[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 80 recent candidates (Final 10/13)



I have made an Interim Decision to ACCEPT the following 80 candidates
from the RECENT-03 through RECENT-22 clusters.  These clusters cover
candidates that were publicly announced between December 13, 1999 and
June 5, 2000.  I will make a Final Decision on October 13.

Thanks to all the Board members who got their votes in!  15 different
members have voted since October 1.

Voters:
  Wall ACCEPT(12) MODIFY(3) NOOP(54)
  Levy ACCEPT(68) MODIFY(2)
  LeBlanc ACCEPT(3) NOOP(33)
  Ozancin ACCEPT(34) NOOP(23)
  Landfield NOOP(1)
  Cole ACCEPT(44) NOOP(18)
  Bishop ACCEPT(2)
  Baker MODIFY(4)
  Stracener ACCEPT(16) MODIFY(1) NOOP(2)
  Dik ACCEPT(1)
  Frech ACCEPT(10) MODIFY(70)
  Christey NOOP(37)
  Magdych ACCEPT(2) REVIEWING(1)
  Armstrong ACCEPT(9) NOOP(19) REVIEWING(6)
  Prosser ACCEPT(2) NOOP(4)
  Blake ACCEPT(24) NOOP(4)



======================================================
Candidate: CAN-1999-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1004
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Reference: URL:http://www.securityfocus.com/archive/1/38970
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)
Reference: URL:http://www.securityfocus.com/archive/1/39194
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy

Buffer overflow in the POP server POProxy for the Norton Anti-Virus
protection NAV2000 program via a large USER command.


Modifications:
  ADDREF CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy

INFERRED ACTION: CAN-1999-1004 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Stracener, Armstrong, Wall
   MODIFY(2) Frech, Baker
   NOOP(3) Ozancin, Landfield, Christey

Voter Comments:
 Frech> XF:nav-pop-user
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy
   The Document ID is 2000011400475506.
 Baker> http://www.securityfocus.com/archive/1/38970
   http://www.securityfocus.com/archive/1/39194
   Vendor Acknowledgement - http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument


======================================================
Candidate: CAN-2000-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0002
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es
Reference: BID:889
Reference: XF:zbserver-get-bo

Buffer overflow in ZBServer Pro allows remote attackers to execute
commands via a long GET request.


Modifications:
  ADDREF BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
  ADDREF BID:889
  ADDREF XF:zbserver-get-bo

INFERRED ACTION: CAN-2000-0002 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Stracener, Wall, Blake
   MODIFY(2) Levy, Frech
   NOOP(2) Armstrong, Ozancin

Voter Comments:
 Frech> XF:zbserver-get-bo
 Wall> Confirmed by UssrLabs and they have exploit code.
 Wall> Found by Ussr labs.
 Levy> Ref: BID 889
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0009
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 bna,sh
Reference: XF:netarchitect-path-vulnerability
Reference: BID:907
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=907

The bna_pass program in Optivity NETarchitect uses the PATH
environmental variable for finding the "rm" program, which allows
local users to execute arbitrary commands.


Modifications:
  ADDREF XF:netarchitect-path-vulnerability
  DESC [provide correct vulnerability details]

INFERRED ACTION: CAN-2000-0009 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Blake
   MODIFY(2) Stracener, Frech
   NOOP(4) Cole, Armstrong, Wall, Ozancin

Voter Comments:
 Stracener> Not a symlink attack. Descritpion should be re-written. Thumbnail
   sketch: 1) script cd's to /tmp, 2) Creates ".logincheck" (bna_pass tries
   to delete this file by calling "rm"), 3) "PATH=.:" where the (dot)
   causes the PATH to first execute in the local environment, 4) "export
   PATH" resets the environment to the local dir (to /tmp via step 1), 5) a
   trojaned version of "rm" is created in /tmp such that when executed (due
   to the corrupted path environment) creates a setuid csh, 6) script
   executes "bna_pass". As a result of the ".:PATH" and its
   export,"bna_pass" uses /tmp and calls the trojaned "rm" = execution of
   code. Perhaps this description: "bna_pass program in Optivity
   NETarchitect allows local users to gain privileges via a trojaned
   version of rm."
 Frech> XF:netarchitect-path-vulnerability
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0056
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Reference: BID:914
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=914
Reference: XF:imail-imonitor-status-dos

IMail IMONITOR status.cgi CGI script allows remote attackers to cause
a denial of service with many calls to status.cgi.


Modifications:
  ADDREF XF:imail-imonitor-status-dos

INFERRED ACTION: CAN-2000-0056 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Levy, Wall, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, Armstrong

Voter Comments:
 Frech> XF:imail-imonitor-status-dos
 Wall> found by eeye
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> Possible acknowledgement in "What is changed in version 6.04" KB
   article at http://support.ipswitch.com/kb/IM-20000801-DM02.htm.  Under
   "IMail Monitor" section, see: "Corrected memory leaks under heavy
   load. Prevents Denial of Service (DoS) when attacked by connection
   script."


======================================================
Candidate: CAN-2000-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0063
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: XF:http-cgi-cgiproc-file-read
Reference: BID:938
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938

cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to read arbitrary files by specifying the filename in a
parameter to the script.


Modifications:
  ADDREF XF:http-cgi-cgiproc-file-read

INFERRED ACTION: CAN-2000-0063 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:http-cgi-cgiproc-file-read


======================================================
Candidate: CAN-2000-0064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0064
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: BID:938
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938
Reference: XF:http-cgi-cgiproc-dos

cgiproc CGI script in Nortel Contivity HTTP server allows remote
attackers to cause a denial of service via a malformed URL that
includes shell metacharacters.


Modifications:
  ADDREF XF:http-cgi-cgiproc-dos

INFERRED ACTION: CAN-2000-0064 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Stracener, Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:http-cgi-cgiproc-dos


======================================================
Candidate: CAN-2000-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0065
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94820747229579&w=2
Reference: XF:inetserv-get-bo

Buffer overflow in InetServ 3.0 allows remote attackers to execute
commands via a long GET request.


Modifications:
  ADDREF XF:inetserv-get-bo
  DESC [Add version number]

INFERRED ACTION: CAN-2000-0065 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> Add "webmail" term to description to facilitate search.
 Frech> XF:inetserv-get-bo
 Wall> Exploit script on Packetstorm.


======================================================
Candidate: CAN-2000-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0075
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: BID:930
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=930
Reference: XF:supermail-memleak-dos

Super Mail Transfer Package (SMTP), later called MsgCore, has a memory
leak which allows remote attackers to cause a denial of service by
repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the
same session.


Modifications:
  ADDREF XF:supermail-memleak-dos

INFERRED ACTION: CAN-2000-0075 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(2) Wall, Frech

Voter Comments:
 Frech> XF:supermail-memleak-dos
 Wall> I believe this is the MsgCore ZetaMail 2.0 (Windows NT) Mail POP3/SMTP Server
   and
   earlier that has the DoS.


======================================================
Candidate: CAN-2000-0076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0076
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
Reference: URL:http://www.debian.org/security/2000/20000108
Reference: XF:nvi-delete-files
Reference: BID:1439

nviboot boot script in the Debian nvi package allows local users to
delete files via malformed entries in vi.recover.


Modifications:
  ADDREF XF:nvi-delete-files
  ADDREF BID:1439

INFERRED ACTION: CAN-2000-0076 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Frech> XF:nvi-delete-files
 Christey> ADDREF BID:1439
 Levy> BID1439


======================================================
Candidate: CAN-2000-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0090
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Reference: XF:linux-vmware-symlink
Reference: BID:943
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=943

VMWare 1.1.2 allows local users to cause a denial of service via a
symlink attack.

INFERRED ACTION: CAN-2000-0090 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(6) Frech, Cole, Armstrong, Levy, Blake, Ozancin
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0094
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: XF:netbsd-procfs
Reference: BID:940
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=940

procfs in BSD systems allows local users to gain root privileges by
modifying the /proc/pid/mem interface via a modified file descriptor
for stderr.


Modifications:
  ADDREF NETBSD:NetBSD-SA2000-001
  ADDREF XF:netbsd-procfs

INFERRED ACTION: CAN-2000-0094 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> BID:987 and NETBSD:2000-001 refer to a NetBSD procfs mem
   problem that's probably the same problem as this one.
 Frech> XF:netbsd-procfs
 Christey> BID:987 has since been deleted, so I guess they agree ;-)


======================================================
Candidate: CAN-2000-0116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0116
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: BID:954
Reference: XF:http-script-bypass

Firewall-1 does not properly filter script tags, which allows remote
attackers to bypass the "Strip Script Tags" restriction by including
an extra < in front of the SCRIPT tag.


Modifications:
  ADDREF BID:954
  ADDREF XF:http-script-bypass

INFERRED ACTION: CAN-2000-0116 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Blake
   MODIFY(2) Frech, Baker
   NOOP(4) Christey, Armstrong, Wall, Ozancin

Voter Comments:
 Christey> ADDREF BID:954
 Frech> XF:http-script-bypass
 Baker> Vulnerability Reference (HTML)	Reference Type
   Buqtraq database www.securityfocus.com/bid/954	Misc Defensive Info
   Bugtraq initial posting http://www.securityfocus.com/archive/1/44250	Misc Offensive Info
   X-Force Entry http://xforce.iss.net/static/3905.php	Misc Defensive Info


======================================================
Candidate: CAN-2000-0117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0117
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords
Reference: BID:951

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site
Administrator to modify passwords for other users, site
administrators, and possibly admin (root).


Modifications:
  ADDREF XF:http-cgi-cobalt-passwords
  ADDREF BID:951

INFERRED ACTION: CAN-2000-0117 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(2) Frech, Levy
   NOOP(1) Wall

Voter Comments:
 Frech> XF:http-cgi-cobalt-passwords
 Levy> Reference: BID 951


======================================================
Candidate: CAN-2000-0127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0127
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: BID:969
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=969
Reference: XF:webspeed-adminutil-auth

The Webspeed configuration program does not properly disable access to
the WSMadmin utility, which allows remote attackers to gain
privileges.


Modifications:
  ADDREF CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
  ADDREF XF:webspeed-adminutil-auth

INFERRED ACTION: CAN-2000-0127 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Levy, Wall, Blake
   MODIFY(1) Frech
   NOOP(3) Christey, Armstrong, Ozancin

Voter Comments:
 Frech> XF:webspeed-adminutil-auth
 Christey> URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003a01bf6ebf$25e867a0$0a1a90d8@eniac
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed


======================================================
Candidate: CAN-2000-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0128
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000204 "The Finger Server"
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: XF:finger-server-input

The Finger Server 0.82 allows remote attackers to execute commands via
shell metacharacters.


Modifications:
  ADDREF XF:finger-server-input
  ADDREF CONFIRM:http://www.glazed.org/finger/changelog.txt

INFERRED ACTION: CAN-2000-0128 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Blake, Ozancin
   MODIFY(2) Frech, Baker
   NOOP(3) Christey, Armstrong, Wall

Voter Comments:
 Frech> XF:finger-server-input
   Also, the owner's web site (http://www.glazed.org/finger/) indicates that
   versions up to 0.83BETA are vulnerable. You should make the appropriate
   modifications to the description.
 Christey> CONFIRM:http://www.glazed.org/finger/changelog.txt
   Acknowledges "Noam Rathaus," not the discloser, and describes
   the same underlying programming flaw, but doesn't directly
   mention Bugtraq/others.  However, source code analysis
   indicates that they did an extremely basic fix.
 Baker> Vulnerability Reference (HTML)	Reference Type
   Initial Bugtraq posting  http://www.securityfocus.com/archive/1/45139	Misc Defensive Info
   X-Force Entry   http://xforce.iss.net/static/4006.php	Misc Defensive Info
   Vendor's Acknowledgement  http://www.glazed.org/finger/changelog.txt	Vendor Info


======================================================
Candidate: CAN-2000-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0130
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2
Reference: SCO:SB-00.02a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a
Reference: XF:sco-help-bo

Buffer overflow in SCO scohelp program allows remote attackers to
execute commands.


Modifications:
  ADDREF XF:sco-help-bo
  ADDREF SCO:SB-00.02a

INFERRED ACTION: CAN-2000-0130 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> The Bugtraq posting only alludes to this problem.  The SCO web
   site simply doesn't provide many details.  See
   ftp://ftp.sco.com/SSE/sse060.ltr

   Is this the same as the following, which blames Netscape
   but mentions scohelp in the exploit?
   BUGTRAQ:20001231 Netscape FastTrack httpd remote exploit
   http://marc.theaimsgroup.com/?l=bugtraq&m=94666184914653&w=2

 Frech> XF:sco-help-bo
 Christey> CONFIRM:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a


======================================================
Candidate: CAN-2000-0141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0141
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: BID:991
Reference: URL:http://www.securityfocus.com/bid/991
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to
execute commands via shell metacharacters in the topic hidden field.


Modifications:
  ADDREF MISC:http://www.ultimatebb.com/home/versions.shtml
  ADDREF BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
  ADDREF BID:991
  ADDREF XF:http-cgi-ultimatebb

INFERRED ACTION: CAN-2000-0141 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Bishop, Blake
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Voter Comments:
 Christey> ADDREF BID:991
   ADDREF URL:http://www.securityfocus.com/bid/991

   The following could be a confirmation by UBB:
   BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
 Frech> XF:http-cgi-ultimatebb


======================================================
Candidate: CAN-2000-0146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0146
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972
Reference: XF:novell-groupwise-url-dos

The Java Server in the Novell GroupWise Web Access Enhancement Pack
allows remote attackers to cause a denial of service via a long URL
to the servlet.


Modifications:
  ADDREF XF:novell-groupwise-url-dos

INFERRED ACTION: CAN-2000-0146 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Bishop, Blake
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Voter Comments:
 Frech> XF:novell-groupwise-url-dos


======================================================
Candidate: CAN-2000-0164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0164
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl
Reference: SUNBUG:4316521
Reference: BID:1004
Reference: URL:http://www.securityfocus.com/bid/1004
Reference: XF:sims-temp-world-readable

The installation of Sun Internet Mail Server (SIMS) creates a
world-readable file that allows local users to obtain passwords.


Modifications:
  ADDREF BID:1004
  ADDREF SUNBUG:4316521
  ADDREF XF:sims-temp-world-readable

INFERRED ACTION: CAN-2000-0164 ACCEPT_REV (6 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(5) Dik, Cole, Levy, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:sims-temp-world-readable
 Dik> bug 4316521


======================================================
Candidate: CAN-2000-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0166
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95171674614819&w=2
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: BID:995
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=995
Reference: XF:interaccess-telnet-login-bo

Buffer overflow in the InterAccess telnet server TelnetD allows remote
attackers to execute commands via a long login name.


Modifications:
  ADDREF BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
  ADDREF XF:interaccess-telnet-login-bo

INFERRED ACTION: CAN-2000-0166 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Levy, Blake
   MODIFY(1) Frech
   NOOP(5) Christey, Armstrong, Wall, LeBlanc, Ozancin

Voter Comments:
 Christey> BUGTRAQ:20000223 Pragma Systems response to USSRLabs report

   is a followup from the vendor that acknowledges that this
   may be a problem in older builds, but not the current one.
   USSR's response questions this conclusion.

   Also see:
   BUGTRAQ:20000223 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD (fwd)

 Frech> XF:interaccess-telnet-login-bo
 Christey> CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=95142498000781&w=2


======================================================
Candidate: CAN-2000-0179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0179
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000322
Assigned: 20000322
Category: unknown
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html
Reference: HP:HPSBUX0006-115
Reference: BID:1015
Reference: URL:http://www.securityfocus.com/bid/1015
Reference: XF:omniback-connection-dos

HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of
service via a large number of connections to port 5555.


Modifications:
  ADDREF HP:HPSBUX0006-115
  ADDREF XF:omniback-connection-dos

INFERRED ACTION: CAN-2000-0179 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Blake, LeBlanc

Voter Comments:
 Christey> ADDREF HP:HPSBUX0006-115
 Frech> XF:omniback-connection-dos(4022)


======================================================
Candidate: CAN-2000-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0191
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se
Reference: XF:axis-storpoint-auth
Reference: BID:1025
Reference: URL:http://www.securityfocus.com/bid/1025

Axis StorPoint CD allows remote attackers to access administrator URLs
without authentication via a .. (dot dot) attack.


Modifications:
  ADDREF XF:axis-storpoint-auth

INFERRED ACTION: CAN-2000-0191 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Levy, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(3) Armstrong, Wall, LeBlanc

Voter Comments:
 Frech> XF:axis-storpoint-auth(4078)
 CHANGE> [Blake changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0193
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000322
Assigned: 20000322
Category: CF
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au
Reference: BID:1030
Reference: URL:http://www.securityfocus.com/bid/1030
Reference: XF:linux-dosemu-config

The default configuration of Dosemu in Corel Linux 1.0 allows local
users to execute the system.com program and gain privileges.


Modifications:
  ADDREF XF:linux-dosemu-config

INFERRED ACTION: CAN-2000-0193 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(4) Cole, Levy, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:linux-dosemu-config(4066)
 CHANGE> [Blake changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0225
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0225
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER
Reference: BID:1032
Reference: URL:http://www.securityfocus.com/bid/1032
Reference: XF:telnet-pocsag

The Pocsag POC32 program does not properly prevent remote users from
accessing its server port, even if the option has been disabled.


Modifications:
  ADDREF XF:telnet-pocsag

INFERRED ACTION: CAN-2000-0225 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Cole
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Blake

Voter Comments:
 Frech> XF:telnet-pocsag(4171)


======================================================
Candidate: CAN-2000-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0237
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Reference: BID:1075
Reference: URL:http://www.securityfocus.com/bid/1075
Reference: XF:netscape-webpublisher-invalid-access

Netscape Enterprise Server with Web Publishing enabled allows remote
attackers to list arbitrary directories via a GET request for the
/publisher directory, which provides a Java applet that allows the
attacker to browse the directories.


Modifications:
  ADDREF XF:netscape-webpublisher-invalid-access

INFERRED ACTION: CAN-2000-0237 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Magdych, Cole, Levy, Wall, Blake
   MODIFY(1) Frech
   NOOP(2) Ozancin, Armstrong

Voter Comments:
 Frech> XF:netscape-webpublisher-invalid-access
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0238
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000317 DoS with NAVIEG
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us
Reference: XF:nav-email-gateway-dos
Reference: BID:1064
Reference: URL:http://www.securityfocus.com/bid/1064

Buffer overflow in the web server for Norton AntiVirus for Internet
Email Gateways allows remote attackers to cause a denial of service
via a long URL.

INFERRED ACTION: CAN-2000-0238 ACCEPT (7 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(7) Ozancin, Frech, Magdych, Armstrong, Levy, Wall, Blake
   NOOP(2) Christey, Cole

Voter Comments:
 Christey> Remove extra dot in URL for securityfocus..com


======================================================
Candidate: CAN-2000-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0240
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000321 vqserver /........../
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: XF:vqserver-dir-traverse
Reference: BID:1067
Reference: URL:http://www.securityfocus.com/bid/1067

vqSoft vqServer program allows remote attackers to read arbitrary
files via a /........../ in the URL, a variation of a .. (dot dot)
attack.


Modifications:
  ADDREF CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html

INFERRED ACTION: CAN-2000-0240 ACCEPT_REV (3 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(3) Frech, Cole, Levy
   NOOP(1) Christey
   REVIEWING(1) Magdych

Voter Comments:
 Christey> CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html

   Note, however, that the vendor says that this was corrected
   in early 1999.


======================================================
Candidate: CAN-2000-0257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0257
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118
Reference: XF:netware-remote-admin-overflow

Buffer overflow in the NetWare remote web administration utility
allows remote attackers to cause a denial of service or execute
commands via a long URL.


Modifications:
  ADDREF XF:netware-remote-admin-overflow
  DESC [change Netware to NetWare]

INFERRED ACTION: CAN-2000-0257 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Levy
   MODIFY(1) Frech
   NOOP(2) Ozancin, Wall
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:netware-remote-admin-overflow
   In the description, Novell's product is spelled NetWare.


======================================================
Candidate: CAN-2000-0263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0263
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: XF:redhat-fontserver-dos
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause
a denial of service via a malformed request.


Modifications:
  ADDREF XF:redhat-fontserver-dos

INFERRED ACTION: CAN-2000-0263 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Levy
   MODIFY(1) Frech
   NOOP(3) Blake, Christey, Wall

Voter Comments:
 Frech> XF:redhat-fontserver-dos
   POTENTIAL DUPE: CAN-2000-0286: X fontserver xfs allows local users to cause
   a denial of service via malformed input to the server.
 Christey> As Andre observed, this is a duplicate of CAN-2000-0286.
   CAN-2000-0286 has been slated for rejection.


======================================================
Candidate: CAN-2000-0265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0265
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: XF:panda-uninstall-program

Panda Security 3.0 allows users to uninstall the Panda software via
its Add/Remove Programs applet.


Modifications:
  ADDREF CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
  ADDREF XF:panda-uninstall-program

INFERRED ACTION: CAN-2000-0265 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
 Frech> XF:panda-uninstall-program(4865)


======================================================
Candidate: CAN-2000-0272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0272
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128

RealNetworks RealServer allows remote attackers to cause a denial of
service by sending malformed input to the server at port 7070.


Modifications:
  ADDREF CONFIRM:http://service.real.com/help/faq/servg270.html
  ADDREF XF:realserver-remote-dos

INFERRED ACTION: CAN-2000-0272 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF CONFIRM:http://service.real.com/help/faq/servg270.html
 Frech> XF:realserver-remote-dos


======================================================
Candidate: CAN-2000-0273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0273
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095
Reference: XF:pcanywhere-login-dos

PCAnywhere allows remote attackers to cause a denial of service by
terminating the connection before PCAnywhere provides a login prompt.


Modifications:
  ADDREF XF:pcanywhere-login-dos

INFERRED ACTION: CAN-2000-0273 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Blake, Cole, Armstrong, Levy, Wall
   MODIFY(1) Frech
   NOOP(2) Ozancin, Christey

Voter Comments:
 Christey> ADDREF XF:pcanywhere-login-dos
 Frech> XF:pcanywhere-login-dos
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0282
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102
Reference: XF:talentsoft-web-input

TalentSoft webpsvr daemon in the Web+ shopping cart application allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the webplus CGI program.


Modifications:
  ADDREF CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
  ADDREF XF:talentsoft-web-input

INFERRED ACTION: CAN-2000-0282 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> ADDREF CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/webplus46p%20Read%20me.html
 Frech> XF:talentsoft-web-input
 Christey> URL for CONFIRM has apparently changed.  Use this now:
   ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html


======================================================
Candidate: CAN-2000-0285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0285
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html
Reference: BID:1306
Reference: XF:xfree86-xkbmap-parameter-bo

Buffer overflow in XFree86 3.3.x allows local users to execute
arbitrary commands via a long -xkbmap parameter.


Modifications:
  ADDREF BID:1306
  ADDREF XF:xfree86-xkbmap-parameter-bo

INFERRED ACTION: CAN-2000-0285 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Blake, Ozancin, Cole, Armstrong, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF BID:1306
 Frech> XF:xfree86-xkbmap-parameter-bo(4867)


======================================================
Candidate: CAN-2000-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0289
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_48.txt
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078
Reference: XF:linux-masquerading-dos

IP masquerading in Linux 2.2.x allows remote attackers to route UDP
packets through the internal interface by modifying the external
source IP address and port number to match those of an established
connection.


Modifications:
  ADDREF XF:linux-masquerading-dos
  ADDREF SUSE:20000520 Security hole in kernel < 2.2.15

INFERRED ACTION: CAN-2000-0289 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Blake, Ozancin, Cole, Armstrong, Levy
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF XF:linux-masquerading-dos
   ADDREF SUSE:20000520 Security hole in kernel < 2.2.15
   http://www.suse.de/de/support/security/suse_security_announce_48.txt
 Frech> XF:linux-ip-masquerading


======================================================
Candidate: CAN-2000-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0301
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95507019226096&w=2
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094
Reference: XF:ipswitch-imail-dos

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to
cause a denial of service via the AUTH CRAM-MD5 command.


Modifications:
  ADDREF CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
  ADDREF XF:ipswitch-imail-dos

INFERRED ACTION: CAN-2000-0301 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> This description may need to be modified.  It appears that
   the problem is in the SMTP login capability of Eudora.

   Also see a CONFIRM at
   http://support.ipswitch.com/kb/IM-20000208-DM02.htm
 Frech> XF:ipswitch-imail-dos
 Christey> On further review of the vendor's acknowledgement, they
   provide a fix for their software, and offer a workaround
   in Eudora.  So it's a problem with IMail.  As the advisory
   says, "[after the workaround], Eudora will not use the
   CRAM-MD5 authentication scheme, but will use LOGIN, which
   works with IMail servers."


======================================================
Candidate: CAN-2000-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0318
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144
Reference: XF:mercur-remote-dot-attack

Atrium Mercur Mail Server 3.2 allows local attackers to read other
user's email and create arbitrary files via a dot dot (..) attack.


Modifications:
  ADDREF XF:mercur-remote-dot-attack

INFERRED ACTION: CAN-2000-0318 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Levy
   MODIFY(1) Frech
   NOOP(5) Wall, LeBlanc, Ozancin, Cole, Armstrong

Voter Comments:
 Frech> XF:mercur-remote-dot-attack


======================================================
Candidate: CAN-2000-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0319
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: XF:sendmail-maillocal-dos
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146

mail.local in Sendmail 8.10.x does not properly identify the .\n
string which identifies the end of message text, which allows a remote
attacker to cause a denial of service or corrupt mailboxes via a
message line that is 2047 characters long and ends in .\n.


Modifications:
  ADDREF XF:sendmail-maillocal-dos

INFERRED ACTION: CAN-2000-0319 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:sendmail-maillocal-dos
 Christey> Greg Shapiro, in a response to an advisory for the
   Linux "capabilities" bug, states: "There are no unsafe fgets()
   in sendmail or mail.local."  However, there was no response
   related to this particular candidate.
   See http://archives.neohapsis.com/archives/bugtraq/2000-06/0311.html
 Christey> Subsequent email discussion with Greg Shapiro indicates that
   he was talking about a later version of Sendmail when
   discussing the capabilities bug.  Confirmation of this
   problem is in the release notes for Sendmail 8.10.0


======================================================
Candidate: CAN-2000-0320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0320
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133
Reference: XF:qpopper-fgets-spoofing

Qpopper 2.53 and 3.0 does not properly identify the \n string which
identifies the end of message text, which allows a remote attacker to
cause a denial of service or corrupt mailboxes via a message line that
is 1023 characters long and ends in \n.


Modifications:
  ADDREF XF:qpopper-fgets-spoofing

INFERRED ACTION: CAN-2000-0320 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Ozancin, Armstrong, Levy
   MODIFY(2) Frech, Baker
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:qpopper-fgets-spoofing
 Christey> CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2
 Christey> Acknowledged by the vendor in a followup post.
 Baker> http://www.securityfocus.com/archive/1/56400
   http://www.securityfocus.com/archive/1/57788 Confirm by Qualcom to Bugtraq


======================================================
Candidate: CAN-2000-0322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0322
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: REDHAT:RHSA-2000014-16
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000014-16.html
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149
Reference: XF:piranha-passwd-execute

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server
Package allows local users to execure arbitrary commands via shell
metacharacters.


Modifications:
  ADDREF REDHAT:RHSA-2000014-10
  ADDREF XF:piranha-passwd-execute

INFERRED ACTION: CAN-2000-0322 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(6) Wall, Blake, LeBlanc, Ozancin, Christey, Armstrong

Voter Comments:
 Frech> XF:piranha-passwd-execute
 Christey> CONFIRM:http://www.redhat.com/support/errata/RHSA-2000014-10.html

   CD:SF-LOC says to distinguish between this and CAN-2000-0248.
   CAN-2000-0248 is the default password that allowed anyone to
   become a piranha admin.  This one is a shell metacharacter
   problem that's only accessible to a piranha admin - the
   default password just makes this bug accessible to
   arbitrary attackers.
   However, if someone needs to be an admin to run piranha in
   the first place, this candidate doesn't give anyone any
   additional privileges, so maybe it should be REJECTed.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://www.redhat.com/support/errata/RHSA-2000014-10.html


======================================================
Candidate: CAN-2000-0332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0332
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164
Reference: XF:ultraboard-printabletopic-fileread

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows
remote attackers to read arbitrary files via a pathname string that
includes a dot dot (..) and ends with a null byte.


Modifications:
  ADDREF XF:ultraboard-printabletopic-fileread

INFERRED ACTION: CAN-2000-0332 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Ozancin, Armstrong

Voter Comments:
 Frech> XF:ultraboard-printabletopic-fileread
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0335
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166
Reference: XF:glibc-resolver-id-predictable

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local
attacker to spoof DNS query results.


Modifications:
  ADDREF XF:glibc-resolver-id-predictable

INFERRED ACTION: CAN-2000-0335 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Ozancin, Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Armstrong

Voter Comments:
 Frech> XF:glibc-resolver-id-predictable
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> In a followup post, Steve Bellovin says:
   "When this code was being written, Paul Vixie
   and I had a lot of discussions about what to do... what you see is
   an engineering judgement, that given the other (very serious)
   vulnerabilities of the DNS, all that was called for here was
   bringing it up to at least the same level of protection.


======================================================
Candidate: CAN-2000-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0338
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000423 CVS DoS
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136
Reference: XF:cvs-tempfile-dos

Concurrent Versions Software (CVS) uses predictable temporary file
names for locking, which allows local users to cause a denial of
service by creating the lock directory before it is created for use by
a legitimate CVS user.


Modifications:
  ADDREF XF:cvs-tempfile-dos
  ADDREF BUGTRAQ:20000423 CVS DoS

INFERRED ACTION: CAN-2000-0338 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(4) Blake, Ozancin, Cole, Levy
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:cvs-tempfile-dos
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0340
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155
Reference: XF:linux-gnomelib-bo

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to
execute arbitrary commands via the DISPLAY environmental variable.


Modifications:
  ADDREF XF:linux-gnomelib-bo
  ADDREF CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html

INFERRED ACTION: CAN-2000-0340 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Levy
   MODIFY(1) Frech
   NOOP(4) Wall, Christey, Cole, Armstrong

Voter Comments:
 Frech> XF:linux-gnomelib-bo
 Christey> CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html


======================================================
Candidate: CAN-2000-0344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0344
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160
Reference: XF:linux-knfsd-dos

The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to
cause a denial of service via a negative size value.


Modifications:
  ADDREF XF:linux-knfsd-dos

INFERRED ACTION: CAN-2000-0344 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Ozancin, Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Armstrong

Voter Comments:
 Christey> ADDREF XF:linux-knfsd-dos
 Frech> XF:linux-knfsd-dos
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0347
Final-Decision:
Interim-Decision: 20001011
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163
Reference: XF:win-netbios-source-null

Windows 95 and Windows 98 allow a remote attacker to cause a denial of
service via a NetBIOS session request packet with a NULL source name.


Modifications:
  ADDREF XF:win-netbios-source-null
  DESC Change spelling for NetBIOS

INFERRED ACTION: CAN-2000-0347 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Armstrong, Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:win-netbios-source-null
   Consider NetBIOS as correct spelling in description.
 Christey> Acknowledged via personal communication with Microsoft
   personnel, who say that this issue is pretty obscure.


======================================================
Candidate: CAN-2000-0378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0378
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176
Reference: XF:linux-pam-sniff-activities

The pam_console PAM module in Linux systems performs a chown on
various devices upon a user login, but an open file descriptor for
those devices can be maintained after the user logs out, which allows
that user to sniff activity on these devices when subsequent users log
in.


Modifications:
  ADDREF XF:linux-pam-sniff-activities
  DESC [make details more accurate]

INFERRED ACTION: CAN-2000-0378 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Ozancin, Stracener, Levy
   MODIFY(1) Frech
   NOOP(2) Prosser, Cole

Voter Comments:
 Levy> Please note that its not that the ownership is not reset. Its that
   a program can maintain an open file descriptor to the devices while
   someone else uses them.
 Frech> XF:linux-pam-sniff-activities(4869)


======================================================
Candidate: CAN-2000-0426
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0426
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: XF:ultraboard-cgi-dos

UltraBoard 1.6 and other versions allow remote attackers to cause a
denial of service by referencing UltraBoard in the Session parameter,
which causes UltraBoard to fork copies of itself.

INFERRED ACTION: CAN-2000-0426 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Frech, Stracener
   NOOP(3) Ozancin, Prosser, Cole


======================================================
Candidate: CAN-2000-0430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0430
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate
Reference: BID:1358

Cart32 allows remote attackers to access sensitive debugging
information by appending /expdate to the URL request.


Modifications:
  ADDREF BID:1358

INFERRED ACTION: CAN-2000-0430 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Frech, Prosser, Stracener
   NOOP(2) Christey, Cole

Voter Comments:
 Christey> ADDREF BID:1358
   ADDREF URL:http://www.securityfocus.com/bid/1358
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0440
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173
Reference: XF:netbsd-unaligned-ip-options

NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of
service by sending a packet with an unaligned IP timestamp option.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:23
  ADDREF XF:netbsd-unaligned-ip-options

INFERRED ACTION: CAN-2000-0440 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:netbsd-unaligned-ip-options(4868)
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:23
   http://archives.neohapsis.com/archives/freebsd/2000-06/0193.html


======================================================
Candidate: CAN-2000-0443
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0443
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: XF:hp-jetadmin-directory-traversal
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243

The web interface server in HP Web JetAdmin 5.6 allows remote
attackers to read arbitrary files via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0443 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Frech, Stracener
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2000-0445
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0445
Final-Decision:
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: CERT:CA-2000-09
Reference: URL:http://www.cert.org/advisories/CA-2000-09.html
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251
Reference: XF:pgp-key-predictable

The pgpk command in PGP 5.x on Unix systems uses an insufficiently
random data source for non-interactive key pair generation, which
may produce predictable keys.


Modifications:
  ADDREF CERT:CA-2000-09
  ADDREF XF:pgp-key-predictable

INFERRED ACTION: CAN-2000-0445 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:pgp-key-predictable
 Christey> ADDREF CERT:CA-2000-09
   ADDREF http://www.securityfocus.com/templates/advisory.html?id=2296


======================================================
Candidate: CAN-2000-0446
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0446
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252

Buffer overflow in MDBMS database server allows remote attackers to
execute arbitrary commands via a long string.

INFERRED ACTION: CAN-2000-0446 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Frech, Stracener
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2000-0447
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0447
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-bo
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254

Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to
execute arbitrary commands via a long configuration parameter to the
WebShield remote management service.

INFERRED ACTION: CAN-2000-0447 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Frech, Stracener
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2000-0448
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0448
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-getconfig
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253

The WebShield SMTP Management Tool version 4.5.44 does not properly
restrict access to the management port when an IP address does not
resolve to a hostname, which allows remote attackers to access the
configuration via the GET_CONFIG command.


Modifications:
  DELREF XF:nai-webshield-config-mod
  ADDREF XF:nai-webshield-getconfig

INFERRED ACTION: CAN-2000-0448 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Frech> DELREF XF:nai-webshield-config-mod (it's obsolete)
   ADDREF XF:nai-webshield-getconfig
   Comment: The Delphis advisory describes two bugs. See
   XF:nai-webshield-setconfig or from the Delphis advisory:
   Secondly if you pass an oversized buffer of 208 bytes or more within one of
   the
   configuration parameters (there may be more) the service will crash
   overwriting
   the stack but and the EIP (208 + 4) with what ever was passed within the
   parameter.
   SET_CONFIG<CR>
   Quarantine_Path='Ax208'+ EIP
 Christey> With respect to the buffer overflow that Andre is referring
   to, that's CAN-2000-0447.


======================================================
Candidate: CAN-2000-0451
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0451
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: XF:intel-8100-remote-dos
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228

The Intel express 8100 ISDN router allows remote attackers to cause a
denial of service via oversized or fragmented ICMP packets.


Modifications:
  ADDREF XF:intel-8100-remote-dos

INFERRED ACTION: CAN-2000-0451 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Ozancin, Cole

Voter Comments:
 Frech> XF:intel-8100-remote-dos


======================================================
Candidate: CAN-2000-0458
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0458
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1360
Reference: XF:imp-tmpfile-view

The MSWordView application in IMP creates world-readable files in the
/tmp directory, which allows other local users to read potentially
sensitive information.


Modifications:
  ADDREF BID:1360

INFERRED ACTION: CAN-2000-0458 ACCEPT_REV (4 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) Levy, Ozancin, Frech, Cole
   NOOP(3) Prosser, Christey, Stracener
   REVIEWING(1) Armstrong

Voter Comments:
 Christey> ADDREF BID:1360
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> See imp-2.2.2/docs/CHANGES in
   ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gz

   Under the v2.2.0-pre11 section, the only apparent fix
   could be "Set the umask ($default->umask) for the current process."
   This is confirmed in imp-2.2.2/config/defaults.php3.dist


======================================================
Candidate: CAN-2000-0459
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0459
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: BID:1361
Reference: XF:imp-wordfile-dos

IMP does not remove files properly if the MSWordView application
quits, which allows local users to cause a denial of service by
filling up the disk space by requesting a large number of documents
and prematurely stopping the request.


Modifications:
  ADDREF BID:1361

INFERRED ACTION: CAN-2000-0459 ACCEPT_REV (4 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) Levy, Ozancin, Frech, Cole
   NOOP(3) Prosser, Christey, Stracener
   REVIEWING(1) Armstrong

Voter Comments:
 Christey> ADDREF BID:1361
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> See imp-2.2.2/docs/CHANGES in
   ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gz

   Under the v2.2.1 section, the vendor says
   "fix file upload vulnerability."  This is probably
   acknowledgement of this problem.


======================================================
Candidate: CAN-2000-0467
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0467
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Splitvt exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
Reference: DEBIAN:20000605 root exploit in splitvt
Reference: URL:http://www.debian.org/security/2000/20000605a
Reference: BID:1346
Reference: URL:http://www.securityfocus.com/bid/1346
Reference: splitvt-screen-lock-bo

Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users
to gain root privileges via a long password in the screen locking
function.


Modifications:
  ADDREF splitvt-screen-lock-bo

INFERRED ACTION: CAN-2000-0467 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:splitvt-screen-lock-bo(4977)


======================================================
Candidate: CAN-2000-0468
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0468
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
Reference: BID:1302
Reference: URL:http://www.securityfocus.com/bid/1302
Reference: hp-man-file-overwrite

man in HP-UX 10.20 and 11 allows local attackers to overwrite files
via a symlink attack.


Modifications:
  ADDREF hp-man-file-overwrite

INFERRED ACTION: CAN-2000-0468 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:hp-man-file-overwrite(4590)


======================================================
Candidate: CAN-2000-0470
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0470
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
Reference: BID:1290
Reference: URL:http://www.securityfocus.com/bid/1290
Reference: rompager-malformed-dos
Reference: URL:http://xforce.iss.net/static/4588.php

Allegro RomPager HTTP server allows remote attackers to cause a denial
of service via a malformed authentication request.


Modifications:
  ADDREF rompager-malformed-dos

INFERRED ACTION: CAN-2000-0470 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(4) Armstrong, Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:rompager-malformed-dos(4588)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0474
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
Reference: BID:1288
Reference: URL:http://www.securityfocus.com/bid/1288
Reference: XF:realserver-malformed-remote-dos
Reference: URL:http://xforce.iss.net/static/4587.php

Real Networks RealServer 7.x allows remote attackers to cause a denial
of service via a malformed request for a page in the viewsource
directory.


Modifications:
  ADDREF realserver-malformed-remote-dos

INFERRED ACTION: CAN-2000-0474 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:realserver-malformed-remote-dos(4587)


======================================================
Candidate: CAN-2000-0481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0481
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: VULN-DEV:20000601 Kmail heap overflow
Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
Reference: BID:1380
Reference: URL:http://www.securityfocus.com/bid/1380
Reference: XF:kde-kmail-attachment-dos
Reference: URL:http://xforce.iss.net/static/4993.php

Buffer overflow in KDE Kmail allows a remote attacker to cause a
denial of service via an attachment with a long file name.


Modifications:
  ADDREF XF:kde-kmail-attachment-dos

INFERRED ACTION: CAN-2000-0481 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:kde-kmail-attachment-dos()


======================================================
Candidate: CAN-2000-0486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0486
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: BID:1293
Reference: URL:http://www.securityfocus.com/bid/1293
Reference: XF:tacacsplus-packet-length-dos
Reference: URL:http://xforce.iss.net/static/4985.php

Buffer overflow in Cisco TACACS+ tac_plus server allows remote
attackers to cause a denial of service via a malformed packet with a
long length field.


Modifications:
  ADDREF XF:tacacsplus-packet-length-dos

INFERRED ACTION: CAN-2000-0486 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:tacacsplus-packet-length-dos(4985)


======================================================
Candidate: CAN-2000-0489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0489
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
Reference: BID:622
Reference: URL:http://www.securityfocus.com/bid/622
Reference: XF:bsd-setsockopt-dos
Reference: URL:http://xforce.iss.net/static/3298.php

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of
service by creating a large number of socket pairs using the
socketpair function, setting a large buffer size via setsockopt, then
writing large buffers.


Modifications:
  ADDREF XF:bsd-setsockopt-dos

INFERRED ACTION: CAN-2000-0489 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:bsd-setsockopt-dos(3298)


======================================================
Candidate: CAN-2000-0490
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0490
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: BID:1297
Reference: URL:http://www.securityfocus.com/bid/1297
Reference: XF:dmail-etrn-dos
Reference: URL:http://xforce.iss.net/static/4579.php

Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package
allows remote attackers to execute arbitrary commands via a long ETRN
request.


Modifications:
  ADDREF CONFIRM:http://netwinsite.com/dmail/security.htm
  ADDREF XF:dmail-etrn-dos

INFERRED ACTION: CAN-2000-0490 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Christey

Voter Comments:
 Frech> XFdmail-etrn-dos(4579)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://netwinsite.com/dmail/security.htm
   ACKNOWLEDGEMENT:
   Under FAQs/HowTos is a "Security Mailout Page" at
   http://netwinsite.com/dmail/security.htm

   See "DMAIL Security Fault Notice 5 June 2000." section that says: "A
   fault was reported that allows root access to be gained."  Since the
   initial disclosure was on June 1, this is probably the issue.

   More confirmation is in the following statement:

   On Linux to find out if your system has been attacked do this:
   grep "etrn" /usr/local/dmail/dwatch/*.ded


======================================================
Candidate: CAN-2000-0493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0493
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
Reference: BID:1289
Reference: URL:http://www.securityfocus.com/bid/1289
Reference: XF:timesync-bo-execute
Reference: URL:http://xforce.iss.net/static/4602.php

Buffer overflow in Simple Network Time Sync (SMTS) daemon allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long string.


Modifications:
  ADDREF XF:timesync-bo-execute
  DESC [add execute commands possibility]

INFERRED ACTION: CAN-2000-0493 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:timesync-bo-execute(4602)
   Description does not match references; please consider revising. From all
   references, this seems more like a buffer overflow with the ability to
   remotely run arbitrary code, rather than a DoS that infers only an abnormal
   termination outcome, and not subsequent actions.


======================================================
Candidate: CAN-2000-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0495
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp
Reference: BID:1282
Reference: URL:http://www.securityfocus.com/bid/1282
Reference: XF:ms-malformed-media-dos
Reference: URL:http://xforce.iss.net/static/4585.php

Microsoft Windows Media Encoder allows remote attackers to cause a
denial of service via a malformed request, aka the "Malformed Windows
Media Encoder Request" vulnerability.


Modifications:
  ADDREF XF:ms-malformed-media-dos

INFERRED ACTION: CAN-2000-0495 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Wall, LeBlanc
   MODIFY(1) Frech
   NOOP(1) Ozancin

Voter Comments:
 Frech> XF:ms-malformed-media-dos(4585)


======================================================
Candidate: CAN-2000-0505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0505
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
Reference: BID:1284
Reference: URL:http://www.securityfocus.com/bid/1284
Reference: XF:ibm-http-file-retrieve
Reference: URL:http://xforce.iss.net/static/4575.php

The Apache 1.3.x HTTP server for Windows platforms allows remote
attackers to list directory contents by requesting a URL containing a
large number of / characters.


Modifications:
  ADDREF XF:ibm-http-file-retrieve

INFERRED ACTION: CAN-2000-0505 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Wall, Ozancin
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Voter Comments:
 Frech> XF:ibm-http-file-retrieve(4575)


======================================================
Candidate: CAN-2000-0507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0507
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2
Reference: BID:1286
Reference: URL:http://www.securityfocus.com/bid/1286
Reference: XF:nt-webmail-dos
Reference: URL:http://xforce.iss.net/static/4586.php

Imate Webmail Server 2.5 allows remote attackers to cause a denial of
service via a long HELO command.


Modifications:
  ADDREF XF:nt-webmail-dos

INFERRED ACTION: CAN-2000-0507 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(4) Armstrong, Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:nt-webmail-dos(4586)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0517
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0517
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: CERT:CA-2000-08
Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
Reference: BID:1260
Reference: URL:http://www.securityfocus.com/bid/1260
Reference: XF:netscape-ssl-certificate
Reference: URL:http://xforce.iss.net/static/4550.php

Netscape 4.73 and earlier does not properly warn users about a
potentially invalid certificate if the user has previously accepted
the certificate for a different web site, which could allow remote
attackers to spoof a legitimate web site by compromising that site's
DNS information.


Modifications:
  ADDREF XF:netscape-ssl-certificate

INFERRED ACTION: CAN-2000-0517 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Wall, Ozancin
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Voter Comments:
 Frech> XF:netscape-ssl-certificate(4550)


======================================================
Candidate: CAN-2000-0518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0518
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-invalid-frame-image-certificate
Reference: URL:http://xforce.iss.net/static/4624.php

Internet Explorer 4.x and 5.x does not properly verify all contents of
an SSL certificate if a connection is made to the server via an image
or a frame, aka one of two different "SSL Certificate Validation"
vulnerabilities.


Modifications:
  ADDREF XF:ie-invalid-frame-image-certificate
  DESC generalize to include other versions

INFERRED ACTION: CAN-2000-0518 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, LeBlanc
   MODIFY(2) Wall, Frech
   NOOP(1) Ozancin

Voter Comments:
 Wall> Include IE 4.01 and IE 5.01
 Frech> XF:ie-invalid-frame-image-certificate(4624)


======================================================
Candidate: CAN-2000-0519
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0519
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: XF:ie-revalidate-certificate
Reference: URL:http://xforce.iss.net/static/4627.php

Internet Explorer 4.x and 5.x does not properly re-validate an SSL
certificate if the user establishes a new SSL session with the same
server during the same Internet Explorer session, aka one of two
different "SSL Certificate Validation" vulnerabilities.


Modifications:
  ADDREF XF:ie-revalidate-certificate
  DESC generalize to include other versions

INFERRED ACTION: CAN-2000-0519 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, LeBlanc
   MODIFY(2) Wall, Frech
   NOOP(1) Ozancin

Voter Comments:
 Wall> Include IE 4.01 and IE 5.01
 Frech> XF:ie-revalidate-certificate(4627)


======================================================
Candidate: CAN-2000-0521
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0521
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
Reference: BID:1313
Reference: URL:http://www.securityfocus.com/bid/1313
Reference: XF:savant-source-read
Reference: URL:http://xforce.iss.net/static/4616.php

Savant web server allows remote attackers to read source code of CGI
scripts via a GET request that does not include the HTTP version
number.


Modifications:
  ADDREF savant-source-read(4616)

INFERRED ACTION: CAN-2000-0521 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:savant-source-read(4616)


======================================================
Candidate: CAN-2000-0530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0530
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
Reference: CALDERA:CSSA-2000-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
Reference: BID:1291
Reference: URL:http://www.securityfocus.com/bid/1291
Reference: XF:kde-configuration-file-creation
Reference: URL:http://xforce.iss.net/static/4583.php

The KApplication class in the KDE 1.1.2 configuration file management
capability allows local users to overwrite arbitrary files.


Modifications:
  ADDREF XF:kde-configuration-file-creation

INFERRED ACTION: CAN-2000-0530 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:kde-configuration-file-creation(4583)


======================================================
Candidate: CAN-2000-0536
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0536
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: CONFIRM:http://www.synack.net/xinetd/
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: URL:http://www.debian.org/security/2000/20000619
Reference: BID:1381
Reference: URL:http://www.securityfocus.com/bid/1381
Reference: XF:xinetd-improper-restrictions
Reference: URL:http://xforce.iss.net/static/4986.php

xinetd 2.1.8.x does not properly restrict connections if hostnames are
used for access control and the connecting host does not have a
reverse DNS entry.


Modifications:
  ADDREF XF:xinetd-improper-restrictions

INFERRED ACTION: CAN-2000-0536 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:xinetd-improper-restrictions(4986)
 Christey> http://www.debian.org/security/2000/20000619


======================================================
Candidate: CAN-2000-0537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0537
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 BRU Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Reference: CALDERA:CSSA-2000-018.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
Reference: BID:1321
Reference: URL:http://www.securityfocus.com/bid/1321
Reference: XF:bru-execlog-env-variable
Reference: URL:http://xforce.iss.net/static/4644.php

BRU backup software allows local users to append data to arbitrary
files by specifying an alternate configuration file with the
BRUEXECLOG environmental variable.


Modifications:
  ADDREF XF:bru-execlog-env-variable

INFERRED ACTION: CAN-2000-0537 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:bru-execlog-env-variable(4644)


======================================================
Candidate: CAN-2000-0553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0553
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: unknown
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
Reference: BID:1308
Reference: URL:http://www.securityfocus.com/bid/1308
Reference: XF:ipfilter-firewall-race-condition
Reference: URL:http://xforce.iss.net/static/4994.php

Race condition in IPFilter firewall 3.4.3 and earlier, when configured
with overlapping "return-rst" and "keep state" rules, allows remote
attackers to bypass access restrictions.


Modifications:
  ADDREF XF:ipfilter-firewall-race-condition

INFERRED ACTION: CAN-2000-0553 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:ipfilter-firewall-race-condition(4994)


======================================================
Candidate: CAN-2000-0556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0556
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: BID:1319
Reference: URL:http://www.securityfocus.com/bid/1319
Reference: XF:cmail-long-username-dos
Reference: URL:http://xforce.iss.net/static/4625.php

Buffer overflow in the web interface for Cmail 2.4.7 allows remote
attackers to cause a denial of service by sending a large user name to
the user dialog running on port 8002.


Modifications:
  ADDREF cmail-long-username-dos(4625)

INFERRED ACTION: CAN-2000-0556 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:cmail-long-username-dos(4625)


======================================================
Candidate: CAN-2000-0557
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0557
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: BID:1318
Reference: URL:http://www.securityfocus.com/bid/1318
Reference: XF:cmail-get-overflow-execute
Reference: URL:http://xforce.iss.net/static/4626.php

Buffer overflow in the web interface for Cmail 2.4.7 allows remote
attackers to execute arbitrary commands via a long GET request.


Modifications:
  ADDREF XF:cmail-get-overflow-execute

INFERRED ACTION: CAN-2000-0557 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(4) Armstrong, Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:cmail-get-overflow-execute(4626)

Page Last Updated or Reviewed: May 22, 2007