[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 81 recent candidates (Final 10/13)
I have made an Interim Decision to ACCEPT the following 81 candidates
from the RECENT-28 through RECENT-35 clusters. These clusters cover
candidates that were publicly announced between July 7, 2000 and
August 31, 2000. I will make a Final Decision on October 13.
Thanks to all the Board members who got their votes in! 15 different
members have voted since October 1.
Voters:
Wall ACCEPT(10) NOOP(37)
Levy ACCEPT(67) MODIFY(1)
LeBlanc ACCEPT(3) MODIFY(1) NOOP(41)
Ozancin ACCEPT(19) NOOP(9)
Cole ACCEPT(19) NOOP(12)
Dik ACCEPT(1)
Frech ACCEPT(10) MODIFY(58)
Christey NOOP(37)
Armstrong ACCEPT(1) NOOP(7) REVIEWING(1)
Magdych ACCEPT(16) REVIEWING(10)
Prosser ACCEPT(2)
Blake ACCEPT(4)
======================================================
Candidate: CAN-2000-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0621
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000726
Category: SF
Reference: MS:MS00-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501
Reference: XF:outlook-cache-bypass
Reference: URL:http://xforce.iss.net/static/5013.php
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x,
allow remote attackers to read files on the client's system via a
malformed HTML message that stores files outside of the cache, aka the
"Cache Bypass" vulnerability.
Modifications:
ADDREF XF:outlook-cache-bypass
INFERRED ACTION: CAN-2000-0621 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:outlook-cache-bypass(5013)
======================================================
Candidate: CAN-2000-0624
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0624
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496
Reference: XF:winamp-playlist-parser-bo
Reference: URL:http://xforce.iss.net/static/4956.php
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to
execute arbitrary commands via a long #EXTINF: extension in the M3U
playlist.
Modifications:
ADDREF XF:winamp-playlist-parser-bo
ADDREF CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
DESC COrrect spelling for Winamp
INFERRED ACTION: CAN-2000-0624 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Christey, Cole
Voter Comments:
Frech> XF:winamp-playlist-parser-bo(4956)
In the description, Nullsoft spells their product as "Winamp."
Christey> CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Comment in version 2.65: "Fix to ex-m3u bug/security hole."
======================================================
Candidate: CAN-2000-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0627
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486
Reference: XF:blackboard-courseinfo-dbase-modification
Reference: URL:http://xforce.iss.net/static/4946.php
BlackBoard CourseInfo 4.0 does not properly authenticate users, which
allows local users to modify CourseInfo database information and gain
privileges by directly calling the supporting CGI programs such as
user_update_passwd.pl and user_update_admin.pl.
Modifications:
ADDREF XF:blackboard-courseinfo-dbase-modification
ADDREF BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
INFERRED ACTION: CAN-2000-0627 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Wall, Blake
MODIFY(1) Frech
NOOP(5) Armstrong, LeBlanc, Ozancin, Christey, Cole
Voter Comments:
Frech> XF:blackboard-courseinfo-dbase-modification(4946)
Christey> Vendor acknowledgement is at:
BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
CHANGE> [Wall changed vote from NOOP to ACCEPT]
Wall> Vendor has released a patch for this vulnerability.
======================================================
Candidate: CAN-2000-0628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0628
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: BID:1457
Reference: URL:http://www.securityfocus.com/bid/1457
Reference: XF:apache-source-asp-file-write
Reference: URL:http://xforce.iss.net/static/4931.php
The source.asp example script in the Apache ASP module Apache::ASP
1.93 and earlier allows remote attackers to modify files.
Modifications:
ADDREF XF:apache-source-asp-file-write
INFERRED ACTION: CAN-2000-0628 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Cole
Voter Comments:
Frech> XF:apache-source-asp-file-write(4931)
======================================================
Candidate: CAN-2000-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0630
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488
Reference: XF:iis-htr-obtain-code
Reference: URL:http://xforce.iss.net/static/5104.php
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source
code by appending a +.htr to the URL, a variant of the "File Fragment
Reading via .HTR" vulnerability.
Modifications:
ADDREF XF:iis-htr-obtain-code
INFERRED ACTION: CAN-2000-0630 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:iis-htr-obtain-code(5104)
======================================================
Candidate: CAN-2000-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0631
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476
Reference: XF:iis-absent-directory-dos
Reference: URL:http://xforce.iss.net/static/4951.php
An administrative script from IIS 3.0, later included in IIS 4.0 and
5.0, allows remote attackers to cause a denial of service by accessing
the script without a particular argument, aka the "Absent Directory
Browser Argument" vulnerability.
Modifications:
ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
ADDREF XF:iis-absent-directory-dos
INFERRED ACTION: CAN-2000-0631 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:iis-absent-directory-dos(4951)
Christey> ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2
======================================================
Candidate: CAN-2000-0632
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0632
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490
Reference: XF:lsoft-listserv-querystring-bo
Reference: URL:http://xforce.iss.net/static/4952.php
Buffer overflow in the web archive component of L-Soft Listserv 1.8d
and earlier allows remote attackers to execute arbitrary commands via
a long query string.
Modifications:
DESC fix typo: change "ot" to "of"
ADDREF XF:lsoft-listserv-querystring-bo
INFERRED ACTION: CAN-2000-0632 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Christey
Voter Comments:
Christey> Fix typo: "ot"
Frech> XF:lsoft-listserv-querystring-bo(4952)
Suggest that canonical NAI reference is housed at
http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp.
======================================================
Candidate: CAN-2000-0633
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0633
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: REDHAT:RHSA-2000:053-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053-02.html
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489
Reference: XF:linux-usermode-dos
Reference: URL:http://xforce.iss.net/static/4944.php
Vulnerability in Mandrake Linux usermode package allows local users to
to reboot or halt the system.
Modifications:
ADDREF XF:linux-usermode-dos
ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
ADDREF REDHAT:RHSA-2000:053-01
INFERRED ACTION: CAN-2000-0633 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Christey, Cole
Voter Comments:
Frech> XF:linux-usermode-dos(4944)
Christey> ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
ADDREF REDHAT:RHSA-2000:053-01
http://www.redhat.com/support/errata/RHSA-2000-053-02.html
======================================================
Candidate: CAN-2000-0634
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0634
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493
Reference: XF:communigate-pro-file-read
Reference: URL:http://xforce.iss.net/static/5105.php
The web administration interface for CommuniGate Pro 3.2.5 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot)
attack.
Modifications:
ADDREF XF:communigate-pro-file-read
INFERRED ACTION: CAN-2000-0634 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Ozancin
Voter Comments:
Frech> XF:communigate-pro-file-read(5105)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
Wall> SecuriTeam and bugtraq seem to be the only source; first discovered by a
Japanese fellow.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0635
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0635
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: BID:1449
Reference: URL:http://www.securityfocus.com/bid/1449
Reference: XF:minivend-viewpage-sample
Reference: URL:http://xforce.iss.net/static/4880.php
The view_page.html sample page in the MiniVend shopping cart program
allows remote attackers to execute arbitrary commands via shell
metacharacters.
Modifications:
ADDREF XF:minivend-viewpage-sample
ADDREF CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
INFERRED ACTION: CAN-2000-0635 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Christey, Cole
Voter Comments:
Frech> XF:minivend-viewpage-sample(4880)
Christey> CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
======================================================
Candidate: CAN-2000-0636
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0636
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491
Reference: XF:hp-jetdirect-quote-dos
Reference: URL:http://xforce.iss.net/static/4947.php
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
remote attackers to cause a denial of service via a malformed FTP
quote command.
Modifications:
ADDREF hp-jetdirect-quote-dos(4947)
INFERRED ACTION: CAN-2000-0636 ACCEPT_REV (5 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Cole
MODIFY(1) Frech
NOOP(2) LeBlanc, Ozancin
REVIEWING(1) Armstrong
Voter Comments:
Frech> XF:hp-jetdirect-quote-dos(4947)
CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
Wall> ISS and SecuriTeam include this as a vulnerability.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0637
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0637
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
Reference: MS:MS00-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp
Reference: BID:1451
Reference: URL:http://www.securityfocus.com/bid/1451
Reference: XF:excel-register-function
Reference: URL:http://xforce.iss.net/static/5016.php
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary
commands by specifying a malicious .dll using the Register.ID
function, aka the "Excel REGISTER.ID Function" vulnerability.
Modifications:
ADDREF XF:excel-register-function
INFERRED ACTION: CAN-2000-0637 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:excel-register-function(5016)
======================================================
Candidate: CAN-2000-0638
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0638
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: BID:1455
Reference: URL:http://www.securityfocus.com/bid/1455
Reference: XF:http-cgi-bigbrother-bbhostsvc
Reference: URL:http://xforce.iss.net/static/4879.php
Big Brother 1.4h1 and earlier allows remote attackers to read
arbitrary files via a .. (dot dot) attack.
Modifications:
ADDREF XF:http-cgi-bigbrother-bbhostsvc
INFERRED ACTION: CAN-2000-0638 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(2) Wall, LeBlanc
Voter Comments:
Frech> XF:http-cgi-bigbrother-bbhostsvc(4879)
======================================================
Candidate: CAN-2000-0639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0639
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
Reference: BID:1494
Reference: URL:http://www.securityfocus.com/bid/1494
Reference: XF:big-brother-filename-extension
Reference: URL:http://xforce.iss.net/static/5103.php
The default configuration of Big Brother 1.4h2 and earlier does not
include proper access restrictions, which allows remote attackers to
execute arbitrary commands by using bbd to upload a file whose
extension will cause it to be executed as a CGI script by the web
server.
Modifications:
ADDREF XF:big-brother-filename-extension
INFERRED ACTION: CAN-2000-0639 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Cole
Voter Comments:
Frech> XF:big-brother-filename-extension(5103)
======================================================
Candidate: CAN-2000-0640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0640
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452
Reference: XF:guild-ftpd-disclosure
Reference: URL:http://xforce.iss.net/static/4922.php
Guild FTPd allows remote attackers to determine the existence of files
outside the FTP root via a .. (dot dot) attack, which provides
different error messages depending on whether the file exists or not.
Modifications:
ADDREF XF:guild-ftpd-disclosure
INFERRED ACTION: CAN-2000-0640 ACCEPT (6 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Blake, Ozancin, Cole
MODIFY(2) Wall, Frech
NOOP(2) Armstrong, LeBlanc
Voter Comments:
Frech> XF:guild-ftpd-disclosure(4922)
CHANGE> [Wall changed vote from NOOP to MODIFY]
Wall> "Guild FTPd for Windows 98 and Windows NT 4.0 allows" ...
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0641
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453
Reference: XF:savant-get-bo
Reference: URL:http://xforce.iss.net/static/4901.php
Savant web server allows remote attackers to execute arbitrary
commands via a long GET request.
Modifications:
ADDREF XF:savant-get-bo
INFERRED ACTION: CAN-2000-0641 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Ozancin
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Cole
Voter Comments:
Frech> XF:savant-get-bo(4901)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
Wall> USSR Labs and multiple references.
======================================================
Candidate: CAN-2000-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0642
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497
Reference: XF:webactive-active-log
Reference: URL:http://xforce.iss.net/static/5184.php
The default configuration of WebActive HTTP Server 1.00 stores the web
access log active.log in the document root, which allows remote
attackers to view the logs by directly requesting the page.
Modifications:
ADDREF XF:webactive-active-log
INFERRED ACTION: CAN-2000-0642 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Ozancin
Voter Comments:
Frech> XF:webactive-active-log(5184)
CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0643
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470
Reference: XF:webactive-long-get-dos
Reference: URL:http://xforce.iss.net/static/4949.php
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
to cause a denial of service via a long URL.
Modifications:
ADDREF XF:webactive-long-get-dos
INFERRED ACTION: CAN-2000-0643 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Wall, Blake
MODIFY(1) Frech
NOOP(4) Armstrong, LeBlanc, Ozancin, Cole
Voter Comments:
Frech> XF:webactive-long-get-dos(4949)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0644
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506
Reference: XF:wftpd-stat-dos
Reference: URL:http://xforce.iss.net/static/5003.php
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing a STAT command while the LIST command is still
executing.
Modifications:
ADDREF XF:wftpd-stat-dos
INFERRED ACTION: CAN-2000-0644 ACCEPT_REV (6 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole
MODIFY(1) Frech
NOOP(2) LeBlanc, Christey
REVIEWING(1) Armstrong
Voter Comments:
Frech> XF:wftpd-stat-dos(5003)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
CHANGE> [Cole changed vote from NOOP to ACCEPT]
Christey> See http://www.wftpd.com/bugpage.htm
Bug details for RC12 identify other vuln's found by the discloser, but
not this one. Did the vendor forget to fix it, or did they forget to
document the fix?
======================================================
Candidate: CAN-2000-0651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0651
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440
Reference: XF:novell-bordermanager-verification
Reference: URL:http://xforce.iss.net/static/5186.php
The ClientTrust program in Novell BorderManager does not properly
verify the origin of authentication requests, which could allow remote
attackers to impersonate another user by replaying the authentication
requests and responses from port 3024 of the victim's machine.
Modifications:
ADDREF XF:novell-bordermanager-verification
INFERRED ACTION: CAN-2000-0651 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Levy, Blake, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Ozancin
REVIEWING(1) Armstrong
Voter Comments:
Frech> XF:novell-bordermanager-verification(5186)
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0652
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500
Reference: XF:websphere-showcode
Reference: URL:http://xforce.iss.net/static/5012.php
IBM WebSphere allows remote attackers to read source code for
executable web files by directly calling the default InvokerServlet
using a URL which contains the "/servlet/file" string.
Modifications:
ADDREF XF:websphere-showcode
INFERRED ACTION: CAN-2000-0652 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Bollinger, Blake
MODIFY(1) Frech
NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole
Voter Comments:
Frech> F:websphere-showcode(5012)
Christey> The discoverers claim that APAR PQ39857 fixes the problem,
but it could not be found on:
http://www-4.ibm.com/software/webservers/appserv/efix.html
======================================================
Candidate: CAN-2000-0654
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0654
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1466
Reference: URL:http://www.securityfocus.com/bid/1466
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php
Microsoft Enterprise Manager allows local users to obtain database
passwords via the Data Transformation Service (DTS) package Registered
Servers Dialog dialog, aka a variant of the "DTS Password"
vulnerability.
Modifications:
ADDREF XF:mssql-dts-reveal-passwords
INFERRED ACTION: CAN-2000-0654 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:mssql-dts-reveal-passwords(4582)
We show a duplicate with CAN-2000-0485; this may be a LoA issue.
Christey> There are 2 different dialogs which allow you to get to the
database passwords; one is captured in CAN-2000-0485, and the
other in CAN-2000-0654. CD:SF-LOC suggests keeping these
split.
======================================================
Candidate: CAN-2000-0655
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0655
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: REDHAT:RHSA-2000:046-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046-02.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt
Reference: TURBO:TLSA2000017-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
Reference: NETBSD:NetBSD-SA2000-011
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503
Reference: XF:netscape-jpg-comment
Netscape Communicator 4.73 and earlier allows remote attackers to
cause a denial of service or execute arbitrary commands via a JPEG
image containing a comment with an illegal field length of 1.
Modifications:
ADDREF XF:netscape-jpg-comment
ADDREF FREEBSD:FreeBSD-SA-00:39
ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
ADDREF NETBSD:NetBSD-SA2000-011
ADDREF TURBO:TLSA2000017-1
ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
INFERRED ACTION: CAN-2000-0655 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Wall, Cole
MODIFY(1) Frech
NOOP(2) LeBlanc, Christey
Voter Comments:
Frech> XF:netscape-jpg-comment(5014)
Christey> ADDREF FREEBSD:FreeBSD-SA-00:39
ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
http://www.suse.de/de/support/security/suse_security_announce_60.txt
ADDREF TURBO:TLSA2000017-1
URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
ADDREF NETBSD:NetBSD-SA2000-011
URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
======================================================
Candidate: CAN-2000-0660
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0660
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: BID:1462
Reference: URL:http://www.securityfocus.com/bid/1462
Reference: XF:worldclient-dir-traverse
Reference: URL:http://xforce.iss.net/static/4913.php
The WDaemon web server for WorldClient 2.1 allows remote attackers to
read arbitrary files via a .. (dot dot) attack.
Modifications:
ADDREF XF:worldclient-dir-traverse
ADDREF CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
INFERRED ACTION: CAN-2000-0660 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Christey, Cole
Voter Comments:
Frech> XF:worldclient-dir-traverse(4913)
Christey> CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
======================================================
Candidate: CAN-2000-0661
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0661
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448
Reference: XF:wircsrv-character-flood-dos
Reference: URL:http://xforce.iss.net/static/4914.php
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of
service via a long string to the server port.
Modifications:
ADDREF XF:wircsrv-character-flood-dos
INFERRED ACTION: CAN-2000-0661 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Ozancin
Voter Comments:
Frech> XF:wircsrv-character-flood-dos(4914)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0663
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507
Reference: XF:explorer-relative-path-name
Reference: URL:http://xforce.iss.net/static/5040.php
The registry entry for the Windows Shell executable (Explorer.exe) in
Windows NT and Windows 2000 uses a relative path name, which allows
local users to execute arbitrary commands by inserting a Trojan Horse
named Explorer.exe into the %Systemdrive% directory, aka the "Relative
Shell Path" vulnerability.
Modifications:
ADDREF XF:explorer-relative-path-name
INFERRED ACTION: CAN-2000-0663 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, LeBlanc, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:explorer-relative-path-name(5040)
======================================================
Candidate: CAN-2000-0664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0664
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508
Reference: XF:analogx-simpleserver-directory-path
Reference: URL:http://xforce.iss.net/static/4999.php
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read
arbitrary files via a modified .. (dot dot) attack that uses the %2E
URL encoding for the dots.
Modifications:
ADDREF XF:analogx-simpleserver-directory-path
INFERRED ACTION: CAN-2000-0664 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Cole
Voter Comments:
Frech> XF:analogx-simpleserver-directory-path(4999)
======================================================
Candidate: CAN-2000-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0665
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478
Reference: XF:gamsoft-telsrv-dos
Reference: URL:http://xforce.iss.net/static/4945.php
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
cause a denial of service via a long username.
Modifications:
ADDREF XF:gamsoft-telsrv-dos
ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
DESC Change vendor name to "GAMSoft"
INFERRED ACTION: CAN-2000-0665 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Blake, Cole
MODIFY(1) Frech
NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Christey
Voter Comments:
Frech> XF:gamsoft-telsrv-dos(4945)
Christey> Change vendor name to "GAMSoft"
ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
This is an additional impact of the same DoS described in the
earlier NTBUGTRAQ post.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0666
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0666
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: DEBIAN:20000715 rpc.statd: remote root exploit
Reference: URL:http://www.debian.org/security/2000/20000719a
Reference: REDHAT:RHSA-2000:043-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: CERT:CA-2000-17
Reference: URL:http://www.cert.org/advisories/CA-2000-17.html
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480
Reference: XF:linux-rpcstatd-format-overwrite
Reference: URL:http://xforce.iss.net/static/4939.php
rpc.statd in the nfs-utils package in various Linux distributions does
not properly cleanse untrusted format strings, which allows remote
attackers to gain root privileges.
Modifications:
ADDREF CERT:CA-2000-17
ADDREF XF:linux-rpcstatd-format-overwrite
INFERRED ACTION: CAN-2000-0666 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Christey
Voter Comments:
Christey> ADDREF CERT:CA-2000-17
Frech> XF:linux-rpcstatd-format-overwrite(4939)
======================================================
Candidate: CAN-2000-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0668
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: REDHAT:RHSA-2000:044-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044-02.html
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513
Reference: XF:linux-pam-console
Reference: URL:http://xforce.iss.net/static/5001.php
pam_console PAM module in Linux systems allows a user to access the
system console and reboot the system when a display manager such as
gdm or kdm has XDMCP enabled.
Modifications:
ADDREF XF:linux-pam-console
ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update
INFERRED ACTION: CAN-2000-0668 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Christey
Voter Comments:
Frech> XF:linux-pam-console(5001)
Christey> ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update
http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
======================================================
Candidate: CAN-2000-0669
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0669
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467
Reference: XF:netware-port40193-dos
Novell NetWare 5.0 allows remote attackers to cause a denial of
service by flooding port 40193 with random data.
Modifications:
ADDREF XF:netware-port40193-dos
DESC Change spelling to "NetWare"
INFERRED ACTION: CAN-2000-0669 ACCEPT_REV (4 accept, 0 ack, 1 review)
Current Votes:
ACCEPT(3) Levy, Blake, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Ozancin
REVIEWING(1) Armstrong
Voter Comments:
Frech> XF:netware-port40193-dos(4932)
In the description, correct spelling is NetWare.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0670
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0670
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
Reference: DEBIAN:20000716
Reference: URL:http://www.debian.org/security/2000/20000719b
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc
Reference: TURBO:TLSA2000016-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
Reference: BID:1469
Reference: URL:http://www.securityfocus.com/bid/1469
Reference: XF:cvsweb-shell-access
Reference: URL:http://xforce.iss.net/static/4925.php
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with
write access to a CVS repository to execute arbitrary commands via
shell metacharacters.
Modifications:
ADDREF XF:cvsweb-shell-access
ADDREF TURBO:TLSA2000016-1
INFERRED ACTION: CAN-2000-0670 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Christey
Voter Comments:
Frech> XF:cvsweb-shell-access(4925)
Christey> ADDREF FREEBSD:
http://archives.neohapsis.com/archives/freebsd/2000-08/0096.html
ADDREF TURBO:TLSA2000016-1
http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
======================================================
Candidate: CAN-2000-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0671
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510
Reference: XF:roxen-null-char-url
Reference: URL:http://xforce.iss.net/static/4965.php
Roxen web server earlier than 2.0.69 allows allows remote attackers to
bypass access restrictions, list directory contents, and read source
code by inserting a null character (%00) to the URL.
Modifications:
DESC Clarify problem
ADDREF XF:roxen-null-char-url
INFERRED ACTION: CAN-2000-0671 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
MODIFY(2) Levy, Frech
NOOP(3) Wall, LeBlanc, Cole
Voter Comments:
Levy> There really is more to this problem than simply being able to
list the contents of a directory. Roxen uses Pike. Pike can handle
strings with nulls in them, but the underlying OS truncates the
string at the first null. Thus Roxen and the OS do not agree on
what file the string really points to. On symptom is being able
to list a directory. More dangerous is being able to bypass
access restrictions by sending a query that passes the web server's
ACLs but is valid to the underlying OS. You could also use it
to download the source code to scripts by sending a request that
the web server will not think is a file type that should be parsed
or executed but that will make the underlying OS open the script for
reading.
Frech> XF:roxen-null-char-url(4965)
======================================================
Candidate: CAN-2000-0673
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0673
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: URL:http://www.pgp.com/research/covert/advisories/044.asp
Reference: MS:MS00-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515
Reference: XF:netbios-name-server-spoofing
Reference: URL:http://xforce.iss.net/static/5035.php
The NetBIOS Name Server (NBNS) protocol does not perform
authentication, which allows remote attackers to cause a denial of
service by sending a spoofed Name Conflict or Name Release datagram,
aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
Modifications:
ADDREF XF:netbios-name-server-spoofing
INFERRED ACTION: CAN-2000-0673 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, LeBlanc, Cole
MODIFY(2) Levy, Frech
NOOP(1) Christey
Voter Comments:
Levy> It seems you are conbining these two problems because they have the
same root problem: that NetBIOS trusts everyone and its not authenticated.
But if that is your reasoning then you can classify this as a software
fault (SF), it should be a design flaw.
Frech> XF:netbios-name-server-spoofing(5035)
Christey> There isn't a "design flaw" category, although maybe there
should be. The "SF" (software fault) category encompasses
both implementation flaws and design flaws.
======================================================
Candidate: CAN-2000-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0674
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471
Reference: XF:virtualvision-ftp-browser
Reference: URL:http://xforce.iss.net/static/5187.php
ftp.pl CGI program for Virtual Visions FTP browser allows remote
attackers to read directories outside of the document root via a
.. (dot dot) attack.
Modifications:
ADDREF XF:virtualvision-ftp-browser
INFERRED ACTION: CAN-2000-0674 ACCEPT (6 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Christey
Voter Comments:
Frech> XF:virtualvision-ftp-browser(5187)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
CHANGE> [Cole changed vote from NOOP to ACCEPT]
Christey> I verified this via code inspection of ftp.pl as downloaded
from http://www.arc-s.com/virtual_visions/files/ftp.zip on
October 5, 2000. The vulnerable lines are:
line 114: $check_dir = $FORM_DATA{"dir"};
line 116: $full_path = "$full_path/$check_dir";
line 128: opendir (DIR, $full_path);
line 129: @allfiles = readdir(DIR);
It appears that the feartech vendor is no longer maintaining
the code, as the feartech site (http://www.feartech.com/vv/ftp.shtml)
points to the www.arc-s.com site I just referenced.
======================================================
Candidate: CAN-2000-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0675
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477
Reference: XF:gatekeeper-long-string-bo
Reference: URL:http://xforce.iss.net/static/4948.php
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
attackers to execute arbitrary commands via a long string.
Modifications:
ADDREF XF:gatekeeper-long-string-bo
INFERRED ACTION: CAN-2000-0675 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Levy, Wall, Blake, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, LeBlanc, Ozancin
Voter Comments:
Frech> XF:gatekeeper-long-string-bo(4948)
CHANGE> [Wall changed vote from NOOP to ACCEPT]
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-2000-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0676
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000811
Category: SF
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Reference: REDHAT:RHSA-2000:054-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054-01.html
Reference: CALDERA:CSSA-2000-027.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1546
Reference: URL:http://www.securityfocus.com/bid/1546
Netscape Communicator and Navigator 4.04 through 4.74 allows remote
attackers to read arbitrary files by using a Java applet to open a
connection to a URL using the "file", "http", "https", and "ftp"
protocols, as demonstrated by Brown Orifice.
Modifications:
ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
ADDREF REDHAT:RHSA-2000:054-01
ADDREF CALDERA:CSSA-2000-027.1
ADDREF FREEBSD:FreeBSD-SA-00:39
ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
INFERRED ACTION: CAN-2000-0676 ACCEPT (3 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Wall, Cole
NOOP(1) Christey
Voter Comments:
Christey> ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
ADDREF REDHAT:RHSA-2000:054-01
ADDREF CALDERA:CSSA-2000-027.1
Christey> ADDREF FREEBSD:FreeBSD-SA-00:39
ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
http://www.suse.de/de/support/security/suse_security_announce_60.txt
ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Christey> ADDREF BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
======================================================
Candidate: CAN-2000-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0677
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000823
Category: SF
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/advise60.php
Reference: XF:ibm-netdata-db2www-bo
Reference: URL:http://xforce.iss.net/static/4976.php
Buffer overflow in IBM Net.Data db2www CGI program allows remote
attackers to execute arbitrary commands via a long PATH_INFO
environmental variable.
Modifications:
ADDREF XF:ibm-netdata-db2www-bo
INFERRED ACTION: CAN-2000-0677 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Bollinger, Blake, Cole
MODIFY(1) Frech
NOOP(3) Armstrong, Wall, Ozancin
Voter Comments:
Frech> XF:ibm-netdata-db2www-bo(4976)
Change ISS URL to http://xforce.iss.net/alerts/advise60.php
======================================================
Candidate: CAN-2000-0678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0678
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000825
Category: SF
Reference: CERT:CA-2000-18
Reference: URL:http://www.cert.org/advisories/CA-2000-18.html
Reference: BID:1606
Reference: URL:http://www.securityfocus.com/bid/1606
PGP 5.5.x through 6.5.3 does not properly check if an Additional
Decryption Key (ADK) is stored in the signed portion of a public
certificate, which allows an attacker who can modify a victim's public
certificate to decrypt any data that has been encrypted with the
modified certificate.
INFERRED ACTION: CAN-2000-0678 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Wall, Cole
======================================================
Candidate: CAN-2000-0681
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0681
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html
Reference: BID:1570
Reference: URL:http://www.securityfocus.com/bid/1570
Reference: XF:weblogic-plugin-bo
Buffer overflow in BEA WebLogic server proxy plugin allows remote
attackers to execute arbitrary commands via a long URL with a .JSP
extension.
Modifications:
ADDREF XF:weblogic-plugin-bo
INFERRED ACTION: CAN-2000-0681 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:weblogic-plugin-bo
======================================================
Candidate: CAN-2000-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0682
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1518
Reference: URL:http://www.securityfocus.com/bid/1518
Reference: XF:weblogic-fileservlet-show-code
BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the
FileServlet.
Modifications:
ADDREF XF:weblogic-fileservlet-show-code
INFERRED ACTION: CAN-2000-0682 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:weblogic-fileservlet-show-code
======================================================
Candidate: CAN-2000-0683
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0683
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: BID:1517
Reference: URL:http://www.securityfocus.com/bid/1517
BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /*.shtml/ into the URL, which invokes the
SSIServlet.
INFERRED ACTION: CAN-2000-0683 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0684
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0684
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags
BEA WebLogic 5.1.x does not properly restrict access to the
JSPServlet, which could allow remote attackers to compile and execute
Java JSP code by directly invoking the servlet on any source file.
Modifications:
ADDREF XF:html-malicious-tags
INFERRED ACTION: CAN-2000-0684 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:html-malicious-tags
======================================================
Candidate: CAN-2000-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0685
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags
BEA WebLogic 5.1.x does not properly restrict access to the
PageCompileServlet, which could allow remote attackers to compile and
execute Java JHTML code by directly invoking the servlet on any source
file.
Modifications:
ADDREF XF:html-malicious-tags
INFERRED ACTION: CAN-2000-0685 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:html-malicious-tags
======================================================
Candidate: CAN-2000-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0700
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Reference: BID:1541
Reference: URL:http://www.securityfocus.com/bid/1541
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit
Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and
some versions of 12.0, do not properly handle line card failures,
which allows remote attackers to bypass ACLs or force the interface to
stop forwarding packets.
Modifications:
DESC extend version info
INFERRED ACTION: CAN-2000-0700 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Balinsky
NOOP(1) Wall
Voter Comments:
Balinsky> Modify description to say "starting with 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0"
======================================================
Candidate: CAN-2000-0703
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0703
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_59.txt
Reference: CALDERA:CSSA-2000-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
Reference: DEBIAN:20000808 mailx: local exploit
Reference: URL:http://www.debian.org/security/2000/20000810
Reference: REDHAT:RHSA-2000:048-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048-03.html
Reference: TURBO:TLSA2000018-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
Reference: BID:1547
Reference: URL:http://www.securityfocus.com/bid/1547
Reference: XF:perl-shell-escape
suidperl (aka sperl) does not properly cleanse the escape sequence
"~!" before calling /bin/mail to send an error report, which allows
local users to gain privileges by setting the "interactive"
environmental variable and calling suidperl with a filename that
contains the escape sequence.
Modifications:
ADDREF XF:perl-shell-escape
INFERRED ACTION: CAN-2000-0703 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:perl-shell-escape
======================================================
Candidate: CAN-2000-0705
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0705
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html
Reference: REDHAT:RHSA-2000:049-02
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0065.html
Reference: BID:1550
Reference: URL:http://www.securityfocus.com/bid/1550
Reference: XF:ntop-remote-file-access
ntop running in web mode allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Modifications:
ADDREF XF:ntop-remote-file-access
INFERRED ACTION: CAN-2000-0705 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ntop-remote-file-access
======================================================
Candidate: CAN-2000-0706
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0706
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:36
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: URL:http://www.debian.org/security/2000/20000830
Reference: BID:1576
Reference: URL:http://www.securityfocus.com/bid/1576
Reference: XF:ntop-bo
Buffer overflows in ntop running in web mode allows remote attackers
to execute arbitrary commands.
Modifications:
ADDREF XF:ntop-bo
INFERRED ACTION: CAN-2000-0706 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ntop-bo
======================================================
Candidate: CAN-2000-0707
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0707
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: BID:1557
Reference: URL:http://www.securityfocus.com/bid/1557
Reference: XF:pccs-mysql-admin-tool
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the
file dbconnect.inc within the web root, which allows remote attackers
to obtain sensitive information such as the administrative password.
Modifications:
ADDREF XF:pccs-mysql-admin-tool
INFERRED ACTION: CAN-2000-0707 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:pccs-mysql-admin-tool
======================================================
Candidate: CAN-2000-0708
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0708
Final-Decision:
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: BID:1605
Reference: URL:http://www.securityfocus.com/bid/1605
Reference: XF:telnetserver-rpc-bo
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows
remote attackers to cause a denial of service via a long series of
null characters to the rexec port.
Modifications:
ADDREF XF:telnetserver-rpc-bo
ADDREF CONFIRM:http://www.pragmasys.com/TelnetServer/
INFERRED ACTION: CAN-2000-0708 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:telnetserver-rpc-bo
======================================================
Candidate: CAN-2000-0711
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0711
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1545
Reference: URL:http://www.securityfocus.com/bid/1545
Netscape Communicator does not properly prevent a ServerSocket object
from being created by untrusted entities, which allows remote
attackers to create a server on the victim's system via a malicious
applet, as demonstrated by Brown Orifice.
INFERRED ACTION: CAN-2000-0711 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0712
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0712
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MISC:http://www.egroups.com/message/lids/1038
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: BID:1549
Reference: URL:http://www.securityfocus.com/bid/1549
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to
gain root privileges when LIDS is disabled via the security=0 boot
option.
INFERRED ACTION: CAN-2000-0712 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0718
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html
Reference: BID:1567
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1567
A race condition in MandrakeUpdate allows local users to modify RPM
files while they are in the /tmp directory before they are installed.
INFERRED ACTION: CAN-2000-0718 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0725
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0725
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
Reference: REDHAT:RHSA-2000:052-02
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0131.html
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: URL:http://www.debian.org/security/2000/20000821
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Reference: BID:1577
Reference: URL:http://www.securityfocus.com/bid/1577
Zope before 2.2.1 does not properly restrict access to the getRoles
method, which allows users who can edit DTML to add or modify roles by
modifying the roles list that is included in a request.
INFERRED ACTION: CAN-2000-0725 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0727
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
xpdf PDF viewer client earlier than 0.91 does not properly launch a
web browser for embedded URL's, which allows an attacker to execute
arbitrary commands via a URL that contains shell metacharacters.
INFERRED ACTION: CAN-2000-0727 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0728
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
xpdf PDF viewer client earlier than 0.91 allows local users to
overwrite arbitrary files via a symlink attack.
INFERRED ACTION: CAN-2000-0728 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0730
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: HP:HPSBUX0008-118
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1580
Reference: URL:http://www.securityfocus.com/bid/1580
Vulnerability in newgrp command in HP-UX 11.0 allows local users to
gain privileges.
INFERRED ACTION: CAN-2000-0730 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0733
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0733
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html
Reference: SGI:20000801-02-P
Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P
Reference: BID:1572
Reference: URL:http://www.securityfocus.com/bid/1572
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans
user-injected format strings, which allows remote attackers to execute
arbitrary commands via a long RLD variable in the
IAC-SB-TELOPT_ENVIRON request.
INFERRED ACTION: CAN-2000-0733 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0737
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0737
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-053.asp
Reference: BID:1535
Reference: URL:http://www.securityfocus.com/bid/1535
The Service Control Manager (SCM) in Windows 2000 creates predictable
named pipes, which allows a local user with console access to gain
administrator privileges, aka the "Service Control Manager Named Pipe
Impersonation" vulnerability.
INFERRED ACTION: CAN-2000-0737 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0743
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0743
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows
remote attackers to execute arbitrary commands via a DES key
generation request (GDESkey) that contains a long ticket value.
INFERRED ACTION: CAN-2000-0743 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0744
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0744
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows
remote attackers to execute arbitrary commands via a DES key
generation request (GDESkey) that contains a long ticket value.
INFERRED ACTION: CAN-2000-0744 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0745
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0745
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html
Reference: BID:1592
Reference: URL:http://www.securityfocus.com/bid/1592
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke
administrator password, which allows remote attackers to gain
privileges by requesting a URL that does not specify the aid or pwd
parameter.
INFERRED ACTION: CAN-2000-0745 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0750
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0750
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000-050-01
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1558
Reference: URL:http://www.securityfocus.com/bid/1558
Buffer overflow in mopd (Maintenance Operations Protocol loader
daemon) allows remote attackers to execute arbitrary commands via a
long file name.
INFERRED ACTION: CAN-2000-0750 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0751
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0751
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000-050-01
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1559
Reference: URL:http://www.securityfocus.com/bid/1559
mopd (Maintenance Operations Protocol loader daemon) does not properly
cleanse user-injected format strings, which allows remote attackers to
execute arbitrary commands.
INFERRED ACTION: CAN-2000-0751 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0754
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0754
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: HP:HPSBUX0008-119
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1581
Reference: URL:http://www.securityfocus.com/bid/1581
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1
related to passwords.
INFERRED ACTION: CAN-2000-0754 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0758
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html
Reference: BID:1584
Reference: URL:http://www.securityfocus.com/bid/1584
The web interface for Lyris List Manager 3 and 4 allows list
subscribers to obtain administrative access by modifying the value of
the list_admin hidden form field.
INFERRED ACTION: CAN-2000-0758 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0761
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0761
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README
Reference: BID:1582
Reference: URL:http://www.securityfocus.com/bid/1582
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of
service via a long username.
INFERRED ACTION: CAN-2000-0761 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0763
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0763
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000816 xlock vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: URL:http://www.debian.org/security/2000/20000816
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Reference: BID:1585
Reference: URL:http://www.securityfocus.com/bid/1585
xlockmore and xlockf do not properly cleanse user-injected format
strings, which allows local users to gain root privileges via the -d
option.
INFERRED ACTION: CAN-2000-0763 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0765
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-056.asp
Reference: BID:1561
Reference: URL:http://www.securityfocus.com/bid/1561
Buffer overflow in the HTML interpreter in Microsoft Office 2000
allows an attacker to execute arbitrary commands via a long embedded
object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
INFERRED ACTION: CAN-2000-0765 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0767
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0767
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x
and 5.x renders arbitrary file types instead of HTML, which allows an
attacker to read arbitrary files, aka the "Scriptlet Rendering"
vulnerability.
INFERRED ACTION: CAN-2000-0767 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0768
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0768
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
A function in Internet Explorer 4.x and 5.x does not properly verify
the domain of a frame within a browser window, which allows a remote
attacker to read client files, aka a variant of the "Frame Domain
Verification" vulnerability.
INFERRED ACTION: CAN-2000-0768 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0770
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0770
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-057.asp
Reference: BID:1565
Reference: URL:http://www.securityfocus.com/bid/1565
IIS 4.0 and 5.0 does not properly restrict access to certain types of
files when their parent folders have less restrictive permissions,
which could allow remote attackers to bypass access restrictions to
some files, aka the "File Permission Canonicalization" vulnerability.
INFERRED ACTION: CAN-2000-0770 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0771
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0771
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp
Reference: BID:1613
Reference: URL:http://www.securityfocus.com/bid/1613
Microsoft Windows 2000 allows local users to cause a denial of service
by corrupting the local security policy via malformed RPC traffic, aka
the "Local Security Policy Corruption" vulnerability.
INFERRED ACTION: CAN-2000-0771 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0777
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0777
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp
Reference: BID:1615
Reference: URL:http://www.securityfocus.com/bid/1615
The password protection feature of Microsoft Money can store the
password in plaintext, which allows attackers with physical access to
the system to obtain the password, aka the "Money Password"
vulnerability.
INFERRED ACTION: CAN-2000-0777 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0778
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0778
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-058.asp
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
Reference: BID:1578
Reference: URL:http://www.securityfocus.com/bid/1578
IIS 5.0 allows remote attackers to obtain source code for .ASP files
and other scripts via an HTTP GET request with a "Translate: f"
header, aka the "Specialized Header" vulnerability.
INFERRED ACTION: CAN-2000-0778 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Levy, Wall
======================================================
Candidate: CAN-2000-0779
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0779
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
Reference: BID:1534
Reference: URL:http://www.securityfocus.com/bid/1534
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote
attackers to bypass access restrictions and connect to a RSH/REXEC
client via malformed connection requests.
INFERRED ACTION: CAN-2000-0779 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(2) Christey, Wall
Voter Comments:
Christey> It looks like this is confirmed by Check Point in:
http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
======================================================
Candidate: CAN-2000-0780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0780
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:1617
Reference: URL:http://www.securityfocus.com/bid/1617
The web server in IPSWITCH IMail 6.04 and earlier allows remote
attackers to read and delete arbitrary files via a .. (dot dot) attack.
INFERRED ACTION: CAN-2000-0780 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0782
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0782
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: BID:1587
Reference: URL:http://www.securityfocus.com/bid/1587
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack.
INFERRED ACTION: CAN-2000-0782 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0786
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0786
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Reference: DEBIAN:20000727 userv: local exploit
Reference: URL:http://www.debian.org/security/2000/20000727
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2
Reference: BID:1516
Reference: URL:http://www.securityfocus.com/bid/1516
GNU userv 1.0.0 and earlier does not properly perform file descriptor
swapping, which can corrupt the USERV_GROUPS and USERV_GIDS
environmental variables and allow local users to bypass some access
restrictions.
INFERRED ACTION: CAN-2000-0786 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0787
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ: 20000817 XChat URL handler vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Reference: BID:1601
Reference: URL:http://www.securityfocus.com/bid/1601
Reference: REDHAT:RHSA-2000:055-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055-03.html
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to
execute arbitrary commands by encoding shell metacharacters into a URL
which XChat uses to launch a web browser.
INFERRED ACTION: CAN-2000-0787 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0792
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0792
Final-Decision:
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html
Reference: BID:1590
Reference: URL:http://www.securityfocus.com/bid/1590
Gnome Lokkit firewall package before 0.41 does not properly restrict
access to some ports, even if a user does not make any services
available.
INFERRED ACTION: CAN-2000-0792 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Levy
NOOP(1) Wall