[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-38 - 26 candidates



The following cluster contains 26 candidates that were announced
between September 9 and September 18, 2000.

Note that the voting web site will not be updated with this cluster
until late tonight.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: CF
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: MS:MS00-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: XF:win2k-telnet-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5242.php

The Windows 2000 telnet client attempts to perform NTLM authentication
by default, which allows remote attackers to capture and replay the
NTLM challenge/response via a telnet:// URL that points to the
malicious server, aka the "Windows 2000 Telnet Client NTLM
Authentication" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0834 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: XF:freebsd-eject-port
Reference: URL:http://xforce.iss.net/static/5248.php

Multiple buffer overflows in eject on FreeBSD and possibly other OSes
allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-2000-0852 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html

Buffer overflow in listmanager earlier than 2.105.1 allows local users
to gain additional privileges.

Analysis
----------------
ED_PRI CAN-2000-0863 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: REDHAT:RHSA-2000:061-02
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: CALDERA:CSSA-2000-032.0
Reference: XF:klogd-format-string
Reference: URL:http://xforce.iss.net/static/5259.php

Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.

Analysis
----------------
ED_PRI CAN-2000-0867 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0883
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: CF
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: XF:linux-mod-perl
Reference: URL:http://xforce.iss.net/static/5257.php

The default configuration of mod_perl for Apache as installed on
Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be
browseable, which allows remote attackers to list the contents of that
directory.

Analysis
----------------
ED_PRI CAN-2000-0883 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0829
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0829
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
Reference: URL:http://www.securityfocus.com/archive/1/81364
Reference: BID:1664
Reference: URL:http://www.securityfocus.com/bid/1664
Reference: XF:linux-tmpwatch-fork-dos
Reference: URL:http://xforce.iss.net/static/5217.php

The tmpwatch utility in Red Hat Linux forks a new process for each
directory level, which allows local users to cause a denial of service
by creating deeply nested directories in /tmp or /var/tmp/.

Analysis
----------------
ED_PRI CAN-2000-0829 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0830
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: 20000913 trivial DoS in webTV
Reference: URL:http://www.securityfocus.com/archive/1/81852
Reference: BID:1671
Reference: URL:http://www.securityfocus.com/bid/1671
Reference: XF:webtv-udp-dos
Reference: URL:http://xforce.iss.net/static/5216.php

annclist.exe in webTV allows a remote attacker to cause a denial of
service by sending a large, malformed UDP packet to ports 22701
through 22705.

Analysis
----------------
ED_PRI CAN-2000-0830 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0831
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0831
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: WIN2KSEC:20000912 DST2K0027: DoS in Faststream FTP++ 2.0
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0109.html

Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via a long
username.

Analysis
----------------
ED_PRI CAN-2000-0831 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0833
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0833
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:2000911 WinSMTPD remote exploit/DoS problem
Reference: URL:http://www.securityfocus.com/archive/1/81693
Reference: BID:1680
Reference: URL:http://www.securityfocus.com/bid/1680
Reference: XF:winsmtp-helo-bo
Reference: URL:http://xforce.iss.net/static/5255.php

Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to
cause a denial of service via a long USER or HELO command.

Analysis
----------------
ED_PRI CAN-2000-0833 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0835
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0835
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000915 Sambar Server search CGI vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0175.html
Reference: BID:1684
Reference: URL:http://www.securityfocus.com/bid/1684

search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3
allows remote attackers to read arbitrary directories by specifying
the directory in the query paramater.

Analysis
----------------
ED_PRI CAN-2000-0835 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

INCLUSION:

CD:EX-BETA says that CVE should not include problems in beta software
that hasn't had widespread distribution.  However, a Bugtraq thread in
September 2000 indicated that some people even want to know about bugs
in beta software.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0836
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000915 [NEWS] Vulnerability in CamShot server (Authorization)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0176.html
Reference: BID:1685
Reference: URL:http://www.securityfocus.com/bid/1685
Reference: XF:camshot-password-bo
Reference: URL:http://xforce.iss.net/static/5246.php

Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to
execute arbitrary commands via a long Authorization header.

Analysis
----------------
ED_PRI CAN-2000-0836 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0838
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0838
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: WIN2KSEC:DST2K0028: DoS in FUR HTTP Server v1.0b
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html
Reference: XF:fur-get-dos
Reference: URL:http://xforce.iss.net/static/5237.php

Fastream FUR HTTP server 1.0b allows remote attackers to cause a
denial of service via a long GET request.

Analysis
----------------
ED_PRI CAN-2000-0838 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0839
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0839
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html
Reference: BID:1701
Reference: URL:http://www.securityfocus.com/bid/1701
Reference: XF:wincom-lpd-dos
Reference: URL:http://xforce.iss.net/static/5258.php

WinCOM LPD 1.00.90 allows remote attackers to cause a denial of
service by sending a large number of LPD options to the LPD port
(515).

Analysis
----------------
ED_PRI CAN-2000-0839 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0842
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0842
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 SCO scohelhttp documentation webserver exposes local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0086.html
Reference: BID:1663
Reference: URL:http://www.securityfocus.com/bid/1663

The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows
remote attackers to read arbitrary files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0842 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0843
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0843
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000910 (SRADV00002) Remote root compromise through pam_smb and pam_ntdom
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0073.html
Reference: DEBIAN:20000911 libpam-smb: remote root exploit
Reference: URL:http://www.debian.org/security/2000/20000911
Reference: SUSE:20000913 pam_smb remotely exploitable buffer overflow
Reference: URL:http://www.suse.de/de/support/security/adv8_draht_pam_smb_txt.txt
Reference: MANDRAKE:MDKSA-2000:047
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-047.php3
Reference: BUGTRAQ:20000911 Conectiva Linux Security Announcement - pam_smb
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0114.html
Reference: BID:1666
Reference: URL:http://www.securityfocus.com/bid/1666

Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules
(PAM) allow remote attackers to execute arbitrary commands via a login with
a long user name.

Analysis
----------------
ED_PRI CAN-2000-0843 3
Vendor Acknowledgement: yes
Content Decisions: SF-CODEBASE, SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0845
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0845
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000918 [ENIGMA] Digital UNIX/Tru64 UNIX remote kdebug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0204.html

kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to
read arbitrary files by specifying the full file name in the
initialization packet.

Analysis
----------------
ED_PRI CAN-2000-0845 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: XF:websphere-header-dos
Reference: URL:http://xforce.iss.net/static/5252.php

Buffer overflow in IBM WebSphere web application server (WAS) allows
remote attackers to execute arbitrary commands via a long Host:
request header.

Analysis
----------------
ED_PRI CAN-2000-0848 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5230.php

Netegrity SiteMinder before 4.11 allows remote attackers to bypass
its authentication mechanism by appending "$/FILENAME.ext" (where ext
is .ccc, .class, or .jpg) to the requested URL.

Analysis
----------------
ED_PRI CAN-2000-0850 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: XF:yabb-file-access
Reference: URL:http://xforce.iss.net/static/5254.php

YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0853 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0854
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0854
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0118.html
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
Reference: BID:1699
Reference: URL:http://www.securityfocus.com/bid/1699
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html

When a Microsoft Office 2000 document is launched, the directory of
that document is first used to locate DLL's such as riched20.dll and
msi.dll, which could allow an attacker to execute arbitrary commands
by inserting a Trojan Horse DLL into the same directory as the
document.

Analysis
----------------
ED_PRI CAN-2000-0854 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0857
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0857
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000909 format string bug in muh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0067.html
Reference: BUGTRAQ:20000909 Re: format string bug in muh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0068.html
Reference: BID:1665
Reference: URL:http://www.securityfocus.com/bid/1665
Reference: XF:muh-log-dos
Reference: URL:http://xforce.iss.net/static/5215.php

The logging capability in muh 2.05d IRC server does not properly
cleanse user-injected format strings, which allows remote attackers to
cause a denial of service or execute arbitrary commands via a
malformed nickname.

Analysis
----------------
ED_PRI CAN-2000-0857 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

ABSTRACTION:

CD:SF-LOC might suggest that there should be at least 3 separate
entries (based on the source code fixes posted in a followup), but it
is not necesarily clear how to distinguish between the problems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697

Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows
local users to gain root privileges via a long terminal type argument.

Analysis
----------------
ED_PRI CAN-2000-0865 3
Vendor Acknowledgement: unknown claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: XF:eftp-bo
Reference: URL:http://xforce.iss.net/static/5219.php

Buffer overflow in EFTP allows remote attackers to cause a denial of
service via a long string.

Analysis
----------------
ED_PRI CAN-2000-0870 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: XF:eftp-newline-dos
Reference: URL:http://xforce.iss.net/static/5220.php

Buffer overflow in EFTP allows remote attackers to cause a denial of
service by sending a string that does not contain a newline, then
disconnecting from the server.

Analysis
----------------
ED_PRI CAN-2000-0871 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0877
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: XF:mailform-attach-file
Reference: URL:http://xforce.iss.net/static/5224.php

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read
arbitrary files by specifying the file name in the XX-attach_file
parameter, which MailForm then sends to the attacker.

Analysis
----------------
ED_PRI CAN-2000-0877 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0878
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669

The mailto CGI script allows remote attacker to execute arbitrary
commands via shell metacharactwers in the emailadd form field.

Analysis
----------------
ED_PRI CAN-2000-0878 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007