[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[FINAL] ACCEPT 33 legacy candidates
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below. The
resulting CVE entries will be published in the near future in a new
version of CVE. Voting details and comments are provided at the end
of this report.
- Steve
Candidate CVE Name
--------- ----------
CAN-1999-0145 CVE-1999-0145
CAN-1999-0247 CVE-1999-0247
CAN-1999-0248 CVE-1999-0248
CAN-1999-0358 CVE-1999-0358
CAN-1999-0393 CVE-1999-0393
CAN-1999-0395 CVE-1999-0395
CAN-1999-0403 CVE-1999-0403
CAN-1999-0429 CVE-1999-0429
CAN-1999-0440 CVE-1999-0440
CAN-1999-0671 CVE-1999-0671
CAN-1999-0672 CVE-1999-0672
CAN-1999-0675 CVE-1999-0675
CAN-1999-0679 CVE-1999-0679
CAN-1999-0697 CVE-1999-0697
CAN-1999-0759 CVE-1999-0759
CAN-1999-0787 CVE-1999-0787
CAN-1999-0788 CVE-1999-0788
CAN-1999-0791 CVE-1999-0791
CAN-1999-0823 CVE-1999-0823
CAN-1999-0826 CVE-1999-0826
CAN-1999-0873 CVE-1999-0873
CAN-1999-0904 CVE-1999-0904
CAN-1999-0912 CVE-1999-0912
CAN-1999-0927 CVE-1999-0927
CAN-1999-0928 CVE-1999-0928
CAN-1999-0932 CVE-1999-0932
CAN-1999-0942 CVE-1999-0942
CAN-1999-0946 CVE-1999-0946
CAN-1999-0954 CVE-1999-0954
CAN-1999-0971 CVE-1999-0971
CAN-2000-0366 CVE-2000-0366
CAN-2000-0369 CVE-2000-0369
CAN-2000-0374 CVE-2000-0374
======================================================
Candidate: CAN-1999-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0145
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html
Reference: FarmerVenema:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Sendmail WIZ command enabled, allowing root access.
Modifications:
ADDREF CERT:CA-1990-11
ADDREF CERT:CA-1993-14
ADDREF BUGTRAQ:19950206 sendmail wizard thing...
ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it
INFERRED ACTION: CAN-1999-0145 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Hill, Blake, Proctor, Balinsky
MODIFY(2) Prosser, Frech
NOOP(1) Christey
REJECT(1) Northcutt
Voter Comments:
Frech> XF:smtp-wiz
Northcutt> I have voted against this before as well. This raises the case of a
historic but no longer existant vulnerability. Or is there any data
that wiz still exists on any operational systems?
Prosser> additional sources
Bugtraq
"sendmail wizard thing"
http://securityfocus/
CERT Advisory CA-93.14
http://www.cert.org
Christey> While this may not be active anywhere (we hope), it is still
of historic interest and potentially useful for academic
study. Therefore it should be included.
Balinsky> Cisco's Security Profile Assessment teams still find this at customer sites.
Christey> I also sent a post to the PEN-TEST list asking if people
still see this, and I got a few positive responses. See:
PEN-TEST:20000914 Re: Debug command on Sendmail
URL:http://www.securityfocus.com/archive/101/82783
URL:http://www.securityfocus.com/archive/101/83102
URL:http://www.securityfocus.com/archive/101/82978
ADDREF MISC:FarmerVenema:Improving the Security of Your Site by Breaking Into it
URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
ADDREF CERT:CA-1990-11
URL:http://www.cert.org/advisories/CA-1990-11.html
ADDREF BUGTRAQ:19950206 sendmail wizard thing...
URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
URL:http://www2.dataguard.no/bugtraq/1995_1/0350.html
======================================================
Candidate: CAN-1999-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0247
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: BID:1443
Reference: XF:inn-bo
Buffer overflow in nnrpd program in INN up to version 1.6 allows
remote users to execute arbitrary commands.
Modifications:
ADDREF NAI:17
add version number
CHANGEREF NAI:17 [normalize]
ADDREF XF:inn-bo
ADDREF BID:1443
INFERRED ACTION: CAN-1999-0247 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Stracener, Levy
MODIFY(1) Frech
NOOP(2) Christey, Northcutt
Voter Comments:
Frech> XF:inn-bo
Christey> BID:1443
URL:http://www.securityfocus.com/bid/1443
======================================================
Candidate: CAN-1999-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0248
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
A race condition in the authentication agent mechanism of sshd 1.2.17
allows an attacker to steal another user's credentials.
Modifications:
ADDREF MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
ADDREF CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
DESC [add details]
INFERRED ACTION: CAN-1999-0248 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Cole, Northcutt, Armstrong, Landfield
MODIFY(4) Baker, Bishop, Shostack, Blake
NOOP(3) Frech, Wall, Ozancin
Voter Comments:
Shostack> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
looks to me to be about the correct message that came from Tatu.
There are comments in changelog: * Improved the security of
auth_input_request_forwarding().
I'm not in favor of moving this forward without additional detail, but
thought I'd add a confirming URL and comment. We have insufficient
detail to accept it as a CVE.
Frech> Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit
(see asterisked section):
...
*****
Versions of ssh prior to 1.2.17 had problems with authentication agent
handling on some machines. There is a chance (a race condition) that a
malicious user could steal another user's credentials. This should be fixed
in 1.2.17.
*****
Blake> I concur with Adam that additional reference is needed. Either or both
references suggested are fine with me.
Bishop> (need more detail)
Baker> http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html Misc Defensive Info
The bugs concern only SSH protocol version 1.5 implemented in SSH server version 1.2.17. Later versions of the server or applications that use version 2 of the SSH protocol are not affected by the bugs. An attacker with the ability to do active network-level attacks can compromise the security of a number of aspects of the SSH protocol as implemented in SSH-1.2.17. While some of the attacks are fairly serious, even in the worst case security is still better than with rlogin or telnet. Being able to succeed in breaking SSH security requires intimate knowledge of the protocol and the implementation, access to a large amount of processing power and expertise in TCP/IP networking.
======================================================
Candidate: CAN-1999-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0358
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990617
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc
Reference: CIAC:J-027
Digital Unix 4.0 has a buffer overflow in the inc program of the mh
package.
Modifications:
ADDREF XF:du-inc
ADDREF CIAC:J-027
INFERRED ACTION: CAN-1999-0358 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Hill, Northcutt, Shostack
MODIFY(2) Frech, Prosser
NOOP(1) Christey
Voter Comments:
Prosser> Ref'd SSRT has an 'at' vulnerable as well supposedly fixed by
the patch. Shouldn't this be included as a seperate CVE in this
cluster. ref:BugTraq "Digital Unix Buffer Overflows: Exploits" from
Lamont Granquist for both as well.
Frech> Reference: XF:du-inc
Christey> ADDREF CIAC:J-027
======================================================
Candidate: CAN-1999-0393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0393
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection
Remote attackers can cause a denial of service in Sendmail 8.8.x and
8.9.2 by sending messages with a large number of headers.
Modifications:
ADDREF XF:sendmail-parsing-redirection
CHANGEREF BUGTRAQ [change date to 19981212]
ADDREF BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
INFERRED ACTION: CAN-1999-0393 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Blake, Ozancin, Landfield, Cole
MODIFY(2) Frech, Baker
NOOP(3) Christey, Bishop, Wall
Voter Comments:
Frech> I assume that Reference: BUGTRAQ:Dec12,1999 is not attesting to the power of
CVE to foresee events in the future. This reference should be 12/12/98.
ADDREF XF:sendmail-parsing-redirection
Christey>
This issue is acknowledged in BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
URL: http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2
Landfield> with Frech modifications
CHANGE> [Cole changed vote from NOOP to ACCEPT]
Baker> Vulnerability Reference (HTML) Reference Type
http://www.securityfocus.com/archive/1/11556 Misc Defensive Info
http://xforce.iss.net/static/2300.php Misc Defensive Info
Christey> CVE-1999-0478 looks like it could be a duplicate, but
HP's advisory is so vague that you can't be certain. The
only close hint is: "Public domain fixes now in sendmail
8.9.3 have been ported to HP-UX sendmail 8.8.6 release patch."
However, the HP advisory only says that HP 8.8.6 Sendmails
"accept connections sub-optimally." CAN-1999-0393
clearly has nothing to do with mishandling connections.
======================================================
Candidate: CAN-1999-0395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0395
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol
A race condition in the BackWeb Polite Agent Protocol allows an
attacker to spoof a BackWeb server.
Modifications:
CHANGEREF ISS [canonicalize]
ADDREF XF:backweb-polite-agent-protocol
INFERRED ACTION: CAN-1999-0395 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Hill, Stracener
MODIFY(1) Frech
NOOP(2) Landfield, Northcutt
Voter Comments:
Frech> XF:backweb-polite-agent-protocol
======================================================
Candidate: CAN-1999-0403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0403
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990728
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang
A bug in Cyrix CPUs on Linux allows local users to perform a denial
of service.
Modifications:
CHANGEREF BUGTRAQ [canonicalize]
INFERRED ACTION: CAN-1999-0403 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Blake, Northcutt
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:cyrix-hang(1716)
In description, correct plural usage is "CPUs."
======================================================
Candidate: CAN-1999-0429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0429
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990726
Assigned: 19990607
Category: CF
Reference: BUGTRAQ:19990323
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2
Reference: XF:lotus-client-encryption
The Lotus Notes 4.5 client may send a copy of encrypted mail in the
clear across the network if the user does not set the "Encrypt Saved
Mail" preference.
Modifications:
CHANGEREF BUGTRAQ [canonicalize]
ADDREF BUGTRAQ:19990324 Re: LNotes encryption
ADDREF BUGTRAQ:19990326 Lotus Notes Encryption Bug
ADDREF BUGTRAQ:19990326 Re: Lotus Notes security advisory
INFERRED ACTION: CAN-1999-0429 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(5) Blake, Ozancin, Landfield, Frech, Cole
MODIFY(1) Baker
NOOP(2) Wall, Bishop
Voter Comments:
Baker> Vulnerability Reference (HTML) Reference Type
http://www.securityfocus.com/archive/1/12943 Misc Defensive Info
http://xforce.iss.net/static/2047.php Misc Defensive Info
======================================================
Candidate: CAN-1999-0440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0440
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: XF:java-unverified-code
The byte code verifier component of the Java Virtual Machine (JVM)
allows remote execution through malicious web pages.
Modifications:
CHANGEREF BUGTRAQ [canonicalize]
ADDREF CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
INFERRED ACTION: CAN-1999-0440 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(7) Wall, Blake, Ozancin, Landfield, Frech, Cole, Bishop
MODIFY(1) Baker
Voter Comments:
CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
Baker> Vulnerability Reference (HTML) Reference Type
http://www.microsoft.com/java/vm/dl_vm31.htm Patch Info
http://www.microsoft.com/windows/ie/download/jvm.htm Patch Info
http://www.damnation/net/iecrash/Iecrash.zip Misc Offensive Info
http://hackersclub.com/km/library/hack/iecrash Misc Offensive Info
http://xforce.iss.net/static/2025.php Misc Defensive Info
======================================================
Candidate: CAN-1999-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0671
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:572
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=572
Reference: XF:toxsoft-nextftp-cwd-bo
Buffer overflow in ToxSoft NextFTP client through CWD command.
Modifications:
ADDREF XF:toxsoft-nextftp-cwd-bo
INFERRED ACTION: CAN-1999-0671 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Levy, Blake
MODIFY(2) Frech, Stracener
NOOP(5) Bishop, Wall, Ozancin, Landfield, Cole
Voter Comments:
Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.035
Frech> XF:toxsoft-nextftp-cwd-bo
======================================================
Candidate: CAN-1999-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0672
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: XF:fujitsu-topic-bo
Reference: BID:573
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=573
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
Modifications:
ADDREF XF:fujitsu-topic-bo
INFERRED ACTION: CAN-1999-0672 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Levy, Blake
MODIFY(2) Frech, Stracener
NOOP(4) Wall, Ozancin, Landfield, Cole
Voter Comments:
Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.036
Frech> XF:fujitsu-topic-bo
======================================================
Candidate: CAN-1999-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0675
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
Reference: URL:http://www.securityfocus.com/archive/1/23615
Reference: BID:576
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=576
Reference: XF:checkpoint-port
Check Point FireWall-1 can be subjected to a denial of service via UDP
packets that are sent through VPN-1 to port 0 of a host.
Modifications:
ADDREF XF:checkpoint-port
DESC Add Check Point
ADDREF BUGTRAQ:19990809 FW1 UDP Port 0 DoS
INFERRED ACTION: CAN-1999-0675 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Levy, Blake, Landfield
MODIFY(2) Frech, Cole
NOOP(3) Wall, Ozancin, Christey
REVIEWING(1) Stracener
Voter Comments:
Cole> This only occurs when the VPN being used for the transport of the packet
supports ISAKMP encryption.
Frech> XF:checkpoint-port
Modify description to read "Check Point Firewall-1 ..."
Christey> http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908051851320.8871-100000@area51
Landfield> with modifications
======================================================
Candidate: CAN-1999-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0679
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: BID:581
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=581
Reference: XF:hybrid-ircd-minvite-bo
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows
remote attackers to execute commands via m_invite invite option.
Modifications:
ADDREF XF:hybrid-ircd-minvite-bo
ADDREF CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
INFERRED ACTION: CAN-1999-0679 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(8) Bishop, Levy, Wall, Blake, Ozancin, Landfield, Cole, Stracener
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:hybrid-ircd-minvite-bo
CHANGE> [Cole changed vote from NOOP to ACCEPT]
Christey> Possible vendor acknowledgement; see
http://www.efnet.org/archive/servers/hybrid/ChangeLog
Discloser said the problem existed until beta 58. A quote by Dianora
for hybrid-6-b57 says "fixed mtrie_conf.c kline code," but it can't be
certain if it's related to this bug. Section "hybrid-6-b75" includes
this statement by Dianora: "corrected possible buffer overflows in
m_knock, m_invite". Sounds like it, but can't be sure, especially
considering the discloser said that it was fixed in beta 58, and there
was independent confirmation of that statement.
======================================================
Candidate: CAN-1999-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0697
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
Reference: BID:621
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=621
Reference: XF:sco-doctor-execute
SCO Doctor allows local users to gain root privileges through a Tools
option.
Modifications:
ADDREF XF:sco-doctor-execute
INFERRED ACTION: CAN-1999-0697 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(6) Bishop, Levy, Blake, Landfield, Cole, Stracener
MODIFY(1) Frech
NOOP(2) Wall, Ozancin
Voter Comments:
Frech> XF:sco-doctor-execute
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0759
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: BID:634
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=634
Reference: XF:fuseware-popmail-bo
Buffer overflow in FuseMAIL POP service via long USER and PASS
commands.
Modifications:
ADDREF XF:fuseware-popmail-bo
ADDREF CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
INFERRED ACTION: CAN-1999-0759 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(6) Stracener, Levy, Wall, Ozancin, Landfield, Cole
MODIFY(1) Frech
NOOP(2) Armstrong, Christey
Voter Comments:
Frech> XF:fuseware-popmail-bo
Wall> Also part of BlackIce detection.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
Christey> CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
The originally vulnerable version was reported as 2.7
This FAQ Says: "Although a security hole was reported in
version 2.7, and which also existed in earlier versions, that hole
has been fixed in all later versions. It must be stressed that the
potential security risk was only on the local side.
To date there have been no reports of a security risk from
the Internet side, despite the attempts by a number of hackers to find
one."
======================================================
Candidate: CAN-1999-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0787
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2
Reference: XF:ssh-socket-auth-symlink-dos
Reference: BID:660
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=660
The SSH authentication agent follows symlinks via a UNIX domain
socket.
Modifications:
ADDREF BUGTRAQ:19990917 A few bugs...
ADDREF BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
ADDREF XF:ssh-socket-auth-symlink-dos
INFERRED ACTION: CAN-1999-0787 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Armstrong, Levy, Landfield
MODIFY(2) Stracener, Frech
NOOP(3) Wall, Ozancin, Cole
Voter Comments:
Stracener> Add Ref: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Frech> XF:ssh-socket-auth-symlink-dos
======================================================
Candidate: CAN-1999-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0788
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2
Reference: BID:662
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=662
Reference: XF:arkiea-backup-nlserverd-remote-dos
Arkiea nlservd allows remote attackers to conduct a denial of service.
Modifications:
ADDREF BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
ADDREF XF:arkiea-backup-nlserverd-remote-dos
INFERRED ACTION: CAN-1999-0788 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Levy, Wall, Landfield, Cole
MODIFY(2) Stracener, Frech
NOOP(2) Armstrong, Ozancin
Voter Comments:
Stracener> Add Ref:BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote
DoS
Frech> XF:arkiea-backup-nlserverd-remote-dos
Wall> exploit code on packetstorm
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0791
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0791
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Reference: KSRT:012
Reference: BID:695
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=695
Reference: XF:hybrid-anon-cable-modem-reconfig
Hybrid Network cable modems do not include an authentication mechanism
for administration, allowing remote attackers to compromise the system
through the HSMP protocol.
Modifications:
ADDREF BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
ADDREF BID:695
ADDREF XF:hybrid-anon-cable-modem-reconfig
INFERRED ACTION: CAN-1999-0791 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Levy, Prosser, Cole
MODIFY(2) Stracener, Frech
NOOP(4) Wall, Ozancin, Landfield, Christey
REVIEWING(1) Armstrong
Voter Comments:
Stracener> Add Ref: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable
Modems
Frech> XF:hybrid-anon-cable-modem-reconfig
Christey> ADDREF BID:695
URL:http://www.securityfocus.com/vdb/bottom.html?vid=695
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0823
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:839
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=839
Reference: XF:freebsd-xmindpath
Buffer overflow in FreeBSD xmindpath allows local users to gain
privileges via -f argument.
Modifications:
ADDREF XF:freebsd-xmindpath
INFERRED ACTION: CAN-1999-0823 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(2) Cole, Frech
NOOP(1) Christey
REVIEWING(1) Prosser
Voter Comments:
Cole> This is via a buffer overflow attack.
Frech> XF:freebsd-xmindpath
Christey> Mike Prosser's REVIEWING vote expires July 17, 2000
======================================================
Candidate: CAN-1999-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0826
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:840
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=840
Reference: XF:angband-bo
Buffer overflow in FreeBSD angband allows local users to gain
privileges.
Modifications:
ADDREF XF:angband-bo
INFERRED ACTION: CAN-1999-0826 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Cole, Stracener, Armstrong
MODIFY(1) Frech
NOOP(1) Christey
REVIEWING(1) Prosser
Voter Comments:
Frech> XF:angband-bo
Christey> Mike Prosser's REVIEWING vote expires July 17, 2000
======================================================
Candidate: CAN-1999-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0873
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BID:759
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=759
Reference: XF:skyfull-mail-from-bo
Buffer overflow in Skyfull mail server via MAIL FROM command.
Modifications:
ADDREF XF:skyfull-mail-from-bo
INFERRED ACTION: CAN-1999-0873 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield
MODIFY(1) Frech
NOOP(2) Armstrong, Ozancin
Voter Comments:
Frech> XF:skyfull-mail-from-bo
Wall> Exploit c code on packetstorm
======================================================
Candidate: CAN-1999-0904
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0904
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: XF:bftelnet-username-dos
Reference: BID:771
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=771
Buffer overflow in BFTelnet allows remote attackers to cause a denial
of service via a long username.
Modifications:
ADDREF XF:bftelnet-username-dos
INFERRED ACTION: CAN-1999-0904 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(5) Cole, Stracener, Levy, Wall, Landfield
MODIFY(1) Frech
NOOP(1) Ozancin
Voter Comments:
Frech> XF:bftelnet-username-dos
Wall> Found by Ussr labs
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0912
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Reference: BID:653
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=653
Reference: XF:freebsd-vfscache-dos
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of
service by opening a large number of files.
Modifications:
ADDREF XF:freebsd-vfscache-dos
INFERRED ACTION: CAN-1999-0912 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Cole, Stracener, Levy, Landfield
MODIFY(1) Frech
NOOP(2) Wall, Ozancin
REVIEWING(1) Armstrong
Voter Comments:
Frech> XF:freebsd-vfscache-dos
======================================================
Candidate: CAN-1999-0927
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0927
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: EEYE:AD05261999
Reference: BID:279
Reference: XF:ntmail-fileread
NTMail allows remote attackers to read arbitrary files via a .. (dot
dot) attack.
Modifications:
ADDREF BID:279
ADDREF XF:ntmail-fileread
INFERRED ACTION: CAN-1999-0927 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Cole, Stracener, Wall, Landfield
MODIFY(2) Frech, Levy
NOOP(2) Armstrong, Ozancin
Voter Comments:
Frech> XF:ntmail-fileread
CHANGE> [Levy changed vote from REVIEWING to MODIFY]
Levy> BID 279
======================================================
Candidate: CAN-1999-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0928
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
Reference: XF:websuite-dos
Reference: BID:278
Buffer overflow in SmartDesk WebSuite allows remote attackers to cause
a denial of service via a long URL.
Modifications:
ADDREF XF:websuite-dos
ADDREF BID:278
INFERRED ACTION: CAN-1999-0928 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Cole, Stracener, Wall
MODIFY(2) Frech, Levy
NOOP(4) Christey, Armstrong, Ozancin, Landfield
Voter Comments:
Frech> XF:websuite-dos
Levy> BID 278
Christey> http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D278
It appears that the product has been discontinued, and was
shareware.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0932
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:735
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=735
Reference: XF:mediahouse-stats-adminpw-cleartext
Mediahouse Statistics Server allows remote attackers to read the
administrator password, which is stored in cleartext in the ss.cfg
file.
Modifications:
ADDREF XF:mediahouse-stats-adminpw-cleartext
INFERRED ACTION: CAN-1999-0932 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Stracener, Levy
MODIFY(1) Frech
Voter Comments:
Frech> XF:mediahouse-stats-adminpw-cleartext
======================================================
Candidate: CAN-1999-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0942
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Reference: XF:sco-unixware-dos7utils-root-privs
UnixWare dos7utils allows a local user to gain root privileges by
using the STATICMERGE environmental variable to find a script which
it executes.
Modifications:
ADDREF XF:sco-unixware-dos7utils-root-privs
INFERRED ACTION: CAN-1999-0942 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(4) Armstrong, Wall, Ozancin, Landfield
Voter Comments:
Frech> XF:sco-unixware-dos7utils-root-privs
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0946
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: XF:yamaha-midiplug-embed
Reference: BID:760
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=760
Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED
tag.
Modifications:
ADDREF XF:yamaha-midiplug-embed
INFERRED ACTION: CAN-1999-0946 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Stracener, Armstrong, Levy, Wall
MODIFY(1) Frech
NOOP(3) Cole, Ozancin, Landfield
Voter Comments:
Frech> XF:yamaha-midiplug-embed
======================================================
Candidate: CAN-1999-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0954
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Reference: BID:649
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=649
WWWBoard has a default username and default password.
CONTENT-DECISIONS: CF-PASS
INFERRED ACTION: CAN-1999-0954 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(4) Cole, Stracener, Levy, Wall
MODIFY(1) Frech
NOOP(3) Armstrong, Ozancin, Landfield
Voter Comments:
Frech> XF:http-cgi-wwwboard-default
CHANGE> [Cole changed vote from NOOP to ACCEPT]
======================================================
Candidate: CAN-1999-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0971
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/7301
Reference: XF:exim-include-overflow
Buffer overflow in Exim allows local users to gain root privileges via
a long :include: option in a .forward file.
Modifications:
ADDREF XF:exim-include-overflow
INFERRED ACTION: CAN-1999-0971 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Cole, Stracener, Landfield
MODIFY(2) Frech, Baker
NOOP(3) Armstrong, Wall, Ozancin
Voter Comments:
Frech> XF:exim-include-overflow
Baker> http://www.securityfocus.com/archive/1/7301
======================================================
Candidate: CAN-2000-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0366
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership
Reference: BID:1442
dump in Debian Linux 2.1 does not properly restore symlinks, which
allows a local user to modify the ownership of arbitrary files.
Modifications:
ADDREF XF:debian-dump-modify-ownership
ADDREF BID:1442
INFERRED ACTION: CAN-2000-0366 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Cole, Stracener, Levy
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:debian-dump-modify-ownership
Christey> ADDREF BID:1442
URL:http://www.securityfocus.com/bid/1442
======================================================
Candidate: CAN-2000-0369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0369
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20000706-01
Proposed: 20000524
Assigned: 20000523
Category: SF
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: BID:1266
Reference: XF:caldera-ident-server-dos
The IDENT server in Caldera Linux 2.3 creates multiple threads for
each IDENT request, which allows remote attackers to cause a denial of
service.
Modifications:
ADDREF BID:1266
ADDREF XF:caldera-ident-server-dos
INFERRED ACTION: CAN-2000-0369 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(3) Cole, Stracener, Levy
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> ADDREF BID:1266
Frech> XF:caldera-ident-server-dos
======================================================
Candidate: CAN-2000-0374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0374
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001009-02
Proposed: 20000524
Assigned: 20000523
Category: CF
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: BID:1446
Reference: XF:caldera-kdm-default-configuration
The default configuration of kdm in Caldera Linux allows XDMCP
connections from any host, which allows remote attackers to obtain
sensitive information or bypass additional access restrictions.
Modifications:
ADDREF XF:caldera-kdm-default-configuration
ADDREF BID:1446
INFERRED ACTION: CAN-2000-0374 FINAL (Final Decision 20001013)
Current Votes:
ACCEPT(2) Stracener, Levy
MODIFY(1) Frech
NOOP(2) Christey, Cole
Voter Comments:
Frech> XF:caldera-kdm-default-configuration
Christey> BID:1446
URL:http://www.securityfocus.com/bid/1446