[FINAL] ACCEPT 81 recent candidates from RECENT-28 to RECENT-35

• To: cve-editorial-board-list@lists.mitre.org
• Subject: [FINAL] ACCEPT 81 recent candidates from RECENT-28 to RECENT-35
• From: "Steven M. Christey" <coley@linus.mitre.org>
• Date: Fri, 13 Oct 2000 18:23:23 -0400 (EDT)
• Delivery-Date: Fri Oct 13 18:26:20 2000
• Sender: owner-cve-editorial-board-list@lists.mitre.org

I have made a Final Decision to ACCEPT the following candidates from
the RECENT-28 through RECENT-35 clusters.  These candidates are now
assigned CVE names as noted below.  The resulting CVE entries will be
published in the near future in a new version of CVE.  Voting details
and comments are provided at the end of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-2000-0621	CVE-2000-0621
CAN-2000-0624	CVE-2000-0624
CAN-2000-0627	CVE-2000-0627
CAN-2000-0628	CVE-2000-0628
CAN-2000-0630	CVE-2000-0630
CAN-2000-0631	CVE-2000-0631
CAN-2000-0632	CVE-2000-0632
CAN-2000-0633	CVE-2000-0633
CAN-2000-0634	CVE-2000-0634
CAN-2000-0635	CVE-2000-0635
CAN-2000-0636	CVE-2000-0636
CAN-2000-0637	CVE-2000-0637
CAN-2000-0638	CVE-2000-0638
CAN-2000-0639	CVE-2000-0639
CAN-2000-0640	CVE-2000-0640
CAN-2000-0641	CVE-2000-0641
CAN-2000-0642	CVE-2000-0642
CAN-2000-0643	CVE-2000-0643
CAN-2000-0644	CVE-2000-0644
CAN-2000-0651	CVE-2000-0651
CAN-2000-0652	CVE-2000-0652
CAN-2000-0654	CVE-2000-0654
CAN-2000-0655	CVE-2000-0655
CAN-2000-0660	CVE-2000-0660
CAN-2000-0661	CVE-2000-0661
CAN-2000-0663	CVE-2000-0663
CAN-2000-0664	CVE-2000-0664
CAN-2000-0665	CVE-2000-0665
CAN-2000-0666	CVE-2000-0666
CAN-2000-0668	CVE-2000-0668
CAN-2000-0669	CVE-2000-0669
CAN-2000-0670	CVE-2000-0670
CAN-2000-0671	CVE-2000-0671
CAN-2000-0673	CVE-2000-0673
CAN-2000-0674	CVE-2000-0674
CAN-2000-0675	CVE-2000-0675
CAN-2000-0676	CVE-2000-0676
CAN-2000-0677	CVE-2000-0677
CAN-2000-0678	CVE-2000-0678
CAN-2000-0681	CVE-2000-0681
CAN-2000-0682	CVE-2000-0682
CAN-2000-0683	CVE-2000-0683
CAN-2000-0684	CVE-2000-0684
CAN-2000-0685	CVE-2000-0685
CAN-2000-0700	CVE-2000-0700
CAN-2000-0703	CVE-2000-0703
CAN-2000-0705	CVE-2000-0705
CAN-2000-0706	CVE-2000-0706
CAN-2000-0707	CVE-2000-0707
CAN-2000-0708	CVE-2000-0708
CAN-2000-0711	CVE-2000-0711
CAN-2000-0712	CVE-2000-0712
CAN-2000-0718	CVE-2000-0718
CAN-2000-0725	CVE-2000-0725
CAN-2000-0727	CVE-2000-0727
CAN-2000-0728	CVE-2000-0728
CAN-2000-0730	CVE-2000-0730
CAN-2000-0733	CVE-2000-0733
CAN-2000-0737	CVE-2000-0737
CAN-2000-0743	CVE-2000-0743
CAN-2000-0744	CVE-2000-0744
CAN-2000-0745	CVE-2000-0745
CAN-2000-0750	CVE-2000-0750
CAN-2000-0751	CVE-2000-0751
CAN-2000-0754	CVE-2000-0754
CAN-2000-0758	CVE-2000-0758
CAN-2000-0761	CVE-2000-0761
CAN-2000-0763	CVE-2000-0763
CAN-2000-0765	CVE-2000-0765
CAN-2000-0767	CVE-2000-0767
CAN-2000-0768	CVE-2000-0768
CAN-2000-0770	CVE-2000-0770
CAN-2000-0771	CVE-2000-0771
CAN-2000-0777	CVE-2000-0777
CAN-2000-0778	CVE-2000-0778
CAN-2000-0779	CVE-2000-0779
CAN-2000-0780	CVE-2000-0780
CAN-2000-0782	CVE-2000-0782
CAN-2000-0786	CVE-2000-0786
CAN-2000-0787	CVE-2000-0787
CAN-2000-0792	CVE-2000-0792



======================================================
Candidate: CAN-2000-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0621
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000726
Category: SF
Reference: MS:MS00-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501
Reference: XF:outlook-cache-bypass
Reference: URL:http://xforce.iss.net/static/5013.php

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x,
allow remote attackers to read files on the client's system via a
malformed HTML message that stores files outside of the cache, aka the
"Cache Bypass" vulnerability.


Modifications:
  ADDREF XF:outlook-cache-bypass

INFERRED ACTION: CAN-2000-0621 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:outlook-cache-bypass(5013)


======================================================
Candidate: CAN-2000-0624
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0624
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496
Reference: XF:winamp-playlist-parser-bo
Reference: URL:http://xforce.iss.net/static/4956.php

Buffer overflow in Winamp 2.64 and earlier allows remote attackers to
execute arbitrary commands via a long #EXTINF: extension in the M3U
playlist.


Modifications:
  ADDREF XF:winamp-playlist-parser-bo
  ADDREF CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
  DESC COrrect spelling for Winamp

INFERRED ACTION: CAN-2000-0624 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:winamp-playlist-parser-bo(4956)
   In the description, Nullsoft spells their product as "Winamp."
 Christey> CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
   Comment in version 2.65: "Fix to ex-m3u bug/security hole."


======================================================
Candidate: CAN-2000-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0627
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486
Reference: XF:blackboard-courseinfo-dbase-modification
Reference: URL:http://xforce.iss.net/static/4946.php

BlackBoard CourseInfo 4.0 does not properly authenticate users, which
allows local users to modify CourseInfo database information and gain
privileges by directly calling the supporting CGI programs such as
user_update_passwd.pl and user_update_admin.pl.


Modifications:
  ADDREF XF:blackboard-courseinfo-dbase-modification
  ADDREF BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0

INFERRED ACTION: CAN-2000-0627 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Blake
   MODIFY(1) Frech
   NOOP(5) Armstrong, LeBlanc, Ozancin, Christey, Cole

Voter Comments:
 Frech> XF:blackboard-courseinfo-dbase-modification(4946)
 Christey> Vendor acknowledgement is at:
   BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
   URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> Vendor has released a patch for this vulnerability.


======================================================
Candidate: CAN-2000-0628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0628
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: BID:1457
Reference: URL:http://www.securityfocus.com/bid/1457
Reference: XF:apache-source-asp-file-write
Reference: URL:http://xforce.iss.net/static/4931.php

The source.asp example script in the Apache ASP module Apache::ASP
1.93 and earlier allows remote attackers to modify files.


Modifications:
  ADDREF XF:apache-source-asp-file-write

INFERRED ACTION: CAN-2000-0628 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:apache-source-asp-file-write(4931)


======================================================
Candidate: CAN-2000-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0630
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488
Reference: XF:iis-htr-obtain-code
Reference: URL:http://xforce.iss.net/static/5104.php

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source
code by appending a +.htr to the URL, a variant of the "File Fragment
Reading via .HTR" vulnerability.


Modifications:
  ADDREF XF:iis-htr-obtain-code

INFERRED ACTION: CAN-2000-0630 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-htr-obtain-code(5104)


======================================================
Candidate: CAN-2000-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0631
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476
Reference: XF:iis-absent-directory-dos
Reference: URL:http://xforce.iss.net/static/4951.php

An administrative script from IIS 3.0, later included in IIS 4.0 and
5.0, allows remote attackers to cause a denial of service by accessing
the script without a particular argument, aka the "Absent Directory
Browser Argument" vulnerability.


Modifications:
  ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
  ADDREF XF:iis-absent-directory-dos

INFERRED ACTION: CAN-2000-0631 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:iis-absent-directory-dos(4951)
 Christey> ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2


======================================================
Candidate: CAN-2000-0632
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0632
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490
Reference: XF:lsoft-listserv-querystring-bo
Reference: URL:http://xforce.iss.net/static/4952.php

Buffer overflow in the web archive component of L-Soft Listserv 1.8d
and earlier allows remote attackers to execute arbitrary commands via
a long query string.


Modifications:
  DESC fix typo: change "ot" to "of"
  ADDREF XF:lsoft-listserv-querystring-bo

INFERRED ACTION: CAN-2000-0632 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> Fix typo: "ot"
 Frech> XF:lsoft-listserv-querystring-bo(4952)
   Suggest that canonical NAI reference is housed at
   http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp.


======================================================
Candidate: CAN-2000-0633
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0633
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: REDHAT:RHSA-2000:053-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053-02.html
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489
Reference: XF:linux-usermode-dos
Reference: URL:http://xforce.iss.net/static/4944.php

Vulnerability in Mandrake Linux usermode package allows local users to
to reboot or halt the system.


Modifications:
  ADDREF XF:linux-usermode-dos
  ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
  ADDREF REDHAT:RHSA-2000:053-01

INFERRED ACTION: CAN-2000-0633 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:linux-usermode-dos(4944)
 Christey> ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
   http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
   ADDREF REDHAT:RHSA-2000:053-01
   http://www.redhat.com/support/errata/RHSA-2000-053-02.html


======================================================
Candidate: CAN-2000-0634
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0634
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493
Reference: XF:communigate-pro-file-read
Reference: URL:http://xforce.iss.net/static/5105.php

The web administration interface for CommuniGate Pro 3.2.5 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot)
attack.


Modifications:
  ADDREF XF:communigate-pro-file-read

INFERRED ACTION: CAN-2000-0634 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:communigate-pro-file-read(5105)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> SecuriTeam and bugtraq seem to be the only source; first discovered by a
   Japanese fellow.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0635
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0635
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: BID:1449
Reference: URL:http://www.securityfocus.com/bid/1449
Reference: XF:minivend-viewpage-sample
Reference: URL:http://xforce.iss.net/static/4880.php

The view_page.html sample page in the MiniVend shopping cart program
allows remote attackers to execute arbitrary commands via shell
metacharacters.


Modifications:
  ADDREF XF:minivend-viewpage-sample
  ADDREF CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html

INFERRED ACTION: CAN-2000-0635 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:minivend-viewpage-sample(4880)
 Christey> CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html


======================================================
Candidate: CAN-2000-0636
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0636
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491
Reference: XF:hp-jetdirect-quote-dos
Reference: URL:http://xforce.iss.net/static/4947.php

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
remote attackers to cause a denial of service via a malformed FTP
quote command.


Modifications:
  ADDREF hp-jetdirect-quote-dos(4947)

INFERRED ACTION: CAN-2000-0636 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Cole
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Ozancin
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:hp-jetdirect-quote-dos(4947)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
 Wall> ISS and SecuriTeam include this as a vulnerability.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0637
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0637
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
Reference: MS:MS00-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp
Reference: BID:1451
Reference: URL:http://www.securityfocus.com/bid/1451
Reference: XF:excel-register-function
Reference: URL:http://xforce.iss.net/static/5016.php

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary
commands by specifying a malicious .dll using the Register.ID
function, aka the "Excel REGISTER.ID Function" vulnerability.


Modifications:
  ADDREF XF:excel-register-function

INFERRED ACTION: CAN-2000-0637 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:excel-register-function(5016)


======================================================
Candidate: CAN-2000-0638
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0638
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: BID:1455
Reference: URL:http://www.securityfocus.com/bid/1455
Reference: XF:http-cgi-bigbrother-bbhostsvc
Reference: URL:http://xforce.iss.net/static/4879.php

Big Brother 1.4h1 and earlier allows remote attackers to read
arbitrary files via a .. (dot dot) attack.


Modifications:
  ADDREF XF:http-cgi-bigbrother-bbhostsvc

INFERRED ACTION: CAN-2000-0638 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:http-cgi-bigbrother-bbhostsvc(4879)


======================================================
Candidate: CAN-2000-0639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0639
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
Reference: BID:1494
Reference: URL:http://www.securityfocus.com/bid/1494
Reference: XF:big-brother-filename-extension
Reference: URL:http://xforce.iss.net/static/5103.php

The default configuration of Big Brother 1.4h2 and earlier does not
include proper access restrictions, which allows remote attackers to
execute arbitrary commands by using bbd to upload a file whose
extension will cause it to be executed as a CGI script by the web
server.


Modifications:
  ADDREF XF:big-brother-filename-extension

INFERRED ACTION: CAN-2000-0639 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:big-brother-filename-extension(5103)


======================================================
Candidate: CAN-2000-0640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0640
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452
Reference: XF:guild-ftpd-disclosure
Reference: URL:http://xforce.iss.net/static/4922.php

Guild FTPd allows remote attackers to determine the existence of files
outside the FTP root via a .. (dot dot) attack, which provides
different error messages depending on whether the file exists or not.


Modifications:
  ADDREF XF:guild-ftpd-disclosure

INFERRED ACTION: CAN-2000-0640 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Blake, Ozancin, Cole
   MODIFY(2) Wall, Frech
   NOOP(2) Armstrong, LeBlanc

Voter Comments:
 Frech> XF:guild-ftpd-disclosure(4922)
 CHANGE> [Wall changed vote from NOOP to MODIFY]
 Wall> "Guild FTPd for Windows 98 and Windows NT 4.0 allows" ...
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0641
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453
Reference: XF:savant-get-bo
Reference: URL:http://xforce.iss.net/static/4901.php

Savant web server allows remote attackers to execute arbitrary
commands via a long GET request.


Modifications:
  ADDREF XF:savant-get-bo

INFERRED ACTION: CAN-2000-0641 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Cole

Voter Comments:
 Frech> XF:savant-get-bo(4901)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> USSR Labs and multiple references.


======================================================
Candidate: CAN-2000-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0642
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497
Reference: XF:webactive-active-log
Reference: URL:http://xforce.iss.net/static/5184.php

The default configuration of WebActive HTTP Server 1.00 stores the web
access log active.log in the document root, which allows remote
attackers to view the logs by directly requesting the page.


Modifications:
  ADDREF XF:webactive-active-log

INFERRED ACTION: CAN-2000-0642 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:webactive-active-log(5184)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0643
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470
Reference: XF:webactive-long-get-dos
Reference: URL:http://xforce.iss.net/static/4949.php

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
to cause a denial of service via a long URL.


Modifications:
  ADDREF XF:webactive-long-get-dos

INFERRED ACTION: CAN-2000-0643 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Blake
   MODIFY(1) Frech
   NOOP(4) Armstrong, LeBlanc, Ozancin, Cole

Voter Comments:
 Frech> XF:webactive-long-get-dos(4949)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0644
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506
Reference: XF:wftpd-stat-dos
Reference: URL:http://xforce.iss.net/static/5003.php

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing a STAT command while the LIST command is still
executing.


Modifications:
  ADDREF XF:wftpd-stat-dos

INFERRED ACTION: CAN-2000-0644 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Christey
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:wftpd-stat-dos(5003)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> See http://www.wftpd.com/bugpage.htm

   Bug details for RC12 identify other vuln's found by the discloser, but
   not this one.  Did the vendor forget to fix it, or did they forget to
   document the fix?


======================================================
Candidate: CAN-2000-0651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0651
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440
Reference: XF:novell-bordermanager-verification
Reference: URL:http://xforce.iss.net/static/5186.php

The ClientTrust program in Novell BorderManager does not properly
verify the origin of authentication requests, which could allow remote
attackers to impersonate another user by replaying the authentication
requests and responses from port 3024 of the victim's machine.


Modifications:
  ADDREF XF:novell-bordermanager-verification

INFERRED ACTION: CAN-2000-0651 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:novell-bordermanager-verification(5186)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0652
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500
Reference: XF:websphere-showcode
Reference: URL:http://xforce.iss.net/static/5012.php

IBM WebSphere allows remote attackers to read source code for
executable web files by directly calling the default InvokerServlet
using a URL which contains the "/servlet/file" string.


Modifications:
  ADDREF XF:websphere-showcode

INFERRED ACTION: CAN-2000-0652 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Bollinger, Blake
   MODIFY(1) Frech
   NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole

Voter Comments:
 Frech> F:websphere-showcode(5012)
 Christey> The discoverers claim that APAR PQ39857 fixes the problem,
   but it could not be found on:
   http://www-4.ibm.com/software/webservers/appserv/efix.html


======================================================
Candidate: CAN-2000-0654
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0654
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1466
Reference: URL:http://www.securityfocus.com/bid/1466
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php

Microsoft Enterprise Manager allows local users to obtain database
passwords via the Data Transformation Service (DTS) package Registered
Servers Dialog dialog, aka a variant of the "DTS Password"
vulnerability.


Modifications:
  ADDREF XF:mssql-dts-reveal-passwords

INFERRED ACTION: CAN-2000-0654 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:mssql-dts-reveal-passwords(4582)
   We show a duplicate with CAN-2000-0485; this may be a LoA issue.
 Christey> There are 2 different dialogs which allow you to get to the
   database passwords; one is captured in CAN-2000-0485, and the
   other in CAN-2000-0654.  CD:SF-LOC suggests keeping these
   split.


======================================================
Candidate: CAN-2000-0655
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0655
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: REDHAT:RHSA-2000:046-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046-02.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt
Reference: TURBO:TLSA2000017-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
Reference: NETBSD:NetBSD-SA2000-011
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503
Reference: XF:netscape-jpg-comment

Netscape Communicator 4.73 and earlier allows remote attackers to
cause a denial of service or execute arbitrary commands via a JPEG
image containing a comment with an illegal field length of 1.


Modifications:
  ADDREF XF:netscape-jpg-comment
  ADDREF FREEBSD:FreeBSD-SA-00:39
  ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
  ADDREF NETBSD:NetBSD-SA2000-011
  ADDREF TURBO:TLSA2000017-1
  ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
  ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape

INFERRED ACTION: CAN-2000-0655 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Cole
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Christey

Voter Comments:
 Frech> XF:netscape-jpg-comment(5014)
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:39
   ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
   http://www.suse.de/de/support/security/suse_security_announce_60.txt
   ADDREF TURBO:TLSA2000017-1
   URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
   ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
   ADDREF NETBSD:NetBSD-SA2000-011
   URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
   ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html


======================================================
Candidate: CAN-2000-0660
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0660
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: BID:1462
Reference: URL:http://www.securityfocus.com/bid/1462
Reference: XF:worldclient-dir-traverse
Reference: URL:http://xforce.iss.net/static/4913.php

The WDaemon web server for WorldClient 2.1 allows remote attackers to
read arbitrary files via a .. (dot dot) attack.


Modifications:
  ADDREF XF:worldclient-dir-traverse
  ADDREF CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt

INFERRED ACTION: CAN-2000-0660 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:worldclient-dir-traverse(4913)
 Christey> CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt


======================================================
Candidate: CAN-2000-0661
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0661
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448
Reference: XF:wircsrv-character-flood-dos
Reference: URL:http://xforce.iss.net/static/4914.php

WircSrv IRC Server 5.07s allows remote attackers to cause a denial of
service via a long string to the server port.


Modifications:
  ADDREF XF:wircsrv-character-flood-dos

INFERRED ACTION: CAN-2000-0661 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:wircsrv-character-flood-dos(4914)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0663
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507
Reference: XF:explorer-relative-path-name
Reference: URL:http://xforce.iss.net/static/5040.php

The registry entry for the Windows Shell executable (Explorer.exe) in
Windows NT and Windows 2000 uses a relative path name, which allows
local users to execute arbitrary commands by inserting a Trojan Horse
named Explorer.exe into the %Systemdrive% directory, aka the "Relative
Shell Path" vulnerability.


Modifications:
  ADDREF XF:explorer-relative-path-name

INFERRED ACTION: CAN-2000-0663 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, LeBlanc, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:explorer-relative-path-name(5040)


======================================================
Candidate: CAN-2000-0664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0664
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508
Reference: XF:analogx-simpleserver-directory-path
Reference: URL:http://xforce.iss.net/static/4999.php

AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read
arbitrary files via a modified .. (dot dot) attack that uses the %2E
URL encoding for the dots.


Modifications:
  ADDREF XF:analogx-simpleserver-directory-path

INFERRED ACTION: CAN-2000-0664 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:analogx-simpleserver-directory-path(4999)


======================================================
Candidate: CAN-2000-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0665
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478
Reference: XF:gamsoft-telsrv-dos
Reference: URL:http://xforce.iss.net/static/4945.php

GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
cause a denial of service via a long username.


Modifications:
  ADDREF XF:gamsoft-telsrv-dos
  ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
  DESC Change vendor name to "GAMSoft"

INFERRED ACTION: CAN-2000-0665 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Blake, Cole
   MODIFY(1) Frech
   NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Christey

Voter Comments:
 Frech> XF:gamsoft-telsrv-dos(4945)
 Christey> Change vendor name to "GAMSoft"
   ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
   http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html

   This is an additional impact of the same DoS described in the
   earlier NTBUGTRAQ post.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0666
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0666
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: DEBIAN:20000715 rpc.statd: remote root exploit
Reference: URL:http://www.debian.org/security/2000/20000719a
Reference: REDHAT:RHSA-2000:043-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: CERT:CA-2000-17
Reference: URL:http://www.cert.org/advisories/CA-2000-17.html
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480
Reference: XF:linux-rpcstatd-format-overwrite
Reference: URL:http://xforce.iss.net/static/4939.php

rpc.statd in the nfs-utils package in various Linux distributions does
not properly cleanse untrusted format strings, which allows remote
attackers to gain root privileges.


Modifications:
  ADDREF CERT:CA-2000-17
  ADDREF XF:linux-rpcstatd-format-overwrite

INFERRED ACTION: CAN-2000-0666 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF CERT:CA-2000-17
 Frech> XF:linux-rpcstatd-format-overwrite(4939)


======================================================
Candidate: CAN-2000-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0668
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: REDHAT:RHSA-2000:044-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044-02.html
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513
Reference: XF:linux-pam-console
Reference: URL:http://xforce.iss.net/static/5001.php

pam_console PAM module in Linux systems allows a user to access the
system console and reboot the system when a display manager such as
gdm or kdm has XDMCP enabled.


Modifications:
  ADDREF XF:linux-pam-console
  ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
  ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update

INFERRED ACTION: CAN-2000-0668 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:linux-pam-console(5001)
 Christey> ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
   http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
   ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update
   http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html


======================================================
Candidate: CAN-2000-0669
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0669
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467
Reference: XF:netware-port40193-dos

Novell NetWare 5.0 allows remote attackers to cause a denial of
service by flooding port 40193 with random data.


Modifications:
  ADDREF XF:netware-port40193-dos
  DESC Change spelling to "NetWare"

INFERRED ACTION: CAN-2000-0669 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin
   REVIEWING(1) Armstrong

Voter Comments:
 Frech> XF:netware-port40193-dos(4932)
   In the description, correct spelling is NetWare.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0670
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0670
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
Reference: DEBIAN:20000716
Reference: URL:http://www.debian.org/security/2000/20000719b
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc
Reference: TURBO:TLSA2000016-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
Reference: BID:1469
Reference: URL:http://www.securityfocus.com/bid/1469
Reference: XF:cvsweb-shell-access
Reference: URL:http://xforce.iss.net/static/4925.php

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with
write access to a CVS repository to execute arbitrary commands via
shell metacharacters.


Modifications:
  ADDREF XF:cvsweb-shell-access
  ADDREF TURBO:TLSA2000016-1

INFERRED ACTION: CAN-2000-0670 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:cvsweb-shell-access(4925)
 Christey> ADDREF FREEBSD:
   http://archives.neohapsis.com/archives/freebsd/2000-08/0096.html
   ADDREF TURBO:TLSA2000016-1
   http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html


======================================================
Candidate: CAN-2000-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0671
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510
Reference: XF:roxen-null-char-url
Reference: URL:http://xforce.iss.net/static/4965.php

Roxen web server earlier than 2.0.69 allows allows remote attackers to
bypass access restrictions, list directory contents, and read source
code by inserting a null character (%00) to the URL.


Modifications:
  DESC Clarify problem
  ADDREF XF:roxen-null-char-url

INFERRED ACTION: CAN-2000-0671 FINAL (Final Decision 20001013)

Current Votes:
   MODIFY(2) Levy, Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Levy> There really is more to this problem than simply being able to
   list the contents of a directory. Roxen uses Pike. Pike can handle
   strings with nulls in them, but the underlying OS truncates the
   string at the first null. Thus Roxen and the OS do not agree on
   what file the string really points to. On symptom is being able
   to list a directory. More dangerous is being able to bypass
   access restrictions by sending a query that passes the web server's
   ACLs but is valid to the underlying OS. You could also use it
   to download the source code to scripts by sending a request that
   the web server will not think is a file type that should be parsed
   or executed but that will make the underlying OS open the script for
   reading.
 Frech> XF:roxen-null-char-url(4965)


======================================================
Candidate: CAN-2000-0673
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0673
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: URL:http://www.pgp.com/research/covert/advisories/044.asp
Reference: MS:MS00-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515
Reference: XF:netbios-name-server-spoofing
Reference: URL:http://xforce.iss.net/static/5035.php

The NetBIOS Name Server (NBNS) protocol does not perform
authentication, which allows remote attackers to cause a denial of
service by sending a spoofed Name Conflict or Name Release datagram,
aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.


Modifications:
  ADDREF XF:netbios-name-server-spoofing

INFERRED ACTION: CAN-2000-0673 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Wall, LeBlanc, Cole
   MODIFY(2) Levy, Frech
   NOOP(1) Christey

Voter Comments:
 Levy> It seems you are conbining these two problems because they have the
   same root problem: that NetBIOS trusts everyone and its not authenticated.
   But if that is your reasoning then you can classify this as a software
   fault (SF), it should be a design flaw.
 Frech> XF:netbios-name-server-spoofing(5035)
 Christey> There isn't a "design flaw" category, although maybe there
   should be.  The "SF" (software fault) category encompasses
   both implementation flaws and design flaws.


======================================================
Candidate: CAN-2000-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0674
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471
Reference: XF:virtualvision-ftp-browser
Reference: URL:http://xforce.iss.net/static/5187.php

ftp.pl CGI program for Virtual Visions FTP browser allows remote
attackers to read directories outside of the document root via a
.. (dot dot) attack.


Modifications:
  ADDREF XF:virtualvision-ftp-browser

INFERRED ACTION: CAN-2000-0674 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Christey

Voter Comments:
 Frech> XF:virtualvision-ftp-browser(5187)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> I verified this via code inspection of ftp.pl as downloaded
   from http://www.arc-s.com/virtual_visions/files/ftp.zip on
   October 5, 2000.  The vulnerable lines are:
   line 114: $check_dir = $FORM_DATA{"dir"};
   line 116: $full_path = "$full_path/$check_dir";
   line 128: opendir (DIR, $full_path);
   line 129: @allfiles = readdir(DIR);

   It appears that the feartech vendor is no longer maintaining
   the code, as the feartech site (http://www.feartech.com/vv/ftp.shtml)
   points to the www.arc-s.com site I just referenced.


======================================================
Candidate: CAN-2000-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0675
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477
Reference: XF:gatekeeper-long-string-bo
Reference: URL:http://xforce.iss.net/static/4948.php

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
attackers to execute arbitrary commands via a long string.


Modifications:
  ADDREF XF:gatekeeper-long-string-bo

INFERRED ACTION: CAN-2000-0675 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:gatekeeper-long-string-bo(4948)
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0676
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001011-2
Proposed: 20000921
Assigned: 20000811
Category: SF
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Reference: REDHAT:RHSA-2000:054-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054-01.html
Reference: CALDERA:CSSA-2000-027.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1546
Reference: URL:http://www.securityfocus.com/bid/1546
Reference: XF:java-brownorifice

Netscape Communicator and Navigator 4.04 through 4.74 allows remote
attackers to read arbitrary files by using a Java applet to open a
connection to a URL using the "file", "http", "https", and "ftp"
protocols, as demonstrated by Brown Orifice.


Modifications:
  ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
  ADDREF REDHAT:RHSA-2000:054-01
  ADDREF CALDERA:CSSA-2000-027.1
  ADDREF FREEBSD:FreeBSD-SA-00:39
  ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
  ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
  ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
  ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
  ADDREF XF:java-brownorifice

INFERRED ACTION: CAN-2000-0676 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
   ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
   ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
   ADDREF REDHAT:RHSA-2000:054-01
   ADDREF CALDERA:CSSA-2000-027.1
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:39
   ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
   http://www.suse.de/de/support/security/suse_security_announce_60.txt
   ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
 Christey> ADDREF BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
   URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
 Frech> XF:java-brownorifice


======================================================
Candidate: CAN-2000-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0677
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000823
Category: SF
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/advise60.php
Reference: XF:ibm-netdata-db2www-bo
Reference: URL:http://xforce.iss.net/static/4976.php

Buffer overflow in IBM Net.Data db2www CGI program allows remote
attackers to execute arbitrary commands via a long PATH_INFO
environmental variable.


Modifications:
  ADDREF XF:ibm-netdata-db2www-bo

INFERRED ACTION: CAN-2000-0677 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Bollinger, Blake, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, Wall, Ozancin

Voter Comments:
 Frech> XF:ibm-netdata-db2www-bo(4976)
   Change ISS URL to http://xforce.iss.net/alerts/advise60.php


======================================================
Candidate: CAN-2000-0678
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0678
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000825
Category: SF
Reference: CERT:CA-2000-18
Reference: URL:http://www.cert.org/advisories/CA-2000-18.html
Reference: BID:1606
Reference: URL:http://www.securityfocus.com/bid/1606

PGP 5.5.x through 6.5.3 does not properly check if an Additional
Decryption Key (ADK) is stored in the signed portion of a public
certificate, which allows an attacker who can modify a victim's public
certificate to decrypt any data that has been encrypted with the
modified certificate.

INFERRED ACTION: CAN-2000-0678 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Cole


======================================================
Candidate: CAN-2000-0681
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0681
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html
Reference: BID:1570
Reference: URL:http://www.securityfocus.com/bid/1570
Reference: XF:weblogic-plugin-bo

Buffer overflow in BEA WebLogic server proxy plugin allows remote
attackers to execute arbitrary commands via a long URL with a .JSP
extension.


Modifications:
  ADDREF XF:weblogic-plugin-bo

INFERRED ACTION: CAN-2000-0681 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:weblogic-plugin-bo


======================================================
Candidate: CAN-2000-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0682
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1518
Reference: URL:http://www.securityfocus.com/bid/1518
Reference: XF:weblogic-fileservlet-show-code

BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the
FileServlet.


Modifications:
  ADDREF XF:weblogic-fileservlet-show-code

INFERRED ACTION: CAN-2000-0682 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:weblogic-fileservlet-show-code


======================================================
Candidate: CAN-2000-0683
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0683
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: BID:1517
Reference: URL:http://www.securityfocus.com/bid/1517

BEA WebLogic 5.1.x allows remote attackers to read source code for
parsed pages by inserting /*.shtml/ into the URL, which invokes the
SSIServlet.

INFERRED ACTION: CAN-2000-0683 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0684
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0684
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags

BEA WebLogic 5.1.x does not properly restrict access to the
JSPServlet, which could allow remote attackers to compile and execute
Java JSP code by directly invoking the servlet on any source file.


Modifications:
  ADDREF XF:html-malicious-tags

INFERRED ACTION: CAN-2000-0684 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:html-malicious-tags


======================================================
Candidate: CAN-2000-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0685
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: XF:html-malicious-tags

BEA WebLogic 5.1.x does not properly restrict access to the
PageCompileServlet, which could allow remote attackers to compile and
execute Java JHTML code by directly invoking the servlet on any source
file.


Modifications:
  ADDREF XF:html-malicious-tags

INFERRED ACTION: CAN-2000-0685 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:html-malicious-tags


======================================================
Candidate: CAN-2000-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0700
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Reference: BID:1541
Reference: URL:http://www.securityfocus.com/bid/1541

Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit
Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and
some versions of 12.0, do not properly handle line card failures,
which allows remote attackers to bypass ACLs or force the interface to
stop forwarding packets.


Modifications:
  DESC extend version info

INFERRED ACTION: CAN-2000-0700 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Balinsky
   NOOP(1) Wall

Voter Comments:
 Balinsky> Modify description to say "starting with 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0"


======================================================
Candidate: CAN-2000-0703
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0703
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_59.txt
Reference: CALDERA:CSSA-2000-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
Reference: DEBIAN:20000808 mailx: local exploit
Reference: URL:http://www.debian.org/security/2000/20000810
Reference: REDHAT:RHSA-2000:048-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048-03.html
Reference: TURBO:TLSA2000018-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
Reference: BID:1547
Reference: URL:http://www.securityfocus.com/bid/1547
Reference: XF:perl-shell-escape

suidperl (aka sperl) does not properly cleanse the escape sequence
"~!" before calling /bin/mail to send an error report, which allows
local users to gain privileges by setting the "interactive"
environmental variable and calling suidperl with a filename that
contains the escape sequence.


Modifications:
  ADDREF XF:perl-shell-escape

INFERRED ACTION: CAN-2000-0703 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:perl-shell-escape


======================================================
Candidate: CAN-2000-0705
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0705
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html
Reference: REDHAT:RHSA-2000:049-02
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0065.html
Reference: BID:1550
Reference: URL:http://www.securityfocus.com/bid/1550
Reference: XF:ntop-remote-file-access

ntop running in web mode allows remote attackers to read arbitrary
files via a .. (dot dot) attack.


Modifications:
  ADDREF XF:ntop-remote-file-access

INFERRED ACTION: CAN-2000-0705 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ntop-remote-file-access


======================================================
Candidate: CAN-2000-0706
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0706
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:36
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: URL:http://www.debian.org/security/2000/20000830
Reference: BID:1576
Reference: URL:http://www.securityfocus.com/bid/1576
Reference: XF:ntop-bo

Buffer overflows in ntop running in web mode allows remote attackers
to execute arbitrary commands.


Modifications:
  ADDREF XF:ntop-bo

INFERRED ACTION: CAN-2000-0706 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ntop-bo


======================================================
Candidate: CAN-2000-0707
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0707
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: BID:1557
Reference: URL:http://www.securityfocus.com/bid/1557
Reference: XF:pccs-mysql-admin-tool

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the
file dbconnect.inc within the web root, which allows remote attackers
to obtain sensitive information such as the administrative password.


Modifications:
  ADDREF XF:pccs-mysql-admin-tool

INFERRED ACTION: CAN-2000-0707 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:pccs-mysql-admin-tool


======================================================
Candidate: CAN-2000-0708
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0708
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: BID:1605
Reference: URL:http://www.securityfocus.com/bid/1605
Reference: XF:telnetserver-rpc-bo

Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows
remote attackers to cause a denial of service via a long series of
null characters to the rexec port.


Modifications:
  ADDREF XF:telnetserver-rpc-bo
  ADDREF CONFIRM:http://www.pragmasys.com/TelnetServer/

INFERRED ACTION: CAN-2000-0708 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:telnetserver-rpc-bo


======================================================
Candidate: CAN-2000-0711
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0711
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: BID:1545
Reference: URL:http://www.securityfocus.com/bid/1545

Netscape Communicator does not properly prevent a ServerSocket object
from being created by untrusted entities, which allows remote
attackers to create a server on the victim's system via a malicious
applet, as demonstrated by Brown Orifice.

INFERRED ACTION: CAN-2000-0711 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0712
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0712
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MISC:http://www.egroups.com/message/lids/1038
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: BID:1549
Reference: URL:http://www.securityfocus.com/bid/1549

Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to
gain root privileges when LIDS is disabled via the security=0 boot
option.

INFERRED ACTION: CAN-2000-0712 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0718
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html
Reference: BID:1567
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1567

A race condition in MandrakeUpdate allows local users to modify RPM
files while they are in the /tmp directory before they are installed.

INFERRED ACTION: CAN-2000-0718 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0725
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0725
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
Reference: REDHAT:RHSA-2000:052-02
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0131.html
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: URL:http://www.debian.org/security/2000/20000821
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Reference: BID:1577
Reference: URL:http://www.securityfocus.com/bid/1577

Zope before 2.2.1 does not properly restrict access to the getRoles
method, which allows users who can edit DTML to add or modify roles by
modifying the roles list that is included in a request.

INFERRED ACTION: CAN-2000-0725 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0727
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624

xpdf PDF viewer client earlier than 0.91 does not properly launch a
web browser for embedded URL's, which allows an attacker to execute
arbitrary commands via a URL that contains shell metacharacters.

INFERRED ACTION: CAN-2000-0727 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0728
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624

xpdf PDF viewer client earlier than 0.91 allows local users to
overwrite arbitrary files via a symlink attack.

INFERRED ACTION: CAN-2000-0728 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0730
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: HP:HPSBUX0008-118
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1580
Reference: URL:http://www.securityfocus.com/bid/1580

Vulnerability in newgrp command in HP-UX 11.0 allows local users to
gain privileges.

INFERRED ACTION: CAN-2000-0730 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0733
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0733
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html
Reference: SGI:20000801-02-P
Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P
Reference: BID:1572
Reference: URL:http://www.securityfocus.com/bid/1572

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans
user-injected format strings, which allows remote attackers to execute
arbitrary commands via a long RLD variable in the
IAC-SB-TELOPT_ENVIRON request.

INFERRED ACTION: CAN-2000-0733 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0737
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0737
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-053.asp
Reference: BID:1535
Reference: URL:http://www.securityfocus.com/bid/1535

The Service Control Manager (SCM) in Windows 2000 creates predictable
named pipes, which allows a local user with console access to gain
administrator privileges, aka the "Service Control Manager Named Pipe
Impersonation" vulnerability.

INFERRED ACTION: CAN-2000-0737 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0743
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0743
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows
remote attackers to execute arbitrary commands via a DES key
generation request (GDESkey) that contains a long ticket value.

INFERRED ACTION: CAN-2000-0743 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0744
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0744
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows
remote attackers to execute arbitrary commands via a DES key
generation request (GDESkey) that contains a long ticket value.

INFERRED ACTION: CAN-2000-0744 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0745
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0745
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html
Reference: BID:1592
Reference: URL:http://www.securityfocus.com/bid/1592

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke
administrator password, which allows remote attackers to gain
privileges by requesting a URL that does not specify the aid or pwd
parameter.

INFERRED ACTION: CAN-2000-0745 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0750
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0750
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000-050-01
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1558
Reference: URL:http://www.securityfocus.com/bid/1558

Buffer overflow in mopd (Maintenance Operations Protocol loader
daemon) allows remote attackers to execute arbitrary commands via a
long file name.

INFERRED ACTION: CAN-2000-0750 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0751
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0751
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000-050-01
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: BID:1559
Reference: URL:http://www.securityfocus.com/bid/1559

mopd (Maintenance Operations Protocol loader daemon) does not properly
cleanse user-injected format strings, which allows remote attackers to
execute arbitrary commands.

INFERRED ACTION: CAN-2000-0751 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0754
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0754
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: HP:HPSBUX0008-119
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Reference: BID:1581
Reference: URL:http://www.securityfocus.com/bid/1581

Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1
related to passwords.

INFERRED ACTION: CAN-2000-0754 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0758
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html
Reference: BID:1584
Reference: URL:http://www.securityfocus.com/bid/1584

The web interface for Lyris List Manager 3 and 4 allows list
subscribers to obtain administrative access by modifying the value of
the list_admin hidden form field.

INFERRED ACTION: CAN-2000-0758 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0761
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0761
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README
Reference: BID:1582
Reference: URL:http://www.securityfocus.com/bid/1582

OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of
service via a long username.

INFERRED ACTION: CAN-2000-0761 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0763
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0763
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000816 xlock vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: URL:http://www.debian.org/security/2000/20000816
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Reference: BID:1585
Reference: URL:http://www.securityfocus.com/bid/1585

xlockmore and xlockf do not properly cleanse user-injected format
strings, which allows local users to gain root privileges via the -d
option.

INFERRED ACTION: CAN-2000-0763 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0765
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-056.asp
Reference: BID:1561
Reference: URL:http://www.securityfocus.com/bid/1561

Buffer overflow in the HTML interpreter in Microsoft Office 2000
allows an attacker to execute arbitrary commands via a long embedded
object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

INFERRED ACTION: CAN-2000-0765 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0767
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0767
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564

The ActiveX control for invoking a scriptlet in Internet Explorer 4.x
and 5.x renders arbitrary file types instead of HTML, which allows an
attacker to read arbitrary files, aka the "Scriptlet Rendering"
vulnerability.

INFERRED ACTION: CAN-2000-0767 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0768
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0768
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564

A function in Internet Explorer 4.x and 5.x does not properly verify
the domain of a frame within a browser window, which allows a remote
attacker to read client files, aka a variant of the "Frame Domain
Verification" vulnerability.

INFERRED ACTION: CAN-2000-0768 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0770
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0770
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-057.asp
Reference: BID:1565
Reference: URL:http://www.securityfocus.com/bid/1565

IIS 4.0 and 5.0 does not properly restrict access to certain types of
files when their parent folders have less restrictive permissions,
which could allow remote attackers to bypass access restrictions to
some files, aka the "File Permission Canonicalization" vulnerability.

INFERRED ACTION: CAN-2000-0770 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0771
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0771
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-062
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp
Reference: BID:1613
Reference: URL:http://www.securityfocus.com/bid/1613

Microsoft Windows 2000 allows local users to cause a denial of service
by corrupting the local security policy via malformed RPC traffic, aka
the "Local Security Policy Corruption" vulnerability.

INFERRED ACTION: CAN-2000-0771 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0777
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0777
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp
Reference: BID:1615
Reference: URL:http://www.securityfocus.com/bid/1615

The password protection feature of Microsoft Money can store the
password in plaintext, which allows attackers with physical access to
the system to obtain the password, aka the "Money Password"
vulnerability.

INFERRED ACTION: CAN-2000-0777 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0778
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0778
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: MS:MS00-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-058.asp
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
Reference: BID:1578
Reference: URL:http://www.securityfocus.com/bid/1578

IIS 5.0 allows remote attackers to obtain source code for .ASP files
and other scripts via an HTTP GET request with a "Translate: f"
header, aka the "Specialized Header" vulnerability.

INFERRED ACTION: CAN-2000-0778 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Cole, Levy, Wall


======================================================
Candidate: CAN-2000-0779
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0779
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
Reference: BID:1534
Reference: URL:http://www.securityfocus.com/bid/1534

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote
attackers to bypass access restrictions and connect to a RSH/REXEC
client via malformed connection requests.

INFERRED ACTION: CAN-2000-0779 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> It looks like this is confirmed by Check Point in:
   http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr


======================================================
Candidate: CAN-2000-0780
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0780
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:1617
Reference: URL:http://www.securityfocus.com/bid/1617

The web server in IPSWITCH IMail 6.04 and earlier allows remote
attackers to read and delete arbitrary files via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0780 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0782
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0782
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: BID:1587
Reference: URL:http://www.securityfocus.com/bid/1587

netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0782 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0786
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0786
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Reference: DEBIAN:20000727 userv: local exploit
Reference: URL:http://www.debian.org/security/2000/20000727
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2
Reference: BID:1516
Reference: URL:http://www.securityfocus.com/bid/1516

GNU userv 1.0.0 and earlier does not properly perform file descriptor
swapping, which can corrupt the USERV_GROUPS and USERV_GIDS
environmental variables and allow local users to bypass some access
restrictions.

INFERRED ACTION: CAN-2000-0786 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0787
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ: 20000817 XChat URL handler vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Reference: BID:1601
Reference: URL:http://www.securityfocus.com/bid/1601
Reference: REDHAT:RHSA-2000:055-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055-03.html
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to
execute arbitrary commands by encoding shell metacharacters into a URL
which XChat uses to launch a web browser.

INFERRED ACTION: CAN-2000-0787 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0792
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0792
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html
Reference: BID:1590
Reference: URL:http://www.securityfocus.com/bid/1590

Gnome Lokkit firewall package before 0.41 does not properly restrict
access to some ports, even if a user does not make any services
available.

INFERRED ACTION: CAN-2000-0792 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Cole, Levy
   NOOP(1) Wall

• Prev by Date: [FINAL] ACCEPT 68 recent candidates from RECENT-23 to RECENT-27
• Next by Date: [CVEPRI] CVE version 20001013 to be released (1077 entries)
• Prev by thread: [FINAL] ACCEPT 68 recent candidates from RECENT-23 to RECENT-27
• Next by thread: [CVEPRI] CVE version 20001013 to be released (1077 entries)
• Index(es):
  • Date
  • Thread