[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-43 - 40 candidates



The following cluster contains 40 candidates that were announced
between October 26 and November 7, 2000.

Note that the voting web site will not be updated with this cluster
until sometime Wednesday.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0886
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001102
Category: SF
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&;
Reference: MS:MS00-086
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912

IIS 5.0 allows remote attackers to execute arbitrary commands via a
malformed request for an executable file whose name is appended with
operating system commands, aka the "Web Server File Request Parsing"
vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0886 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by making a compressed zone transfer (ZXFR) request
and performing a name service query on an authoritative record that is
not cached, aka the "zxfr bug."

Analysis
----------------
ED_PRI CAN-2000-0887 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0888
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by sending an SRV record to the server, aka the "srv
bug."

Analysis
----------------
ED_PRI CAN-2000-0888 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: XF:iis-htw-cross-scripting
Reference: URL:http://xforce.iss.net/static/5441.php

The CiWebHitsFile component in Microsoft Indexing Services for Windows
2000 allows remote attackers to conduct a cross site scripting (CSS)
attack via a CiRestriction parameter in a .htw request, aka the
"Indexing Services Cross Site Scripting" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0942 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0952
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NETBSD:NetBSD-SA2000-014
Reference: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: XF:global-execute-remote-commands
Reference: URL:http://xforce.iss.net/static/5424.php

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows
remote attackers to execute arbitrary commands via shell
metacharacters.

Analysis
----------------
ED_PRI CAN-2000-0952 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0956
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: REDHAT:RHSA-2000:094-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: XF:cyrus-sasl-gain-access
Reference: URL:http://xforce.iss.net/static/5427.php

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify
the authorization for a local user, which could allow the users to
bypass specified access restrictions.

Analysis
----------------
ED_PRI CAN-2000-0956 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1006
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-082
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp
Reference: XF:ms-exchange-mime-dos
Reference: URL:http://xforce.iss.net/static/5448.php
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869

Microsoft Exchange Server 5.5 does not properly handle a MIME header
with a blank charset specified, which allows remote attackers to cause
a denial of service via a charset="" command, aka the "Malformed MIME
Header" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-1006 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870

Multiple buffer overflows in LBNL tcpdump allows remote attackers to
execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2000-1026 1
Vendor Acknowledgement: yes advisory

CD:SF-LOC suggests having separate entries for each buffer overflow,
but it's not clear how to distinguish them in CVE descriptions without
an extensive source code analysis.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899

Buffer overflow in the System Monitor ActiveX control in Windows 2000
allows remote attackers to execute arbitrary commands via a long
LogFileName parameter in HTML source code, aka the "ActiveX Parameter
Validation" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-1034 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: XF:nssldap-nscd-dos
Reference: URL:http://xforce.iss.net/static/5449.php

nss_ldap earlier than 121, when run with nscd (name service caching
daemon), allows remote attackers to cause a denial of service via a
flood of LDAP requests.

Analysis
----------------
ED_PRI CAN-2000-1045 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: XF:allaire-jrun-servlet-dos
Reference: URL:http://xforce.iss.net/static/5452.php

Allaire JRun 3.0 http servlet server allows remote attackers to cause
a denial of service via a URL that contains a long string of "."
characters.

Analysis
----------------
ED_PRI CAN-2000-1049 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:63
Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc
Reference: BID:1894
Reference: URL:http://www.securityfocus.com/bid/1894

The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly
other operating systems, allows a remote attacker to cause a denial of
service via a long DNS hostname.

Analysis
----------------
ED_PRI CAN-2000-1066 1
Vendor Acknowledgement: yes advisory

ABSTRACTION:

The FreeBSD patch is applied to 3 separate lines, thus CD:SF-LOC would
suggest having separate items for each line.  However, it is not easy
to differentiate between these 3 problems without extensive source
code analysis across all the other Unix flavors that could have this
problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0941
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: XF:kw-whois-meta
Reference: URL:http://xforce.iss.net/static/5438.php

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to
execute arbitrary commands via shell metacharacters in the "whois"
parameter.

Analysis
----------------
ED_PRI CAN-2000-0941 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0944
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: XF:news-update-bypass-password
Reference: URL:http://xforce.iss.net/static/5433.php

CGI Script Center News Update 1.1 does not properly validate the
original news administration password during a password change
operation, which allows remote attackers to modify the password
without knowing the original password.

Analysis
----------------
ED_PRI CAN-2000-0944 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900

Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers
to cause a denial of service via a malformed (empty) UDP packet.

Analysis
----------------
ED_PRI CAN-2000-1080 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT:

In the "Current Status" section on the ProQuake site at
http://proquake.ai.mit.edu/, the entry dated November 18, 2000 says:
"Proquake v1.02 fixes a serious bug which has been around since quake
was created but was only discovered recently - the bug allows anyone
to cause any server to stop accepting new connections."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0817
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0817
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001004
Category: SF
Reference: ISS:20001101 Buffer Overflow in Microsoft Windows NT 4.0 and Windows 2000 Network Monitor
Reference: URL:http://xforce.iss.net/alerts/index.php
Reference: MS:MS00-083
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-083.asp

Buffer overflow in the HTTP protocol parser for Microsoft Network
Monitor (Netmon) allows remote attackers to execute arbitrary commands
via malformed data, aka the "Netmon Protocol Parsing" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0817 3
Vendor Acknowledgement: yes
Content Decisions: SF-EXEC

ABSTRACTION:

This is closely related to CAN-2000-0885.  The candidates identify
different buffer overflows in different parsers that happen to be
addressed by the same security bulletin.  CD:SF-EXEC suggests that
these should be kept separate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0885
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0885
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001028
Category: SF
Reference: NAI:20001101 Multiple Network Monitor Overflows
Reference: MS:MS00-083
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-083.asp

Buffer overflows in Microsoft Network Monitor (Netmon) allow remote
attackers to execute arbitrary commands via a long Browser Name in a
CIFS Browse Frame, a long SNMP community name, or a long username or
filename in an SMB session, aka the "Netmon Protocol Parsing"
vulnerability.  NOTE: It is highly likely that this candidate will be
split into multiple candidates.

Analysis
----------------
ED_PRI CAN-2000-0885 3
Vendor Acknowledgement: yes
Content Decisions: SF-EXEC

ABSTRACTION:

This is closely related to CAN-2000-0817.  The candidates identify
different buffer overflows that happen to be addressed by the same
security bulletin, thus CD:SF-EXEC suggests that these 2 candidates
should be kept separate.

In addition, this candidate should be split into separate candidates,
one for each overflow, as dictated by CD:SF-EXEC.  This candidate is
not at the CVE level of abstraction because it was reserved for use
before the initial public announcement was made.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0935
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: XF:samba-swat-logging-sym-link
Reference: URL:http://xforce.iss.net/static/5443.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users
to overwrite arbitrary files via a symlink attack on the cgi.log file.

Analysis
----------------
ED_PRI CAN-2000-0935 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0936
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: XF:samba-swat-logfile-info
Reference: URL:http://xforce.iss.net/static/5445.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the
cgi.log logging file with world readable permissions, which allows
local users to read sensitive information such as user names and
passwords.

Analysis
----------------
ED_PRI CAN-2000-0936 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0937
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: XF:samba-swat-brute-force
Reference: URL:http://xforce.iss.net/static/5442.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login
attempts in which the username is correct but the password is wrong,
which allows remote attackers to conduct brute force password guessing
attacks.

Analysis
----------------
ED_PRI CAN-2000-0937 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0938
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a
different error message when a valid username is provided versus an
invalid name, which allows remote attackers to identify valid users on
the server.

Analysis
----------------
ED_PRI CAN-2000-0938 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0939
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0939
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-url-filename-dos
Reference: URL:http://xforce.iss.net/static/5444.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote
attackers to cause a denial of service by repeatedly submitting a
nonstandard URL in the GET HTTP request and forcing it to restart.

Analysis
----------------
ED_PRI CAN-2000-0939 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0940
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0940
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001029 Minor bug in Pagelog.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0422.html
Reference: BID:1864
Reference: URL:http://www.securityfocus.com/bid/1864
Reference: XF:pagelog-cgi-dir-traverse
Reference: URL:http://xforce.iss.net/static/5451.php

Directory traversal vulnerability in Metertek pagelog.cgi allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the "name" or "display" parameter.

Analysis
----------------
ED_PRI CAN-2000-0940 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0943
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: XF:bftpd-user-bo
Reference: URL:http://xforce.iss.net/static/5426.php

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers
to cause a denial of service and possibly execute arbitrary commands
via a long USER command.

Analysis
----------------
ED_PRI CAN-2000-0943 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0945
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: XF:cisco-catalyst-remote-commands
Reference: URL:http://xforce.iss.net/static/5415.php

The web configuration interface for Catalyst 3500 XL switches allows
remote attackers to execute arbitrary commands without authentication
via a URL containing the /exec/ directory.

Analysis
----------------
ED_PRI CAN-2000-0945 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0950
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0950
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 FWTK x-gw Security Advisory [GSA2000-01]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0376.html
Reference: XF:tisfwtk-xgw-execute-code
Reference: URL:http://xforce.iss.net/static/5420.php

Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK)
allows local users to execute arbitrary commands via a malformed
display name.

Analysis
----------------
ED_PRI CAN-2000-0950 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0955
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0955
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: ATSTAKE:A102600-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a102600-1.txt
Reference: BID:1885
Reference: URL:http://www.securityfocus.com/bid/1885
Reference: XF:cisco-vco-snmp-passwords
Reference: URL:http://xforce.iss.net/static/5425.php

Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to
store usernames and passwords in the SNMP MIB, which allows an
attacker who knows the community name to crack the password and gain
privileges.

Analysis
----------------
ED_PRI CAN-2000-0955 3
Vendor Acknowledgement: yes
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0957
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0957
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input
Reference: URL:http://xforce.iss.net/static/5447.php

The pluggable authentication module for msql (pam_mysql) before 0.4.7
does not properly cleanse user input when constructing SQL statements,
which allows attackers to obtain plaintext passwords or hashes.

Analysis
----------------
ED_PRI CAN-2000-0957 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Redhat 6.2 dump command executes external program with suid priviledge.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0438.html
Reference: BID:1871
Reference: URL:http://www.securityfocus.com/bid/1871
Reference: XF:linux-dump-execute-code
Reference: URL:http://xforce.iss.net/static/5437.php

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH
environmental variable, which allows local users to obtain root
privileges by modifying the RSH variable to point to a Trojan horse
program.

Analysis
----------------
ED_PRI CAN-2000-1009 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1019
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: XF:ultraseek-malformed-url-dos
Reference: URL:http://xforce.iss.net/static/5439.php

Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows
remote attackers to cause a denial of service via a malformed URL.

Analysis
----------------
ED_PRI CAN-2000-1019 3
Vendor Acknowledgement: unknown claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: XF:ewave-servletexec-file-upload
Reference: URL:http://xforce.iss.net/static/5450.php

eWave ServletExec 3.0C and earlier does not restrict access to the
UploadServlet Java/JSP servlet, which allows remote attackers to
upload files and execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2000-1024 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Unify eWave ServletExec DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97295224226042&w=2
Reference: BID:1868
Reference: URL:http://www.securityfocus.com/bid/1868
Reference: XF:ewave-servletexec-dos
Reference: URL:http://xforce.iss.net/static/5435.php

eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier,
allows remote attackers to cause a denial of service via a URL that
contains the "/servlet/" string, which invokes the ServletExec servlet
and causes an exception if the servlet is already running.

Analysis
----------------
ED_PRI CAN-2000-1025 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001102 HPUX cu -l option buffer overflow vulnerabilit
Reference: URL:http://www.securityfocus.com/archive/1/142792
Reference: BID:1886
Reference: URL:http://www.securityfocus.com/bid/1886

Buffer overflow in cu program in HP-UX 11.0 may allow local users to
gain privileges via a long -l command line argument.

Analysis
----------------
ED_PRI CAN-2000-1028 3
Vendor Acknowledgement:

INCLUSION:
It is not certain if this is exploitable.  The provided exploit only
causes a crash, but does the crash occur while the program is
operating at elevated privileges?

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 old version of host command vulnearbility
Reference: URL:http://www.securityfocus.com/archive/1/141660
Reference: BID:1887
Reference: URL:http://www.securityfocus.com/bid/1887

Buffer overflow in host command allows a remote attacker to execute
arbitrary commands via a long response to an AXFR query.

Analysis
----------------
ED_PRI CAN-2000-1029 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001031 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142672
Reference: BID:1888
Reference: URL:http://www.securityfocus.com/bid/1888

CS&T CorporateTime for the Web returns different error messages for
invalid usernames and invalid passwords, which allows remote attackers
to determine valid usernames on the server.

Analysis
----------------
ED_PRI CAN-2000-1030 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890

The client authentication interface for Check Point Firewall-1 4.0 and
earlier generates different error messages for invalid usernames
versus invalid passwords, which allows remote attackers to identify
valid usernames on the firewall.

Analysis
----------------
ED_PRI CAN-2000-1032 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001029 Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus
Reference: URL:http://www.securityfocus.com/archive/1/141905
Reference: BID:1860
Reference: URL:http://www.securityfocus.com/bid/1860
Reference: XF:ftp-servu-brute-force
Reference: URL:http://xforce.iss.net/static/5436.php

Serv-U FTP Server allows remote attackers to bypass its anti-hammering
feature by first logging on as a valid user (possibly anonymous) and
then attempting to guess the passwords of other users.

Analysis
----------------
ED_PRI CAN-2000-1033 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: BID:1839
Reference: URL:http://www.securityfocus.com/bid/1839
Reference: XF:iplanet-netscape-directory-traversal
Reference: URL:http://xforce.iss.net/static/5421.php

Directory traversal vulnerability in iPlanet Certificate Management
System 4.2 and Directory Server 4.12 allows remote attackers to read
arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or
Administrator services.

Analysis
----------------
ED_PRI CAN-2000-1075 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1076
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: XF:iplanet-netscape-plaintext-password
Reference: URL:http://xforce.iss.net/static/5422.php

Netscape (iPlanet) Certificate Management System 4.2 and Directory
Server 4.12 stores the administrative password in plaintext, which
could allow local and possibly remote attackers to gain administrative
privileges on the server.

Analysis
----------------
ED_PRI CAN-2000-1076 3
Vendor Acknowledgement:
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo
Reference: URL:http://xforce.iss.net/static/5446.php

Buffer overflow in the SHTML logging functionality of iPlanet Web
Server 4.x allows remote attackers to execute arbitrary commands via a
long filename with a .shtml extension.

Analysis
----------------
ED_PRI CAN-2000-1077 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007