269 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: In a prominent orange box on the vendor page, the
vendor states: "all versions of UnZip prior to 5.50 (i.e., 5.42 and
earlier) have a directory-traversal vulnerability that allows them to
unpack files in unexpected places. Specifically, if an archive
contains files with leading '/' characters (i.e., relative to the root
directory) or with '..' components...  This bug is fixed in 5.50 and
later."  The statement includes a link to the Bugtraq reference.
ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues.
While some people use "directory traversal" to refer to both .. and
leading-slash problems, if a programmer fixes one problem, there is
still a strong possibility that they have not fixed the other issue.
Therefore, the problems are different enough that they should be
SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: MISC:http://www.security.nnov.ru/advisories/archdt.asp

Directory traversal vulnerability in the console version of PKZip
(pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary
files during archive extraction with the -rec (recursive) option via a
.. (dot dot) attack on the archived files.

Analysis
----------------
ED_PRI CAN-2001-1270 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: MISC:http://www.security.nnov.ru/advisories/archdt.asp

Directory traversal vulnerability in rar 2.02 and earlier allows
attackers to overwrite arbitrary files during archive extraction via a
..  (dot dot) attack on archived filenames.

Analysis
----------------
ED_PRI CAN-2001-1271 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010727 bug w2k
Reference: URL:http://online.securityfocus.com/archive/1/200118
Reference: BUGTRAQ:20010801 F7-Enter bug details & workaround
Reference: URL:http://online.securityfocus.com/archive/1/201151
Reference: VULN-DEV:20010730 RE: bug w2k
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=99651044701417&w=2
Reference: BUGTRAQ:20010729 Re: w2k dos
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99640583014377&w=2
Reference: BUGTRAQ:20010731 NT TS / Win 2K and F7 - Enter bug
Reference: URL:http://online.securityfocus.com/archive/1/200985
Reference: BID:3115
Reference: URL:http://online.securityfocus.com/bid/3115

Windows 2000 and Windows NT allows local users to cause a denial of
service (reboot) by executing a command at the command prompt and
pressing the F7 and enter keys several times while the command is
executing, possibly related to an exception handling error in
csrss.exe.

Analysis
----------------
ED_PRI CAN-2001-1288 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010730 ADV: Quake 3 Arena 1.29f/g Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html
Reference: BID:3123
Reference: URL:http://online.securityfocus.com/bid/3123

Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a
denial of service (crash) via a malformed connection packet that
begins with several char-255 characters.

Analysis
----------------
ED_PRI CAN-2001-1289 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010712 3Com TelnetD
Reference: URL:http://www.securityfocus.com/archive/1/196957
Reference: XF:3com-telnetd-brute-force(6855)
Reference: URL:http://xforce.iss.net/static/6855.php
Reference: BID:3034
Reference: URL:http://www.securityfocus.com/bid/3034

The telnet server for 3Com hardware such as PS40 SuperStack II does
not delay or disconnect remote attackers who provide an incorrect
username or password, which makes it easier to break into the server
via brute force password guessing.

Analysis
----------------
ED_PRI CAN-2001-1291 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911
Reference: BID:3063
Reference: URL:http://www.securityfocus.com/bid/3063
Reference: XF:win2k-change-network-passwords(6876)
Reference: URL:http://xforce.iss.net/static/6876.php

The change password option in the Windows Security interface for
Windows 2000 allows attackers to use the option to attempt to change
passwords of other users on other systems or identify valid accounts
by monitoring error messages, possibly due to a problem in the
NetuserChangePassword function.

Analysis
----------------
ED_PRI CAN-2001-1302 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1303
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20010718 Firewall-1 Information leak
Reference: URL:http://www.securityfocus.com/archive/1/197566
Reference: BID:3058
Reference: URL:http://online.securityfocus.com/bid/3058
Reference: XF:fw1-securemote-gain-information(6857)
Reference: URL:http://xforce.iss.net/static/6857.php

The default configuration of SecuRemote for Check Point Firewall-1
allows remote attackers to obtain sensitive configuration information
for the protected network without authentication.

Analysis
----------------
ED_PRI CAN-2001-1303 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#276944
Reference: URL:http://www.kb.cert.org/vuls/id/276944
Reference: SGI:20011102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via invalid BER length of length fields, as
demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1306 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT-VN:VU#276944
Reference: URL:http://www.kb.cert.org/vuls/id/276944
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: SGI:20011102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: XF:iplanet-ldap-protos-bo(6893)
Reference: URL:http://xforce.iss.net/static/6893.php
Reference: BID:3038
Reference: URL:http://www.securityfocus.com/bid/3038

Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP)
allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3
test suite.

Analysis
----------------
ED_PRI CAN-2001-1307 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#276944
Reference: URL:http://www.kb.cert.org/vuls/id/276944
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: SGI:20011102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: BID:3039
Reference: URL:http://www.securityfocus.com/bid/3039
Reference: XF:iplanet-ldap-protos-format-string(6898)
Reference: URL:http://xforce.iss.net/static/6898.php

Format string vulnerabilities in iPlanet Directory Server 4.1.4 and
earlier (LDAP) allow remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code, as demonstrated by the
PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1308 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#505564
Reference: URL:http://www.kb.cert.org/vuls/id/505564
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
Reference: BID:3040
Reference: URL:http://www.securityfocus.com/bid/3040
Reference: XF:secureway-ldap-protos-dos(6894)
Reference: URL:http://xforce.iss.net/static/6894.php

Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code,
as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1309 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#505564
Reference: URL:http://www.kb.cert.org/vuls/id/505564
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
Reference: BID:3040
Reference: URL:http://www.securityfocus.com/bid/3040
Reference: XF:secureway-ldap-protos-dos(6894)
Reference: URL:http://xforce.iss.net/static/6894.php

IBM SecureWay 3.2.1 allow remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code, via invalid
encodings for the L field of a BER encoding, as demonstrated by the
PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1310 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1311
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#583184
Reference: URL:http://www.kb.cert.org/vuls/id/583184
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: XF:domino-ldap-protos-bo(6895)
Reference: URL:http://xforce.iss.net/static/6895.php
Reference: BID:3041
Reference: URL:http://www.securityfocus.com/bid/3041

Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1311 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1312
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1312
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#583184
Reference: URL:http://www.kb.cert.org/vuls/id/583184
Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: XF:domino-ldap-protos-format-string(6896)
Reference: URL:http://xforce.iss.net/static/6896.php
Reference: BID:3042
Reference: URL:http://www.securityfocus.com/bid/3042

Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test
suite.

Analysis
----------------
ED_PRI CAN-2001-1312 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#583184
Reference: URL:http://www.kb.cert.org/vuls/id/583184
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Lotus Domino R5 before R5.0.7a allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
miscellaneous packets with semi-valid BER encodings, as demonstrated
by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1313 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html
Reference: CERT-VN:VU#657547
Reference: URL:http://www.kb.cert.org/vuls/id/657547
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: BID:3124
Reference: URL:http://www.securityfocus.com/bid/3124

Buffer overflows in Critical Path (1) InJoin Directory Server or (2)
LiveContent Directory allow remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code, as demonstrated
by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1314 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html
Reference: CERT-VN:VU#657547
Reference: URL:http://www.kb.cert.org/vuls/id/657547
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Critical Path (1) InJoin Directory Server or (2) LiveContent Directory
allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via malformed BER encodings, as
demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1315 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT-VN:VU#688960
Reference: URL:http://www.kb.cert.org/vuls/id/688960
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: XF:teamware-ldap-protos-bo(6897)
Reference: URL:http://xforce.iss.net/static/6897.php
Reference: BID:3044
Reference: URL:http://www.securityfocus.com/bid/3044

Buffer overflows in Teamware Office Enterprise Directory allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1316 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT-VN:VU#688960
Reference: URL:http://www.kb.cert.org/vuls/id/688960
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Teamware Office Enterprise Directory allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code, via
invalid encodings for certain BER object types, as demonstrated by the
PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1317 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1318
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT-VN:VU#717380
Reference: URL:http://www.kb.cert.org/vuls/id/717380
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: BID:3043
Reference: URL:http://www.securityfocus.com/bid/3043

Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1318 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC, SF-CODEBASE, VAGUE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1319
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#763400
Reference: URL:http://www.kb.cert.org/vuls/id/763400
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/CFCN-4YAQC7
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: BID:3045
Reference: URL:http://www.securityfocus.com/bid/3045
Reference: XF:exchange-ldap-protos-dos(6899)
Reference: URL:http://xforce.iss.net/static/6899.php

Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial
of service (hang) via exceptional BER encodings for the LDAP filter
type field, as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1319 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#765256
Reference: URL:http://www.kb.cert.org/vuls/id/765256
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNK
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
Reference: BID:3046
Reference: URL:http://www.securityfocus.com/bid/3046
Reference: XF:pgp-keyserver-ldap-bo(6900)
Reference: URL:http://xforce.iss.net/static/6900.php

Network Associates PGP Keyserver 7.0 allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via
exceptional BER encodings (possibly buffer overflows), as demonstrated
by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1320 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE, VAGUE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1321
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-116
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#869184
Reference: URL:http://www.kb.cert.org/vuls/id/869184
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNV
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/

Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values,
as demonstrated by the PROTOS LDAPv3 test suite.

Analysis
----------------
ED_PRI CAN-2001-1321 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE, VAGUE

ABSTRACTION: It is difficult to be consistent in abstraction for the
many LDAP issues that were discovered as a result of the PROTOS LDAP
project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance.
Separate CVE items are created according to the 5 different
"Exceptional Elements" categories described in the PROTOS paper. It is
assumed that each vendor is using a different codebase, unless the
relationship is clear.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007