[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 31 candidates from various clusters



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0676	CVE-1999-0676
CAN-1999-0711	CVE-1999-0711
CAN-1999-0720	CVE-1999-0720
CAN-1999-0747	CVE-1999-0747
CAN-1999-0773	CVE-1999-0773
CAN-1999-0790	CVE-1999-0790
CAN-1999-0799	CVE-1999-0799
CAN-1999-0813	CVE-1999-0813
CAN-1999-0888	CVE-1999-0888
CAN-1999-0903	CVE-1999-0903
CAN-1999-0906	CVE-1999-0906
CAN-1999-0958	CVE-1999-0958
CAN-1999-0961	CVE-1999-0961
CAN-1999-1008	CVE-1999-1008
CAN-2000-0044	CVE-2000-0044
CAN-2000-0052	CVE-2000-0052
CAN-2000-0053	CVE-2000-0053
CAN-2000-0057	CVE-2000-0057
CAN-2000-0062	CVE-2000-0062
CAN-2000-0073	CVE-2000-0073
CAN-2000-0083	CVE-2000-0083
CAN-2000-0091	CVE-2000-0091
CAN-2000-0095	CVE-2000-0095
CAN-2000-0099	CVE-2000-0099
CAN-2000-0100	CVE-2000-0100
CAN-2000-0107	CVE-2000-0107
CAN-2000-0131	CVE-2000-0131
CAN-2000-0140	CVE-2000-0140
CAN-2000-0144	CVE-2000-0144
CAN-2000-0159	CVE-2000-0159
CAN-2000-0183	CVE-2000-0183


=================================
Candidate: CAN-1999-0676
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990808 sdtcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-sdtcm-convert
Reference: BID:575
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=575

sdtcm_convert in Solaris 2.6 allows a local user to overwrite
sensitive files via a symlink attack.

Modifications:
  Changed DESC and XF/Bugtraq REF's from stdcm_convert to
  sdtcm_convert.

INFERRED ACTION: CAN-1999-0676 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Comments:
 Frech> CHGREF XF:sun-sdtcm-convert
 Frech> CHGREF BUGTRAQ:19990808 sdtcm_convert
 Frech> Description needs to be changed to sdtcm_convert


=================================
Candidate: CAN-1999-0711
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2
Reference: XF:oracle-oratclsh

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix
allows local users to execute Tcl commands as root.

Modifications:
  CHANGEREF BUGTRAQ [add date]
  ADDREF BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh

INFERRED ACTION: CAN-1999-0711 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Multiple verifications in Bugtraq.


=================================
Candidate: CAN-1999-0720
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: BID:597
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=597
Reference: XF:linux-pt-chown

The pt_chown command in Linux allows local users to modify TTY
terminal devices that belong to other users.

Modifications:
  ADDREF BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
  ADDREF URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl

INFERRED ACTION: CAN-1999-0720 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Frech
   MODIFY(1) Stracener
   NOOP(1) LeBlanc

Comments:
 Stracener> Add Ref: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD
 Stracener> / lynx /
 Stracener> vlock / mc / glibc 2.0.x


=================================
Candidate: CAN-1999-0747
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: BID:589
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=589
Reference: XF:bsdi-smp-dos

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an
fstat call is made when the system has a high CPU load.

Modifications:
  CHANGEREF BUGTRAQ [add date]

INFERRED ACTION: CAN-1999-0747 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Frech
   MODIFY(1) Stracener
   NOOP(2) Christey, LeBlanc

Comments:
 Stracener> Add a date to the Ref above: BUGTRAQ:19990817 Symmetric...
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0773
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo

Buffer overflow in Solaris lpset program allows local users to gain
root access.

INFERRED ACTION: CAN-1999-0773 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.  Posted by UNYUN
 Christey> of Shadow Penguin Security.
 Christey>
 Christey> Followups indicate that the scope of the exploit is limited
 Christey> to group 14.


=================================
Candidate: CAN-1999-0790
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Reference: XF:netscape-javascript

A remote attacker can read information from a Netscape user's cache
via JavaScript.

Modifications:
  ADDREF XF:netscape-javascript
  ADDREF MISC:http://home.netscape.com/security/notes/jscachebrowsing.html

INFERRED ACTION: CAN-1999-0790 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(2) Cole, Frech
   NOOP(1) Christey

Comments:
 Cole> What is being exploited?
 Christey> http://home.netscape.com/security/notes/jscachebrowsing.html
 Frech> XF:netscape-javascript
 Frech> NETSCAPE:http://home.netscape.com/security/notes/jscachebrowsing.html


=================================
Candidate: CAN-1999-0799
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
Reference: XF:bootpd-bo

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file
location.

Modifications:
  ADDREF XF:bootpd-bo

INFERRED ACTION: CAN-1999-0799 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech

Comments:
 Frech> XF:bootpd-bo


=================================
Candidate: CAN-1999-0813
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: DEBIAN:19990814
Reference: XF:cfingerd-privileges

Cfingerd with ALLOW_EXECUTION enabled does not properly drop
privileges when it executes a program on behalf of the user, allowing
local users to gain root privileges.

Modifications:
  ADDREF DEBIAN:19990814
  ADDREF BUGTRAQ:19980724 CFINGERD root security hole
  DESC add ALLOW_EXECUTION qualifier
  ADDREF XF:cfingerd-privileges

INFERRED ACTION: CAN-1999-0813 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> XF:cfingerd-privileges


=================================
Candidate: CAN-1999-0888
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Reference: XF:oracle-dbsnmp
Reference: BID:585
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=585

dbsnmp in Oracle Intelligent Agent allows local users to gain
privileges by setting the ORACLE_HOME environmental variable, which
dbsnmp uses to find the nmiconf.tcl script.

Modifications:
  ADDREF XF:oracle-dbsnmp

INFERRED ACTION: CAN-1999-0888 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech

Comments:
 Frech> XF:oracle-dbsnmp


=================================
Candidate: CAN-1999-0903
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: XF:aix-genfilt-filtering

genfilt in the AIX Packet Filtering Module does not properly filter
traffic to destination ports greater than 32767.

Modifications:
  ADDREF XF:aix-genfilt-filtering

INFERRED ACTION: CAN-1999-0903 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech

Comments:
 Frech> XF:aix-genfilt-filtering


=================================
Candidate: CAN-1999-0906
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: BID:656
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=656
Reference: XF:linux-sccw-bo

Buffer overflow in sccw allows local users to gain root access via the
HOME environmental variable.

Modifications:
  ADDREF SUSE:19990926 Security hole in sccw (Part II)
  ADDREF XF:linux-sccw-bo

INFERRED ACTION: CAN-1999-0906 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Ozancin
   MODIFY(2) Stracener, Frech
   NOOP(1) Christey

Comments:
 Stracener> Add Ref:SUSE: Security hole in sccw (Part II) 26.09.1999
 Christey> ADDREF SUSE:19990926 Security hole in sccw (Part II)
 Frech> XF:linux-sccw-bo


=================================
Candidate: CAN-1999-0958
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2
Reference: XF:sudo-dot-dot-attack

sudo 1.5.x allows local users to execute arbitrary commands via a
.. (dot dot) attack.

Modifications:
  ADDREF XF:sudo-dot-dot-attack

INFERRED ACTION: CAN-1999-0958 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Meunier
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> Confirmed in a Bugtraq followup.
 Frech> XF:sudo-dot-dot-attack


=================================
Candidate: CAN-1999-0961
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink

HPUX sysdiag allows local users to gain root privileges via a symlink
attack during log file creation.

Modifications:
  ADDREF CIAC:H-03
  ADDREF XF:hp-sysdiag-symlink

INFERRED ACTION: CAN-1999-0961 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Ozancin, Meunier
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Verified by two posters in Bugtraq followups.
 Frech> XF:hp-sysdiag-symlink
 Frech> Description should start with HP-UX, not HPUX.


=================================
Candidate: CAN-1999-1008
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2
Reference: BID:871
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=871
Reference: XF:unix-xsoldier-overflow

xsoldier program allows local users to gain root access via a
long argument.

Modifications:
  ADDREF XF:unix-xsoldier-overflow

INFERRED ACTION: CAN-1999-1008 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Blake
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, LeBlanc

Comments:
 Frech> XF:unix-xsoldier-overflow
 Christey> Confirmed in freebsd-security mailing list.
 Blake> Confirmed on the mailing list is equivalent to vendor confirmation in my
 Blake> mind.


=================================
Candidate: CAN-2000-0044
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: BID:919
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=919
Reference: XF:warftp-macro-access-files

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to
read arbitrary files or execute commands.

Modifications:
  ADDREF XF:warftp-macro-access-files

INFERRED ACTION: CAN-2000-0044 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Cole
   MODIFY(1) Frech

Comments:
 Frech> XF:warftp-macro-access-files


=================================
Candidate: CAN-2000-0052
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001-01
Reference: URL:http://www.redhat.com/support/errata/RHSA2000001-03.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
Reference: BID:913
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=913

Red Hat userhelper program in the usermode package allows local users
to gain root access via PAM and a .. (dot dot) attack.

Modifications:
  ADDREF XF:linux-pam-userhelper

INFERRED ACTION: CAN-2000-0052 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Cole
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-pam-userhelper


=================================
Candidate: CAN-2000-0053
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: MS:MS00-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp
Reference: MSKB:Q246731
Reference: BID:912
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=912
Reference: XF:mcis-malformed-imap

Microsoft Commercial Internet System (MCIS) IMAP server allows remote
attackers to cause a denial of service via a malformed IMAP request.

Modifications:
  ADDREF XF:mcis-malformed-imap

INFERRED ACTION: CAN-2000-0053 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Prosser
   MODIFY(1) Frech

Comments:
 Frech> XF:mcis-malformed-imap


=================================
Candidate: CAN-2000-0057
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: XF:coldfusion-cfcache
Reference: BID:917
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=917

Cold Fusion CFCACHE tag places temporary cache files within the web
document root, allowing remote attackers to obtain sensitive system
information.

Modifications:
  ADDREF XF:coldfusion-cfcache

INFERRED ACTION: CAN-2000-0057 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Ozancin
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:coldfusion-cfcache


=================================
Candidate: CAN-2000-0062
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: BID:922
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=922
Reference: XF:zope-dtml

The DTML implementation in the Z Object Publishing Environment (Zope)
allows remote attackers to conduct unauthorized activities.

Modifications:
  ADDREF XF:zope-dtml

INFERRED ACTION: CAN-2000-0062 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Ozancin
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:zope-dtml


=================================
Candidate: CAN-2000-0073
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: MS:MS00-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
Reference: MSKB:Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows
attackers to cause a denial of service via a malformed control word.

Modifications:
  ADDREF XF:win-malformed-rtf-control-word

INFERRED ACTION: CAN-2000-0073 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Cole
   MODIFY(1) Frech

Comments:
 Frech> ADDREF XF:win-malformed-rtf-control-word


=================================
Candidate: CAN-2000-0083
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms

HP asecure creates the Audio Security File audio.sec with insecure
permissions, which allows local users to cause a denial of service or
gain additional privileges.

Modifications:
  ADDREF XF:hp-audio-security-perms

INFERRED ACTION: CAN-2000-0083 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Cole
   MODIFY(1) Frech

Comments:
 Frech> XF:hp-audio-security-perms


=================================
Candidate: CAN-2000-0091
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000403-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/

Buffer overflow in vchkpw/vpopmail POP authentication package allows
remote attackers to gain root privileges via a long username or
password.

Modifications:
  ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLog
  ADDREF MISC:http://www.inter7.com/vpopmail/

INFERRED ACTION: CAN-2000-0091 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0095
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041
Reference: BID:944
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=944

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for
determining the optimum MTU generates large amounts of traffic in
response to small packets, allowing remote attackers to cause the
system to be used as a packet amplifier.

INFERRED ACTION: CAN-2000-0095 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0099
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2

Buffer overflow in UnixWare ppptalk command allows local users to gain
privileges via a long prompt argument.

INFERRED ACTION: CAN-2000-0099 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0100
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000321-01
Proposed: 20000208
Assigned: 20000202
Category: CF
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html
Reference: MS:MS00-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp

The SMS Remote Control program is installed with insecure permissions,
which allows local users to gain privileges by modifying or replacing
the program.

Modifications:
  ADDREF MS:MS00-012

INFERRED ACTION: CAN-2000-0100 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Wall, Cole


=================================
Candidate: CAN-2000-0107
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201
Reference: BID:958
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=958

Linux apcd program allows local attackers to modify arbitrary files
via a symlink attack.

INFERRED ACTION: CAN-2000-0107 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0131
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966

Buffer overflow in War FTPd 1.6x allows users to cause a denial of
service via long MKD and CWD commands.

INFERRED ACTION: CAN-2000-0131 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(2) Wall, Christey

Comments:
 Christey> Vendor acknowledges that it is a DoS in http://war.jgaa.com/alert/


=================================
Candidate: CAN-2000-0140
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980

Internet Anywhere POP3 Mail Server allows remote attackers to cause a
denial of service via a large number of connections.

INFERRED ACTION: CAN-2000-0140 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Bishop, Cole, Blake
   NOOP(2) LeBlanc, Christey

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP.
 Blake> Same as CAN-2000-0139.


=================================
Candidate: CAN-2000-0144
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971

Axis 700 Network Scanner does not properly restrict access to
administrator URLs, which allows users to bypass the password
protection via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0144 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Bishop, Cole, Blake
   NOOP(2) LeBlanc, Christey

Comments:
 Christey> Poster claims that the vendor has issued a patch.
 Blake> Actually, the poster indicates that they ignored the question.  However,
 Blake> it's straightforward enough that it seems unlikely to have been screwed
 Blake> up.


=================================
Candidate: CAN-2000-0159
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

HP Ignite-UX does not save /etc/passwd when it creates an image of a
trusted system, which can set the password field to a blank and allow
an attacker to gain privileges.

INFERRED ACTION: CAN-2000-0159 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0183
Published:
Final-Decision: 20000418
Interim-Decision: 20000411
Modified: 20000412-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046

Buffer overflow in ircII 4.4 IRC client allows remote attackers to
execute commands via the DCC chat capability.

Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:11

INFERRED ACTION: CAN-2000-0183 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc

Page Last Updated or Reviewed: May 22, 2007