[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TECH] Candidates with enough votes - but no vendor confirmation!



All,

The following 26 candidates have enough votes to become official
entries.  However, the vendor does not appear to have confirmed that
they exist.

Last week at the Board meeting, attendees suggested that voters
shouldn't ACCEPT a candidate unless they are reasonably certain that
the problem is real.  Given that there is no apparent vendor
confirmation, these 26 candidates will need support from other
sources.

Can anyone confirm any of these problems?  Do you trust the sources?
If so, please use an ACCEPT vote for the candidate, and include your
reason for why you believe the problem is real.

Note that these 26 candidates represent 33% of the 78 candidates that
were ready to move to Interim Decision without voting confirmation.
The other 52 candidates have vendor confirmation, so I am comfortable
with moving them to Interim Decision.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

KEY FOR INFERRED ACTIONS
------------------------

Inferred actions capture the voting status of a candidate.  They may
be used by the moderator to determine whether or not a candidate is
added to CVE.  Where there is disagreement, the moderator must resolve
the issue and achieve consensus, or make the final decision if
consensus cannot be reached.

- ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT
- ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement
- MOREVOTES = needs more votes
- ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING
- SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright
- SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's
- REVIEWING = at least one member is REVIEWING
- REJECT = at least one member REJECTed
- REVOTE = members should review their vote on this candidate

=================================
Candidate: CAN-1999-0676
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990808 stdcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-stdcm-convert
Reference: BID:575

stdcm_convert in Solaris 2.6 allows a local user to overwrite
sensitive files via a symlink attack.

INFERRED ACTION: CAN-1999-0676 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> CHGREF XF:sun-sdtcm-convert
 Frech> CHGREF BUGTRAQ:19990808 sdtcm_convert
 Frech> Description needs to be changed to sdtcm_convert
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0711
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1
Reference: XF:oracle-oratclsh

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix
allows local users to execute Tcl commands as root.

Modifications:
  CHANGEREF BUGTRAQ [add date]

INFERRED ACTION: CAN-1999-0711 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Frech
   NOOP(1) Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Multiple verifications in Bugtraq.


VOTE:

=================================
Candidate: CAN-1999-0720
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: BID:597
Reference: XF:linux-pt-chown

The pt_chown command in Linux allows local users to modify TTY
terminal devices that belong to other users.

Modifications:
  ADDREF BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
  ADDREF URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl

INFERRED ACTION: CAN-1999-0720 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Frech
   MODIFY(1) Stracener
   NOOP(1) Christey

Comments:
 Stracener> Add Ref: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD
 Stracener> / lynx /
 Stracener> vlock / mc / glibc 2.0.x
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0747
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: BID:589
Reference: XF:bsdi-smp-dos

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an
fstat call is made when the system has a high CPU load.

Modifications:
  CHANGEREF BUGTRAQ [add date]

INFERRED ACTION: CAN-1999-0747 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Frech
   MODIFY(1) Stracener
   NOOP(1) Christey

Comments:
 Stracener> Add a date to the Ref above: BUGTRAQ:19990817 Symmetric...
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0773
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo

Buffer overflow in Solaris lpset program allows local users to gain
root access.

INFERRED ACTION: CAN-1999-0773 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Frech
   NOOP(1) Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Posted by UNYUN of Shadow Penguin Security.


VOTE:

=================================
Candidate: CAN-1999-0776
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: NTBUGTRAQ:19990506 ".."-hole in Alibaba 2.0
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533
Reference: XF:http-alibaba-dotdot

Alibaba HTTP server allows remote attackers to read files via a
.. (dot dot) attack.

INFERRED ACTION: CAN-1999-0776 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Stracener, Frech
   NOOP(2) Cole, Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Posted by Arne Vidstrom.


VOTE:

=================================
Candidate: CAN-1999-0780
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-process-kill

KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.

Modifications:
  ADDREF XF:kde-klock-process-kill

INFERRED ACTION: CAN-1999-0780 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:kde-klock-process-kill
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0781
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-bindir-trojans

KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.

Modifications:
  ADDREF XF:kde-klock-bindir-trojans

INFERRED ACTION: CAN-1999-0781 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:kde-klock-bindir-trojans
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0782
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-kppp-directory-create

KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.

Modifications:
  ADDREF XF:kde-kppp-directory-create

INFERRED ACTION: CAN-1999-0782 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> kde-kppp-directory-create
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0803
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles

The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.

Modifications:
  CHANGEREF BUGTRAQ [add date]
  ADDREF XF:ibm-enfirewall-tmpfiles

INFERRED ACTION: CAN-1999-0803 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:ibm-efirewall-tmpfiles
 Frech> BUGTRAQ: add 19990525
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Poster claims that APAR (IR39562) was created.


VOTE:

=================================
Candidate: CAN-1999-0816
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621
Reference: XF:motorola-cable-default-pass

The Motorola CableRouter allows any remote user to connect to and
configure the router on port 1024.

Modifications:
  ADDREF XF:motorola-cable-default-pass

CONTENT-DECISIONS: CF-DEF-PASS

INFERRED ACTION: CAN-1999-0816 ACCEPT (3 accept, 0 ack, 0 review) HAS_CDS

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:motorola-cable-default-pass
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0885
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991103 More Alibaba Web Server problems...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-11-01&msg=01BF261F.928821E0.kerb@fnusa.com
Reference: BID:770
Reference: XF:alibaba-url-file-manipulation

Alibaba web server allows remote attackers to execute commands via a
pipe character in a malformed URL.

Modifications:
  ADDREF XF:alibaba-url-file-manipulation

INFERRED ACTION: CAN-1999-0885 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Christey

Comments:
 Frech> XF:alibaba-url-file-manipulation
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0895
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net

Firewall-1 does not properly restrict access to LDAP attributes.

INFERRED ACTION: CAN-1999-0895 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:checkpoint-ldap-auth
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0897
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln

iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.

Modifications:
  ADDREF XF:ichat-file-read-vuln

INFERRED ACTION: CAN-1999-0897 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Christey

Comments:
 Frech> XF:ichat-file-read-vuln
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Two Bugtraq followups claim the problem has been fixed.


VOTE:

=================================
Candidate: CAN-1999-0913
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990804 NSW Dragon Fire gets drowned
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=93383593909438&w=2
Reference: BID:564

dfire.cgi script in Dragon-Fire IDS allows remote users to execute
commands via shell metacharacters.

INFERRED ACTION: CAN-1999-0913 SMC_REVIEW (3 accept, 1 review)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Frech
   NOOP(1) Cole
   REVIEWING(1) Christey

Comments:
 Frech> XF:dragon-fire-ids-metachar
 Christey> Some voters should use ABSTAIN.


VOTE:

=================================
Candidate: CAN-1999-0919
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621
Reference: XF:motorola-cable-crash

A memory leak in a Motorola CableRouter allows remote attackers to
conduct a denial of service via a large number of telnet connections.

Modifications:
  ADDREF XF:motorola-cable-crash

INFERRED ACTION: CAN-1999-0919 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Stracener, Christey

Comments:
 Frech> XF:motorola-cable-crash
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-1999-0958
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2

sudo 1.5.x allows local users to execute arbitrary commands via a
.. (dot dot) attack.

INFERRED ACTION: CAN-1999-0958 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Meunier
   NOOP(1) Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Independent confirmation in Bugtraq followups, and one poster
 Christey> claims that a patch has been released.


VOTE:

=================================
Candidate: CAN-1999-0961
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2

HPUX sysdiag allows local users to gain root privileges via a symlink
attack during log file creation.

INFERRED ACTION: CAN-1999-0961 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Meunier
   NOOP(1) Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Verified by two posters in Bugtraq followups.


VOTE:

=================================
Candidate: CAN-1999-0997
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: unknown
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)

wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.

INFERRED ACTION: CAN-1999-0997 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:wuftp-ftp-conversion
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:wuftp-ftp-conversion does not exist.
 Christey>
 Christey> Posted by suid@suid.kg.  See http://www.suid.edu/advisories/001.txt
 Christey> for details.


VOTE:

=================================
Candidate: CAN-1999-1005
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2

Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.

INFERRED ACTION: CAN-1999-1005 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Comments:
 Frech> XF:groupwise-web-read-files
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:groupwise-web-read-files does not exist.
 Christey>
 Christey> Multiple Bugtraq followups indicate the problem may be more
 Christey> severe than the current CVE description indicates.


VOTE:

=================================
Candidate: CAN-1999-1007
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: BID:872

Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.

INFERRED ACTION: CAN-1999-1007 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Frech> XF:vdolive-bo-execute
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:vdolive-bo-execute does not exist.
 Christey>
 Christey> Posted by UNYUN of Shadow Penguin Security.


VOTE:

=================================
Candidate: CAN-1999-1008
Published:
Final-Decision:
Interim-Decision:
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2
Reference: BID:871

xsoldier program allows local users to gain root access via a
long argument.

INFERRED ACTION: CAN-1999-1008 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Comments:
 Frech> XF:unix-xsoldier-overflow
 Christey> Confirmed in freebsd-security mailing list.


VOTE:

=================================
Candidate: CAN-1999-1010
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2

An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.

INFERRED ACTION: CAN-1999-1010 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Comments:
 Frech> XF:ssh-policy-bypass
 Christey> This candidate is unconfirmed by the vendor.


VOTE:

=================================
Candidate: CAN-2000-0139
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982

Internet Anywhere POP3 Mail Server allows local users to cause a
denial of service via a malformed RETR command.

INFERRED ACTION: CAN-2000-0139 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Bishop, Blake, Cole
   NOOP(2) LeBlanc, Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP.


VOTE:

=================================
Candidate: CAN-2000-0140
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980

Internet Anywhere POP3 Mail Server allows remote attackers to cause a
denial of service via a large number of connections.

INFERRED ACTION: CAN-2000-0140 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Bishop, Blake, Cole
   NOOP(2) LeBlanc, Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP.


VOTE:

=================================
Candidate: CAN-2000-0144
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971

Axis 700 Network Scanner does not properly restrict access to
administrator URLs, which allows users to bypass the password
protection via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0144 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Bishop, Blake, Cole
   NOOP(2) LeBlanc, Christey

Comments:
 Christey> Poster claims that the vendor has issued a patch.


VOTE:

Page Last Updated or Reviewed: May 22, 2007