[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 232 recent candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-2000-0048	CVE-2000-0048
CAN-2000-0080	CVE-2000-0080
CAN-2000-0111	CVE-2000-0111
CAN-2000-0252	CVE-2000-0252
CAN-2000-0253	CVE-2000-0253
CAN-2000-0254	CVE-2000-0254
CAN-2000-0255	CVE-2000-0255
CAN-2000-0276	CVE-2000-0276
CAN-2000-0278	CVE-2000-0278
CAN-2000-0283	CVE-2000-0283
CAN-2000-0287	CVE-2000-0287
CAN-2000-0292	CVE-2000-0292
CAN-2000-0296	CVE-2000-0296
CAN-2000-0341	CVE-2000-0341
CAN-2000-0488	CVE-2000-0488
CAN-2000-0498	CVE-2000-0498
CAN-2000-0523	CVE-2000-0523
CAN-2000-0542	CVE-2000-0542
CAN-2000-0565	CVE-2000-0565
CAN-2000-0672	CVE-2000-0672
CAN-2000-0679	CVE-2000-0679
CAN-2000-0698	CVE-2000-0698
CAN-2000-0702	CVE-2000-0702
CAN-2000-0716	CVE-2000-0716
CAN-2000-0729	CVE-2000-0729
CAN-2000-0732	CVE-2000-0732
CAN-2000-0738	CVE-2000-0738
CAN-2000-0749	CVE-2000-0749
CAN-2000-0762	CVE-2000-0762
CAN-2000-0764	CVE-2000-0764
CAN-2000-0766	CVE-2000-0766
CAN-2000-0783	CVE-2000-0783
CAN-2000-0804	CVE-2000-0804
CAN-2000-0805	CVE-2000-0805
CAN-2000-0806	CVE-2000-0806
CAN-2000-0807	CVE-2000-0807
CAN-2000-0808	CVE-2000-0808
CAN-2000-0809	CVE-2000-0809
CAN-2000-0810	CVE-2000-0810
CAN-2000-0811	CVE-2000-0811
CAN-2000-0813	CVE-2000-0813
CAN-2000-0824	CVE-2000-0824
CAN-2000-0834	CVE-2000-0834
CAN-2000-0837	CVE-2000-0837
CAN-2000-0844	CVE-2000-0844
CAN-2000-0846	CVE-2000-0846
CAN-2000-0847	CVE-2000-0847
CAN-2000-0848	CVE-2000-0848
CAN-2000-0849	CVE-2000-0849
CAN-2000-0850	CVE-2000-0850
CAN-2000-0851	CVE-2000-0851
CAN-2000-0852	CVE-2000-0852
CAN-2000-0853	CVE-2000-0853
CAN-2000-0858	CVE-2000-0858
CAN-2000-0860	CVE-2000-0860
CAN-2000-0861	CVE-2000-0861
CAN-2000-0862	CVE-2000-0862
CAN-2000-0863	CVE-2000-0863
CAN-2000-0864	CVE-2000-0864
CAN-2000-0865	CVE-2000-0865
CAN-2000-0867	CVE-2000-0867
CAN-2000-0868	CVE-2000-0868
CAN-2000-0869	CVE-2000-0869
CAN-2000-0870	CVE-2000-0870
CAN-2000-0871	CVE-2000-0871
CAN-2000-0873	CVE-2000-0873
CAN-2000-0878	CVE-2000-0878
CAN-2000-0883	CVE-2000-0883
CAN-2000-0884	CVE-2000-0884
CAN-2000-0886	CVE-2000-0886
CAN-2000-0887	CVE-2000-0887
CAN-2000-0888	CVE-2000-0888
CAN-2000-0900	CVE-2000-0900
CAN-2000-0901	CVE-2000-0901
CAN-2000-0908	CVE-2000-0908
CAN-2000-0909	CVE-2000-0909
CAN-2000-0910	CVE-2000-0910
CAN-2000-0911	CVE-2000-0911
CAN-2000-0912	CVE-2000-0912
CAN-2000-0913	CVE-2000-0913
CAN-2000-0914	CVE-2000-0914
CAN-2000-0915	CVE-2000-0915
CAN-2000-0917	CVE-2000-0917
CAN-2000-0919	CVE-2000-0919
CAN-2000-0920	CVE-2000-0920
CAN-2000-0921	CVE-2000-0921
CAN-2000-0922	CVE-2000-0922
CAN-2000-0923	CVE-2000-0923
CAN-2000-0924	CVE-2000-0924
CAN-2000-0925	CVE-2000-0925
CAN-2000-0926	CVE-2000-0926
CAN-2000-0928	CVE-2000-0928
CAN-2000-0929	CVE-2000-0929
CAN-2000-0930	CVE-2000-0930
CAN-2000-0932	CVE-2000-0932
CAN-2000-0933	CVE-2000-0933
CAN-2000-0934	CVE-2000-0934
CAN-2000-0935	CVE-2000-0935
CAN-2000-0936	CVE-2000-0936
CAN-2000-0937	CVE-2000-0937
CAN-2000-0938	CVE-2000-0938
CAN-2000-0941	CVE-2000-0941
CAN-2000-0942	CVE-2000-0942
CAN-2000-0943	CVE-2000-0943
CAN-2000-0944	CVE-2000-0944
CAN-2000-0946	CVE-2000-0946
CAN-2000-0947	CVE-2000-0947
CAN-2000-0948	CVE-2000-0948
CAN-2000-0949	CVE-2000-0949
CAN-2000-0951	CVE-2000-0951
CAN-2000-0952	CVE-2000-0952
CAN-2000-0953	CVE-2000-0953
CAN-2000-0956	CVE-2000-0956
CAN-2000-0957	CVE-2000-0957
CAN-2000-0958	CVE-2000-0958
CAN-2000-0959	CVE-2000-0959
CAN-2000-0960	CVE-2000-0960
CAN-2000-0961	CVE-2000-0961
CAN-2000-0962	CVE-2000-0962
CAN-2000-0965	CVE-2000-0965
CAN-2000-0966	CVE-2000-0966
CAN-2000-0967	CVE-2000-0967
CAN-2000-0968	CVE-2000-0968
CAN-2000-0969	CVE-2000-0969
CAN-2000-0970	CVE-2000-0970
CAN-2000-0972	CVE-2000-0972
CAN-2000-0973	CVE-2000-0973
CAN-2000-0974	CVE-2000-0974
CAN-2000-0975	CVE-2000-0975
CAN-2000-0977	CVE-2000-0977
CAN-2000-0978	CVE-2000-0978
CAN-2000-0979	CVE-2000-0979
CAN-2000-0980	CVE-2000-0980
CAN-2000-0981	CVE-2000-0981
CAN-2000-0982	CVE-2000-0982
CAN-2000-0983	CVE-2000-0983
CAN-2000-0984	CVE-2000-0984
CAN-2000-0989	CVE-2000-0989
CAN-2000-0990	CVE-2000-0990
CAN-2000-0991	CVE-2000-0991
CAN-2000-0992	CVE-2000-0992
CAN-2000-0993	CVE-2000-0993
CAN-2000-0994	CVE-2000-0994
CAN-2000-0995	CVE-2000-0995
CAN-2000-0996	CVE-2000-0996
CAN-2000-1000	CVE-2000-1000
CAN-2000-1001	CVE-2000-1001
CAN-2000-1002	CVE-2000-1002
CAN-2000-1003	CVE-2000-1003
CAN-2000-1004	CVE-2000-1004
CAN-2000-1005	CVE-2000-1005
CAN-2000-1006	CVE-2000-1006
CAN-2000-1007	CVE-2000-1007
CAN-2000-1010	CVE-2000-1010
CAN-2000-1011	CVE-2000-1011
CAN-2000-1014	CVE-2000-1014
CAN-2000-1016	CVE-2000-1016
CAN-2000-1018	CVE-2000-1018
CAN-2000-1019	CVE-2000-1019
CAN-2000-1022	CVE-2000-1022
CAN-2000-1024	CVE-2000-1024
CAN-2000-1026	CVE-2000-1026
CAN-2000-1027	CVE-2000-1027
CAN-2000-1031	CVE-2000-1031
CAN-2000-1032	CVE-2000-1032
CAN-2000-1034	CVE-2000-1034
CAN-2000-1036	CVE-2000-1036
CAN-2000-1038	CVE-2000-1038
CAN-2000-1040	CVE-2000-1040
CAN-2000-1041	CVE-2000-1041
CAN-2000-1042	CVE-2000-1042
CAN-2000-1043	CVE-2000-1043
CAN-2000-1044	CVE-2000-1044
CAN-2000-1045	CVE-2000-1045
CAN-2000-1049	CVE-2000-1049
CAN-2000-1050	CVE-2000-1050
CAN-2000-1051	CVE-2000-1051
CAN-2000-1054	CVE-2000-1054
CAN-2000-1055	CVE-2000-1055
CAN-2000-1056	CVE-2000-1056
CAN-2000-1057	CVE-2000-1057
CAN-2000-1058	CVE-2000-1058
CAN-2000-1059	CVE-2000-1059
CAN-2000-1060	CVE-2000-1060
CAN-2000-1061	CVE-2000-1061
CAN-2000-1068	CVE-2000-1068
CAN-2000-1069	CVE-2000-1069
CAN-2000-1070	CVE-2000-1070
CAN-2000-1071	CVE-2000-1071
CAN-2000-1072	CVE-2000-1072
CAN-2000-1073	CVE-2000-1073
CAN-2000-1074	CVE-2000-1074
CAN-2000-1077	CVE-2000-1077
CAN-2000-1080	CVE-2000-1080
CAN-2000-1089	CVE-2000-1089
CAN-2000-1094	CVE-2000-1094
CAN-2000-1095	CVE-2000-1095
CAN-2000-1096	CVE-2000-1096
CAN-2000-1097	CVE-2000-1097
CAN-2000-1099	CVE-2000-1099
CAN-2000-1106	CVE-2000-1106
CAN-2000-1107	CVE-2000-1107
CAN-2000-1112	CVE-2000-1112
CAN-2000-1113	CVE-2000-1113
CAN-2000-1115	CVE-2000-1115
CAN-2000-1120	CVE-2000-1120
CAN-2000-1131	CVE-2000-1131
CAN-2000-1132	CVE-2000-1132
CAN-2000-1135	CVE-2000-1135
CAN-2000-1136	CVE-2000-1136
CAN-2000-1137	CVE-2000-1137
CAN-2000-1139	CVE-2000-1139
CAN-2000-1140	CVE-2000-1140
CAN-2000-1141	CVE-2000-1141
CAN-2000-1142	CVE-2000-1142
CAN-2000-1143	CVE-2000-1143
CAN-2000-1144	CVE-2000-1144
CAN-2000-1145	CVE-2000-1145
CAN-2000-1146	CVE-2000-1146
CAN-2000-1148	CVE-2000-1148
CAN-2000-1149	CVE-2000-1149
CAN-2000-1162	CVE-2000-1162
CAN-2000-1163	CVE-2000-1163
CAN-2000-1167	CVE-2000-1167
CAN-2000-1169	CVE-2000-1169
CAN-2000-1178	CVE-2000-1178
CAN-2000-1179	CVE-2000-1179
CAN-2000-1181	CVE-2000-1181
CAN-2000-1182	CVE-2000-1182
CAN-2000-1184	CVE-2000-1184
CAN-2000-1187	CVE-2000-1187
CAN-2000-1189	CVE-2000-1189


======================================================
Candidate: CAN-2000-0048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0048
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: BID:928
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=928
Reference: XF:linux-corel-update

get_it program in Corel Linux Update allows local users to gain root
access by specifying an alternate PATH for the cp program.


Modifications:
  ADDREF XF:linux-corel-update
  ADDREF CONFIRM:http://linux.corel.com/support/clos_patch1.htm

INFERRED ACTION: CAN-2000-0048 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> ADDREF XF:linux-corel-update
 Christey> CONFIRM:http://linux.corel.com/support/clos_patch1.htm


======================================================
Candidate: CAN-2000-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0080
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2
Reference: BID:931
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=931
Reference: XF:aix-techlibss-symbolic-link

AIX techlibss allows local users to overwrite files via a symlink
attack.


Modifications:
  ADDREF XF:aix-techlibss-symbolic-link

INFERRED ACTION: CAN-2000-0080 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Bollinger
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:aix-techlibss-symbolic-link
 Christey> The poster claims that some fileset "techlib.service.rte.1.0.0.4"
   fixes the problem, but I can't find it in the AIX database,
   so this problem is not vendor-confirmed.


======================================================
Candidate: CAN-2000-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0111
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: BID:953
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=953
Reference: XF:avt-rightfax-predict-session

The RightFax web client uses predictable session numbers, which allows
remote attackers to hijack user sessions.


Modifications:
  ADDREF XF:avt-rightfax-predict-session

INFERRED ACTION: CAN-2000-0111 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:avt-rightfax-predict-session
 CHANGE> [Cole changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0252
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-shell-metacharacters
Reference: URL:http://xforce.iss.net/static/4975.php

The dansie shopping cart application cart.pl allows remote attackers
to execute commands via a shell metacharacters in a form variable.


Modifications:
  ADDREF XF:dansie-shell-metacharacters(4975)

INFERRED ACTION: CAN-2000-0252 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:dansie-shell-metacharacters(4975)


======================================================
Candidate: CAN-2000-0253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0253
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:shopping-cart-form-tampering
Reference: URL:http://xforce.iss.net/static/4621.php

The dansie shopping cart application cart.pl allows remote attackers
to modify sensitive purchase information via hidden form fields.


Modifications:
  ADDREF XF:shopping-cart-form-tampering(4621)

INFERRED ACTION: CAN-2000-0253 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:shopping-cart-form-tampering(4621)


======================================================
Candidate: CAN-2000-0254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0254
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-form-variables
Reference: URL:http://xforce.iss.net/static/4954.php

The dansie shopping cart application cart.pl allows remote attackers
to obtain the shopping cart database and configuration information via
a URL that references either the env, db, or vars form variables.


Modifications:
  ADDREF XF:dansie-form-variables(4954)

INFERRED ACTION: CAN-2000-0254 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:dansie-form-variables(4954)


======================================================
Candidate: CAN-2000-0255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0255
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: XF:nbase-xyplex-router

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a
denial of service via a scan for the FormMail CGI program.


Modifications:
  ADDREF XF:nbase-xyplex-router

INFERRED ACTION: CAN-2000-0255 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:nbase-xyplex-router


======================================================
Candidate: CAN-2000-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0276
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: XF:beos-syscall-dos

BeOS 4.5 and 5.0 allow local users to cause a denial of service via
malformed direct system calls using interrupt 37.


Modifications:
  ADDREF XF:beos-syscall-dos

INFERRED ACTION: CAN-2000-0276 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:beos-syscall-dos


======================================================
Candidate: CAN-2000-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0278
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: XF:eviewer-admin-request-dos

The SalesLogix Eviewer allows remote attackers to cause a denial of
service by accessing the URL for the slxweb.dll administration
program, which does not authenticate the user.


Modifications:
  ADDREF XF:eviewer-admin-request-dos

INFERRED ACTION: CAN-2000-0278 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:eviewer-admin-request-dos


======================================================
Candidate: CAN-2000-0283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0283
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: XF:irix-pmcd-info

The default installation of IRIX Performance Copilot allows remote
attackers to access sensitive system information via the pmcd daemon.


Modifications:
  ADDREF XF:irix-pmcd-info

INFERRED ACTION: CAN-2000-0283 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:irix-pmcd-info


======================================================
Candidate: CAN-2000-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0287
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: XF:http-cgi-bizdb

The BizDB CGI script bizdb-search.cgi allows remote attackers to
execute arbitrary commands via shell metacharacters in the dbname
parameter.


Modifications:
  ADDREF XF:http-cgi-bizdb

INFERRED ACTION: CAN-2000-0287 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:http-cgi-bizdb


======================================================
Candidate: CAN-2000-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0292
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: XF:adtran-ping-dos

The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a
denial of service via a ping flood to the Ethernet interface, which
causes the device to crash.


Modifications:
  ADDREF XF:adtran-ping-dos

INFERRED ACTION: CAN-2000-0292 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> ADDREF XF:adtran-ping-dos
 Frech> XF:adtran-ping-dos


======================================================
Candidate: CAN-2000-0296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0296
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: XF:fcheck-shell

fcheck allows local users to gain privileges by embedding shell
metacharacters into file names that are processed by fcheck.


Modifications:
  ADDREF XF:fcheck-shell

INFERRED ACTION: CAN-2000-0296 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Frech> XF:fcheck-shell
 Christey> There is no apparent vendor acknowledgement; however, I
   reviewed the source code, and the vulnerable system()
   call is now being called in the safe fashion (i.e. splitting
   command-line arguments out as separate parameters to the
   system function itself).  This, in conjunction with the
   code mentioned in the discloser's original post, shows
   conclusively that the code was modified.  The version of
   source code that I reviewed was 2.7.51.
 Christey> http://sites.netscape.net/fcheck/FCheck_2.07.51.tar.gz
   Line 385 of 2.07.51 seems to be fixed.  While the filename
   isn't being cleansed, system() is being called with multiple
   arguments, so the metacharacters aren't being executed in a
   shell context.


======================================================
Candidate: CAN-2000-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0341
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: XF:nntpserver-cassandra-bo

ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a
denial of service via a long login name.


Modifications:
  ADDREF XF:nntpserver-cassandra-bo

INFERRED ACTION: CAN-2000-0341 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(4) Wall, Ozancin, Cole, Armstrong

Voter Comments:
 Frech> XF:nntpserver-cassandra-bo


======================================================
Candidate: CAN-2000-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0488
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:http://xforce.iss.net/static/4580.php

Buffer overflow in ITHouse mail server 1.04 allows remote attackers to
execute arbitrary commands via a long RCPT TO mail command.


Modifications:
  ADDREF XF:ithouse-rcpt-overflow(4580)

INFERRED ACTION: CAN-2000-0488 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole

Voter Comments:
 Frech> XF:ithouse-rcpt-overflow(4580)


======================================================
Candidate: CAN-2000-0498
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0498
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:http://xforce.iss.net/static/4649.php

Unify eWave ServletExec allows a remote attacker to view source code
of a JSP program by requesting a URL which provides the JSP extension
in upper case.


Modifications:
  ADDREF XF:ewave-servletexec-jsp-source-read(4649)

INFERRED ACTION: CAN-2000-0498 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole

Voter Comments:
 Frech> XF:ewave-servletexec-jsp-source-read(4649)


======================================================
Candidate: CAN-2000-0523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0523
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: XF:eserv-logging-overflow
Reference: URL:http://xforce.iss.net/static/4614.php

Buffer overflow in the logging feature of EServ 2.9.2 and earlier
allows an attacker to execute arbitrary commands via a long MKD
command.


Modifications:
  ADDREF XF:eserv-logging-overflow(4614)

INFERRED ACTION: CAN-2000-0523 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole

Voter Comments:
 Frech> XF:eserv-logging-overflow(4614)


======================================================
Candidate: CAN-2000-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0542
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: XF:tigris-radius-login-failure
Reference: URL:http://xforce.iss.net/static/4705.php

Tigris remote access server before 11.5.4.22 does not properly record
Radius accounting information when a user fails the initial login
authentication but subsequently succeeds.


Modifications:
  ADDREF XF:tigris-radius-login-failure(4705)

INFERRED ACTION: CAN-2000-0542 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole

Voter Comments:
 Christey> XF:tigris-radius-login-failure
 Frech> XF:tigris-radius-login-failure(4705)


======================================================
Candidate: CAN-2000-0565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0565
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344
Reference: XF:smartftp-directory-traversal
Reference: URL:http://xforce.iss.net/static/4706.php

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by
uploading and specifying an alternate user configuration file via a
.. (dot dot) attack.


Modifications:
  ADDREF XF:smartftp-directory-traversal(4706)

INFERRED ACTION: CAN-2000-0565 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole

Voter Comments:
 Christey> XF:smartftp-directory-traversal
 Frech> XF:smartftp-directory-traversal(4706)


======================================================
Candidate: CAN-2000-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0672
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html
Reference: BID:1548
Reference: URL:http://www.securityfocus.com/bid/1548
Reference: XF:jakarta-tomcat-admin
Reference: URL:http://xforce.iss.net/static/5160.php

The default configuration of Jakarta Tomcat does not restrict access
to the /admin context, which allows remote attackers to read arbitrary
files by directly calling the administrative servlets to add a context
for the root directory.


Modifications:
  ADDREF XF:jakarta-tomcat-admin(5160)
  ADDREF ADDREF BID:1548

INFERRED ACTION: CAN-2000-0672 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Christey, Cole

Voter Comments:
 Frech> XF:jakarta-tomcat-admin(5160)
 Christey> ADDREF BID:1548
 Christey> ADDREF BID:1548
   URL:http://www.securityfocus.com/bid/1548
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0679
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 cvs security problem
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Reference: BID:1523
Reference: URL:http://www.securityfocus.com/bid/1523
Reference: XF:cvs-client-creates-file

The CVS 1.10.8 client trusts pathnames that are provided by the CVS
server, which allows the server to force the client to create
arbitrary files.


Modifications:
  XF:cvs-client-creates-file

INFERRED ACTION: CAN-2000-0679 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Voter Comments:
 Frech> XF:cvs-client-creates-file


======================================================
Candidate: CAN-2000-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0698
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/77361
Reference: BID:1599
Reference: URL:http://www.securityfocus.com/bid/1599
Reference: XF:minicom-capture-groupown
Reference: URL:http://xforce.iss.net/static/5151.php

Minicom 1.82.1 and earlier on some Linux systems allows local users to
create arbitrary files owned by the uucp user via a symlink attack.


Modifications:
  ADDREF XF:minicom-capture-groupown
  DESC mention only uucp-owned files that are affected.

INFERRED ACTION: CAN-2000-0698 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Levy, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Frech> XF:minicom-capture-groupown
 Christey> Change phrasing to indicate that it's only uucp-owned files
   that can be affected.
   ADDREF XF:minicom-capture-groupown
   http://xforce.iss.net/static/5151.php
 Frech> XF:minicom-capture-groupown(5151)


======================================================
Candidate: CAN-2000-0702
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0702
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html
Reference: BID:1602
Reference: URL:http://www.securityfocus.com/bid/1602
Reference: XF:hp-netinit-symlink
Reference: URL:http://xforce.iss.net/static/5131.php

The net.init rc script in HP-UX 11.00 (S008net.init) allows local
users to overwrite arbitrary files via a symlink attack that points
from /tmp/stcp.conf to the targeted file.


Modifications:
  ADDREF XF:hp-netinit-symlink(5131)

INFERRED ACTION: CAN-2000-0702 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Frech> XF:hp-netinit-symlink
 Christey> XF:hp-netinit-symlink
   http://xforce.iss.net/static/5131.php
 Frech> XF:hp-netinit-symlink(5131)


======================================================
Candidate: CAN-2000-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0716
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459
Reference: BID:1553
Reference: URL:http://www.securityfocus.com/bid/1553
Reference: XF:mdaemon-session-id-hijack
Reference: URL:http://xforce.iss.net/static/5070.php

WorldClient email client in MDaemon 2.8 includes the session ID in the
referer field of an HTTP request when the user clicks on a URL, which
allows the visited web site to hijcak the session ID and read the
user's email.


Modifications:
  ADDREF XF:mdaemon-session-id-hijack(5070)

INFERRED ACTION: CAN-2000-0716 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:mdaemon-session-id-hijack
   http://xforce.iss.net/static/5070.php
 Frech> XF:mdaemon-session-id-hijack(5070)


======================================================
Candidate: CAN-2000-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0729
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:41
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html
Reference: BID:1625
Reference: URL:http://www.securityfocus.com/bid/1625
Reference: XF:freebsd-elf-dos(5967)

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of
service by executing a program with a malformed ELF image header.


Modifications:
  ADDREF XF:freebsd-elf-dos(5967)

INFERRED ACTION: CAN-2000-0729 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:freebsd-elf-dos(5967)


======================================================
Candidate: CAN-2000-0732
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0732
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: XF:wormhttp-filename-dos
Reference: URL:http://xforce.iss.net/static/5149.php

Worm HTTP server allows remote attackers to cause a denial of service
via a long URL.


Modifications:
  ADDREF XF:wormhttp-filename-dos(5149)

INFERRED ACTION: CAN-2000-0732 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Baker, Cole, Levy, Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> XF:wormhttp-filename-dos
   http://xforce.iss.net/static/5149.php


======================================================
Candidate: CAN-2000-0738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0738
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html
Reference: BID:1589
Reference: URL:http://www.securityfocus.com/bid/1589
Reference: XF:webshield-smtp-dos
Reference: URL:http://xforce.iss.net/static/5100.php

WebShield SMTP 4.5 allows remote attackers to cause a denial of
service by sending e-mail with a From: address that has a . (period)
at the end, which causes WebShield to continuously send itself copies
of the e-mail.


Modifications:
  ADDREF XF:webshield-smtp-dos(5100)

INFERRED ACTION: CAN-2000-0738 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:webshield-smtp-dos
   http://xforce.iss.net/static/5100.php
 Frech> XF:webshield-smtp-dos(5100)


======================================================
Candidate: CAN-2000-0749
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0749
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:42
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html
Reference: BID:1628
Reference: URL:http://www.securityfocus.com/bid/1628
Reference: XF:freebsd-linux-module-bo(5968)

Buffer overflow in the Linux binary compatibility module in FreeBSD
3.x through 5.x allows local users to gain root privileges via long
filenames in the linux shadow file system.


Modifications:
  DESC fix typo: "compatibility"
  ADDREF XF:freebsd-linux-module-bo(5968)

INFERRED ACTION: CAN-2000-0749 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> fix typo: "compatibility"
 Frech> XF:freebsd-linux-module-bo(5968)


======================================================
Candidate: CAN-2000-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0762
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: CF
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: BID:1583
Reference: URL:http://www.securityfocus.com/bid/1583
Reference: XF:etrust-access-control-default
Reference: URL:http://xforce.iss.net/static/5076.php

The default installation of eTrust Access Control (formerly SeOS) uses
a default encryption key, which allows remote attackers to spoof the
eTrust administrator and gain privileges.


Modifications:
  ADDREF XF:etrust-access-control-default(5076)

INFERRED ACTION: CAN-2000-0762 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:etrust-access-control-default
   http://xforce.iss.net/static/5076.php
 Frech> XF:etrust-access-control-default(5076)


======================================================
Candidate: CAN-2000-0764
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0764
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html
Reference: BID:1609
Reference: URL:http://www.securityfocus.com/bid/1609
Reference: XF:intel-express-switch-dos
Reference: URL:http://xforce.iss.net/static/5154.php

Intel Express 500 series switches allow a remote attacker to cause a
denial of service via a malformed IP packet.


Modifications:
  ADDREF XF:intel-express-switch-dos(5154)

INFERRED ACTION: CAN-2000-0764 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Baker, Cole, Levy, Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> XF:intel-express-switch-dos(5154)


======================================================
Candidate: CAN-2000-0766
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0766
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com
Reference: BID:1610
Reference: URL:http://www.securityfocus.com/bid/1610
Reference: XF:vqserver-get-dos
Reference: URL:http://xforce.iss.net/static/5152.php

Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to
cause a denial of service or possibly gain privileges via a long HTTP
GET request.


Modifications:
  ADDREF XF:vqserver-get-dos(5152)

INFERRED ACTION: CAN-2000-0766 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:vqserver-get-dos
   http://xforce.iss.net/static/5152.php
 Frech> XF:vqserver-get-dos(5152)


======================================================
Candidate: CAN-2000-0783
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0783
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 200116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html
Reference: BID:1573
Reference: URL:http://www.securityfocus.com/bid/1573
Reference: XF:firebox-url-dos
Reference: URL:http://xforce.iss.net/static/5098.php

Watchguard Firebox II allows remote attackers to cause a denial of
service by sending a malformed URL to the authentication service on
port 4100.


Modifications:
  ADDREF XF:firebox-url-dos(5098)

INFERRED ACTION: CAN-2000-0783 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:firebox-url-dos
   http://xforce.iss.net/static/5098.php
 Frech> XF:firebox-url-dos(5098)


======================================================
Candidate: CAN-2000-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0804
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Reference: XF:fw1-remote-bypass
Reference: URL:http://xforce.iss.net/static/5468.php

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to bypass the directionality check via fragmented TCP connection
requests or reopening closed TCP connection requests, aka "One-way
Connection Enforcement Bypass."


Modifications:
  ADDREF XF:fw1-remote-bypass(5468)

INFERRED ACTION: CAN-2000-0804 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-remote-bypass(5468)


======================================================
Candidate: CAN-2000-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0805
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
Reference: XF:fw1-client-spoof
Reference: URL:http://xforce.iss.net/static/5469.php

Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits
encapsulated FWS packets, even if they do not come from a valid FWZ
client, aka "Retransmission of Encapsulated Packets."


Modifications:
  ADDREF XF:fw1-client-spoof(5469)

INFERRED ACTION: CAN-2000-0805 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-client-spoof(5469)


======================================================
Candidate: CAN-2000-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0806
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
Reference: XF:fw1-fwa1-auth-replay
Reference: URL:http://xforce.iss.net/static/5162.php

The inter-module authentication mechanism (fwa1) in Check Point
VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct
a denial of service, aka "Inter-module Communications Bypass."


Modifications:
  ADDREF XF:fw1-fwa1-auth-replay(5162)

INFERRED ACTION: CAN-2000-0806 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-fwa1-auth-replay(5162)


======================================================
Candidate: CAN-2000-0807
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0807
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
Reference: XF:fw1-opsec-auth-spoof
Reference: URL:http://xforce.iss.net/static/5471.php

The OPSEC communications authentication mechanism (fwn1) in Check
Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to
spoof connections, aka the "OPSEC Authentication Vulnerability."


Modifications:
  ADDREF XF:fw1-opsec-auth-spoof(5471)

INFERRED ACTION: CAN-2000-0807 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-opsec-auth-spoof(5471)


======================================================
Candidate: CAN-2000-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0808
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Reference: XF:fw1-localhost-auth
Reference: URL:http://xforce.iss.net/static/5137.php

The seed generation mechanism in the inter-module S/Key authentication
mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows
remote attackers to bypass authentication via a brute force attack,
aka "One-time (s/key) Password Authentication."


Modifications:
  ADDREF XF:fw1-localhost-auth(5137)
  DESC Correct typo: "mecahnism"

INFERRED ACTION: CAN-2000-0808 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-localhost-auth(5137)
 Christey> Correct typo: "mecahnism"


======================================================
Candidate: CAN-2000-0809
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0809
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Reference: XF:fw1-getkey-bo
Reference: URL:http://xforce.iss.net/static/5139.php

Buffer overflow in Getkey in the protocol checker in the inter-module
communication mechanism in Check Point VPN-1/FireWall-1 4.1 and
earlier allows remote attackers to cause a denial of service.


Modifications:
  ADDREF XF:fw1-getkey-bo(5139)

INFERRED ACTION: CAN-2000-0809 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:fw1-getkey-bo(5139)


======================================================
Candidate: CAN-2000-0810
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1782
Reference: XF:auction-weaver-delete-files
Reference: URL:http://xforce.iss.net/static/5371.php

Auction Weaver 1.0 through 1.04 does not properly validate the names
of form fields, which allows remote attackers to delete arbitrary
files and directories via a .. (dot dot) attack.


Modifications:
  ADDREF XF:auction-weaver-delete-files(5371)

INFERRED ACTION: CAN-2000-0810 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Mell

Voter Comments:
 Frech> XF:auction-weaver-username-bidfile(5372)
 Christey> Actually, the reference is XF:auction-weaver-delete-files(5371)


======================================================
Candidate: CAN-2000-0811
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1783
Reference: XF:auction-weaver-username-bidfile
Reference: URL:http://xforce.iss.net/static/5372.php

Auction Weaver 1.0 through 1.04 allows remote attackers to read
arbitrary files via a .. (dot dot) attack on the username or bidfile
form fields.


Modifications:
  ADDREF XF:auction-weaver-username-bidfile(5372)

INFERRED ACTION: CAN-2000-0811 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(1) Mell

Voter Comments:
 Frech> XF:auction-weaver-username-bidfile(5372)


======================================================
Candidate: CAN-2000-0813
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0813
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000926
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Reference: XF:fw1-ftp-redirect
Reference: URL:http://xforce.iss.net/static/5474.php

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to redirect FTP connections to other servers ("FTP Bounce") via
invalid FTP commands that are processed improperly by FireWall-1, aka
"FTP Connection Enforcement Bypass."


Modifications:
  ADDREF XF:fw1-ftp-redirect(5474)

INFERRED ACTION: CAN-2000-0813 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:fw1-ftp-redirect(5474)


======================================================
Candidate: CAN-2000-0824
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0824
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/0992.html
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: URL:http://www.securityfocus.com/archive/1/79537
Reference: CALDERA:CSSA-2000-028.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: MANDRAKE:MDKSA-2000:040
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
Reference: MANDRAKE:MDKSA-2000:045
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Reference: REDHAT:RHSA-2000:057-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-04.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: SUSE:20000924 glibc locale security problem
Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Reference: BID:648
Reference: URL:http://www.securityfocus.com/bid/648
Reference: BID:1639
Reference: URL:http://www.securityfocus.com/bid/1639
Reference: XF:glibc-ld-unsetenv
Reference: URL:http://xforce.iss.net/static/5173.php

The unsetenv function in glibc 2.1.1 does not properly unset an
environmental variable if the variable is provided twice to a program,
which could allow local users to execute arbitrary commands in setuid
programs by specifying their own duplicate environmental variables
such as LD_PRELOAD or LD_LIBRARY_PATH.


Modifications:
  ADDREF XF:glibc-ld-unsetenv(5173)

INFERRED ACTION: CAN-2000-0824 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:glibc-ld-unsetenv(5173)


======================================================
Candidate: CAN-2000-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001015
Category: CF
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: MS:MS00-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: XF:win2k-telnet-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5242.php

The Windows 2000 telnet client attempts to perform NTLM authentication
by default, which allows remote attackers to capture and replay the
NTLM challenge/response via a telnet:// URL that points to the
malicious server, aka the "Windows 2000 Telnet Client NTLM
Authentication" vulnerability.

INFERRED ACTION: CAN-2000-0834 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(5) Frech, Baker, Magdych, Cole, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Magdych> ACKNOWLEDGED-BY-VENDOR


======================================================
Candidate: CAN-2000-0837
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0837
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/73843
Reference: BID:1543
Reference: URL:http://www.securityfocus.com/bid/1543
Reference: XF:servu-null-character-dos
Reference: URL:http://xforce.iss.net/static/5029.php

FTP Serv-U 2.5e allows remote attackers to cause a denial of service
by sending a large number of null bytes.

INFERRED ACTION: CAN-2000-0837 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:servu-null-character-dos(5029)


======================================================
Candidate: CAN-2000-0844
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0844
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: CALDERA:CSSA-2000-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
Reference: REDHAT:RHSA-2000-057-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-02.html
Reference: SUSE:20000906 glibc locale security problem
Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: AIXAPAR:IY13753
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Reference: COMPAQ:SSRT0689U
Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
Reference: SGI:20000901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://www.securityfocus.com/archive/1/79960
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634
Reference: XF:unix-locale-format-string(5176)

Some functions that implement the locale subsystem on Unix do not
properly cleanse user-injected format strings, which allows local attackers
to execute arbitrary commands via functions such as gettext and catopen.


Modifications:
  ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
  ADDREF DEBIAN:20000902 glibc: local root exploit
  ADDREF CALDERA:CSSA-2000-030.0
  ADDREF REDHAT:RHSA-2000-057-02
  ADDREF SUSE:20000906 glibc locale security problem
  ADDREF TURBO:TLSA2000020-1
  ADDREF AIXAPAR:IY13753
  ADDREF COMPAQ:SSRT0689U
  ADDREF SGI:20000901-01-P
  ADDREF XF:unix-locale-format-string(5176)

INFERRED ACTION: CAN-2000-0844 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Baker, Cole, Bollinger
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Christey> ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
   http://www.securityfocus.com/archive/1/79960
   DEBIAN:20000902 glibc: local root exploit
   http://www.debian.org/security/2000/20000902
   CALDERA:CSSA-2000-030.0
   http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
   REDHAT:RHSA-2000-057-02
   http://www.redhat.com/support/errata/RHSA-2000-057-02.html
   SUSE:20000906 glibc locale security problem
   http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
   TURBO:TLSA2000020-1
   http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
 Christey> ADDREF AIXAPAR:IY13753
   http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
 Christey> ADDREF COMPAQ:SSRT0689U
   URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
   ADDREF SGI:20000901-01-P
   URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
 Frech> XF:unix-locale-format-string(5176)


======================================================
Candidate: CAN-2000-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0846
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Reference: BID:1598
Reference: URL:http://www.securityfocus.com/bid/1598
Reference: XF:darxite-login-bo
Reference: URL:http://xforce.iss.net/static/5134.php

Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to
execute arbitrary commands via a long username or password.

INFERRED ACTION: CAN-2000-0846 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:darxite-login-bo(5143)


======================================================
Candidate: CAN-2000-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0847
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687
Reference: XF:c-client-dos(5223)

Buffer overflow in University of Washington c-client library (used by
pine and other programs) allows remote attackers to execute arbitrary
commands via a long X-Keywords header.


Modifications:
  ADDREF XF:c-client-dos(5223)

INFERRED ACTION: CAN-2000-0847 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:c-client-dos(5223)


======================================================
Candidate: CAN-2000-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: XF:websphere-header-dos
Reference: URL:http://xforce.iss.net/static/5252.php

Buffer overflow in IBM WebSphere web application server (WAS) allows
remote attackers to execute arbitrary commands via a long Host:
request header.

INFERRED ACTION: CAN-2000-0848 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0849
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0849
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: MS:MS00-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655
Reference: XF:unicast-service-dos(5193)

Race condition in Microsoft Windows Media server allows remote attackers
to cause a denial of service in the Windows Media Unicast Service via a
malformed request, aka the "Unicast Service Race Condition" vulnerability.


Modifications:
  ADDREF XF:unicast-service-dos(5193)

INFERRED ACTION: CAN-2000-0849 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Baker, Cole, Wall
   MODIFY(1) Frech

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:unicast-service-dos(5193)


======================================================
Candidate: CAN-2000-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5230.php

Netegrity SiteMinder before 4.11 allows remote attackers to bypass
its authentication mechanism by appending "$/FILENAME.ext" (where ext
is .ccc, .class, or .jpg) to the requested URL.

INFERRED ACTION: CAN-2000-0850 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0851
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: MS:MS00-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: XF:w2k-still-image-service
Reference: URL:http://xforce.iss.net/static/5203.php

Buffer overflow in the Still Image Service in Windows 2000 allows local
users to gain additional privileges via a long WM_USER message, aka the
"Still Image Service Privilege Escalation" vulnerability.

INFERRED ACTION: CAN-2000-0851 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: XF:freebsd-eject-port
Reference: URL:http://xforce.iss.net/static/5248.php

Multiple buffer overflows in eject on FreeBSD and possibly other OSes
allows local users to gain root privileges.

INFERRED ACTION: CAN-2000-0852 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Magdych, Cole
   NOOP(1) Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Magdych> ACKNOWLEDGED-BY-VENDOR


======================================================
Candidate: CAN-2000-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: XF:yabb-file-access
Reference: URL:http://xforce.iss.net/static/5254.php

YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0853 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0858
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0858
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: XF:iis-invald-url-dos
Reference: URL:http://xforce.iss.net/static/5202.php

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to
cause a denial of service in IIS by sending it a series of malformed
requests which cause INETINFO.EXE to fail, aka the "Invalid URL"
vulnerability.

INFERRED ACTION: CAN-2000-0858 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> We may be changing this to iis-invalid-url-dos (to correct the misspelling
   in the tagname), but the URL will remain constant. I'll let MITRE know
   if/when this happens, but I didn't want to hold up the voting.


======================================================
Candidate: CAN-2000-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0860
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: XF:php-file-upload
Reference: URL:http://xforce.iss.net/static/5190.php

The file upload capability in PHP versions 3 and 4 allows remote
attackers to read arbitrary files by setting hidden form fields whose
names match the names of internal PHP script variables.

INFERRED ACTION: CAN-2000-0860 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0861
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667
Reference: XF:mailman-execute-external-commands(5493)

Mailman 1.1 allows list administrators to execute arbitrary commands
via shell metacharacters in the %(listname) macro expansion.


Modifications:
  ADDREF XF:mailman-execute-external-commands(5493)

INFERRED ACTION: CAN-2000-0861 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Christey> Mention the external archiving mechanism?
 Frech> XF:mailman-execute-external-commands(5493)


======================================================
Candidate: CAN-2000-0862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0862
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ALLAIRE:ASB00-23
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html
Reference: XF:allaire-spectra-admin-access
Reference: URL:http://xforce.iss.net/static/5466.php

Vulnerability in an administrative interface utility for Allaire
Spectra 1.0.1 allows remote attackers to read and modify sensitive
configuration information.


Modifications:
  ADDREF XF:allaire-spectra-admin-access(5466)

INFERRED ACTION: CAN-2000-0862 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:allaire-spectra-admin-access(5466)


======================================================
Candidate: CAN-2000-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html
Reference: XF:listmanager-port-bo
Reference: URL:http://xforce.iss.net/static/5503.php

Buffer overflow in listmanager earlier than 2.105.1 allows local users
to gain additional privileges.


Modifications:
  ADDREF XF:listmanager-port-bo(5503)

INFERRED ACTION: CAN-2000-0863 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Baker, Magdych, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Magdych> ACKNOWLEDGED-BY-VENDOR
 Frech> XF:listmanager-port-bo(5503)


======================================================
Candidate: CAN-2000-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0864
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: FREEBSD:FreeBSD-SA-00:45
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html
Reference: MANDRAKE:MDKSA-2000:051
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm
Reference: REDHAT:RHSA-2000:077-03
Reference: DEBIAN:20001008 esound: race condition
Reference: URL:http://www.debian.org/security/2000/20001008
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
Reference: SUSE:20001012 esound daemon race condition
Reference: URL:http://www.suse.de/de/support/security//esound_daemon_race_condition.txt
Reference: BID:1659
Reference: URL:http://www.securityfocus.com/bid/1659
Reference: XF:gnome-esound-symlink
Reference: URL:http://xforce.iss.net/static/5213.php

Race condition in the creation of a Unix domain socket in GNOME esound
0.2.19 and earlier allows a local user to change the permissions of
arbitrary files and directories, and gain additional privileges, via a
symlink attack.


Modifications:
  ADDREF XF:gnome-esound-symlink(5213)
  ADDREF DEBIAN:20001008 esound: race condition
  ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound
  ADDREF SUSE:20001012 esound daemon race condition

INFERRED ACTION: CAN-2000-0864 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:gnome-esound-symlink(5213)
 Christey> ADDREF DEBIAN:20001008 esound: race condition
   http://www.debian.org/security/2000/20001008
   ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound
   http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
   ADDREF SUSE:20001012 esound daemon race condition
   http://www.suse.de/de/support/security//esound_daemon_race_condition.txt


======================================================
Candidate: CAN-2000-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697
Reference: XF:doublevision-dvtermtype-bo
Reference: URL:http://xforce.iss.net/static/5261.php

Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows
local users to gain root privileges via a long terminal type argument.


Modifications:
  ADDREF XF:doublevision-dvtermtype-bo(5261)

INFERRED ACTION: CAN-2000-0865 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Magdych, Christey, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Christey> ADDREF XF:doublevision-dvtermtype-bo
   URL:http://xforce.iss.net/static/5261.php
 Frech> XF:doublevision-dvtermtype-bo(5261)


======================================================
Candidate: CAN-2000-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: REDHAT:RHSA-2000:061-02
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: CALDERA:CSSA-2000-032.0
Reference: TURBO:TLSA2000022-2
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: URL:http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2
Reference: XF:klogd-format-string
Reference: URL:http://xforce.iss.net/static/5259.php

Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.


Modifications:
  ADDREF TURBO:TLSA2000022-2
  ADDREF SUSE:20000920 syslogd + klogd format string parsing error
  ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd

INFERRED ACTION: CAN-2000-0867 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Magdych, Cole
   NOOP(2) Christey, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Magdych> ACKNOWLEDGED-BY-VENDOR
 Christey> ADDREF TURBO:TLSA2000022-2
   http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
   ADDREF SUSE:20000920 syslogd + klogd format string parsing error
   http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt
 Christey> ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd


======================================================
Candidate: CAN-2000-0868
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0868
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: XF:suse-apache-cgi-source-code
Reference: URL:http://xforce.iss.net/static/5197.php

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows
remote attackers to read source code for CGI scripts by replacing the
/cgi-bin/ in the requested URL with /cgi-bin-sdb/.

INFERRED ACTION: CAN-2000-0868 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0869
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: XF:apache-webdav-directory-listings
Reference: URL:http://xforce.iss.net/static/5204.php

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables
WebDAV, which allows remote attackers to list arbitrary diretories via
the PROPFIND HTTP request method.

INFERRED ACTION: CAN-2000-0869 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: XF:eftp-bo
Reference: URL:http://xforce.iss.net/static/5219.php

Buffer overflow in EFTP allows remote attackers to cause a denial of
service via a long string.

INFERRED ACTION: CAN-2000-0870 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: XF:eftp-newline-dos
Reference: URL:http://xforce.iss.net/static/5220.php

Buffer overflow in EFTP allows remote attackers to cause a denial of
service by sending a string that does not contain a newline, then
disconnecting from the server.

INFERRED ACTION: CAN-2000-0871 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0873
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: XF:aix-clear-netstat
Reference: URL:http://xforce.iss.net/static/5214.php

netstat in AIX 4.x.x does not properly restrict access to the -Zi
option, which allows local users to clear network interface statistics
and possibly hide evidence of unusual network activities.


Modifications:
  DESC Change "hiding" to "hide"

INFERRED ACTION: CAN-2000-0873 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Bollinger
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> Consider changing "possibly hiding evidence" to "possibly hide evidence"
   (parallelism with "clear")


======================================================
Candidate: CAN-2000-0878
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669
Reference: XF:mailto-piped-address
Reference: URL:http://xforce.iss.net/static/5241.php

The mailto CGI script allows remote attacker to execute arbitrary
commands via shell metacharacters in the emailadd form field.


Modifications:
  ADDREF XF:mailto-piped-address(5241)
  DESC Fix typo: "metacharactwers"

INFERRED ACTION: CAN-2000-0878 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Magdych, Christey, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Christey> Correct Barbara Walters-style spelling of "metacharactwers"
 Christey> ADDREF XF:mailto-piped-address
 Frech> XF:mailto-piped-address(5241)


======================================================
Candidate: CAN-2000-0883
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: CF
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: XF:linux-mod-perl
Reference: URL:http://xforce.iss.net/static/5257.php

The default configuration of mod_perl for Apache as installed on
Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be
browseable, which allows remote attackers to list the contents of that
directory.

INFERRED ACTION: CAN-2000-0883 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Magdych
   NOOP(2) Cole, Wall

Voter Comments:
 Magdych> ACKNOWLEDGED-BY-VENDOR


======================================================
Candidate: CAN-2000-0884
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001019
Category: SF
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Reference: BID:1806
Reference: XF:iis-unicode-translation
Reference: URL:http://xforce.iss.net/static/5377.php

IIS 4.0 and 5.0 allows remote attackers to read documents outside of
the web root, and possibly execute arbitrary commands, via malformed
URLs that contain UNICODE encoded characters, aka the "Web Server
Folder Traversal" vulnerability.


Modifications:
  ADDREF XF:iis-unicode-translation(5377)

INFERRED ACTION: CAN-2000-0884 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-unicode-translation(5377)


======================================================
Candidate: CAN-2000-0886
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001102
Category: SF
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&;
Reference: MS:MS00-086
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912
Reference: XF:iis-invalid-filename-passing(5470)

IIS 5.0 allows remote attackers to execute arbitrary commands via a
malformed request for an executable file whose name is appended with
operating system commands, aka the "Web Server File Request Parsing"
vulnerability.


Modifications:
  ADDREF XF:iis-invalid-filename-passing(5470)

INFERRED ACTION: CAN-2000-0886 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-invalid-filename-passing(5470)
 Frech> XF:iis-invalid-filename-passing(5470)


======================================================
Candidate: CAN-2000-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923
Reference: XF:bind-zxfr-dos(5540)

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by making a compressed zone transfer (ZXFR) request
and performing a name service query on an authoritative record that is
not cached, aka the "zxfr bug."


Modifications:
  ADDREF DEBIAN:20001112 bind: remote Denial of Service
  ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
  ADDREF SUSE:SuSE-SA:2000:45
  ADDREF IBM:ERS-SVA-E01-2000:005.1
  ADDREF XF:bind-zxfr-dos(5540)

INFERRED ACTION: CAN-2000-0887 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Baker, Cole, Mell, TempVoter4
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service
   http://www.debian.org/security/2000/20001112
   ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
   http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html

   SUSE:SuSE-SA:2000:45
   http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
   ADDREF IBM:ERS-SVA-E01-2000:005.1
 Frech> XF:bind-zxfr-dos(5540)
 Frech> XF:bind-zxfr-dos(5540)


======================================================
Candidate: CAN-2000-0888
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: XF:bind-srv-dos(5814)

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by sending an SRV record to the server, aka the "srv
bug."


Modifications:
  ADDREF DEBIAN:20001112 bind: remote Denial of Service
  ADDREF IBM:ERS-SVA-E01-2000:005.1
  ADDREF SUSE:SuSE-SA:2000:45
  ADDREF XF:bind-srv-dos(5814)

INFERRED ACTION: CAN-2000-0888 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service
   http://www.debian.org/security/2000/20001112
   ADDREF IBM:ERS-SVA-E01-2000:005.1
   SUSE:SuSE-SA:2000:45
   http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
 Frech> XF:bind-srv-dos(5814)


======================================================
Candidate: CAN-2000-0900
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0900
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
Reference: XF:acme-thttpd-ssi
Reference: URL:http://xforce.iss.net/static/5313.php
Reference: BID:1737
Reference: URL:http://www.securityfocus.com/bid/1737

Directory traversal vulnerability in ssi CGI program in thttpd 2.19
and earlier allows remote attackers to read arbitrary files via a
"%2e%2e" string, a variation of the .. (dot dot) attack.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:73

INFERRED ACTION: CAN-2000-0900 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:73
   ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc


======================================================
Candidate: CAN-2000-0901
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0901
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/80178
Reference: DEBIAN:20000902 screen: local exploit
Reference: URL:http://www.debian.org/security/2000/20000902a
Reference: MANDRAKE:MDKSA-2000:044
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Reference: SUSE:20000906 screen format string parsing security problem
Reference: URL:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt
Reference: REDHAT:RHSA-2000:058-03
Reference: URL:http://www.redhat.com
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Reference: BID:1641
Reference: URL:http://www.securityfocus.com/bid/1641
Reference: XF:screen-format-string
Reference: URL:http://xforce.iss.net/static/5188.php

Format string vulnerability in screen 3.9.5 and earlier allows local
users to gain root privileges via format characters in the vbell_msg
initialization variable.

INFERRED ACTION: CAN-2000-0901 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0908
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0908
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: XF:browsegate-http-dos
Reference: URL:http://xforce.iss.net/static/5270.php
Reference: BID:1702
Reference: URL:http://www.securityfocus.com/bid/1702

BrowseGate 2.80 allows remote attackers to cause a denial of service
and possibly execute arbitrary commands via long Authorization or
Referer MIME headers in the HTTP request.

INFERRED ACTION: CAN-2000-0908 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0909
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0909
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000922  [ no subject ]
Reference: URL:http://www.securityfocus.com/archive/1/84901
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
Reference: REDHAT:RHSA-2000-102-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html
Reference: MANDRAKE:MDKSA-2000:073
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
Reference: BID:1709
Reference: URL:http://www.securityfocus.com/bid/1709
Reference: XF:pine-check-mail-bo
Reference: URL:http://xforce.iss.net/static/5283.php

Buffer overflow in the automatic mail checking component of Pine 4.21
and earlier allows remote attackers to execute arbitrary commands via
a long From: header.


Modifications:
  ADDREF MANDRAKE:MDKSA-2000:073

INFERRED ACTION: CAN-2000-0909 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF MANDRAKE:MDKSA-2000:073
   http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3


======================================================
Candidate: CAN-2000-0910
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0910
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html
Reference: DEBIAN:20000910 imp: remote compromise
Reference: URL:http://www.debian.org/security/2000/20000910
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: BID:1674
Reference: URL:http://www.securityfocus.com/bid/1674
Reference: XF:horde-imp-sendmail-command
Reference: URL:http://xforce.iss.net/static/5278.php

Horde library 1.02 allows attackers to execute arbitrary commands via
shell metacharacters in the "from" address.

INFERRED ACTION: CAN-2000-0910 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0911
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000912  (SRADV00003) Arbitrary file disclosure through IMP
Reference: URL:http://www.securityfocus.com/archive/1/82088
Reference: BID:1679
Reference: URL:http://www.securityfocus.com/bid/1679
Reference: XF:imp-attach-file
Reference: URL:http://xforce.iss.net/static/5227.php

IMP 2.2 and earlier allows attackers to read and delete arbitrary
files by modifying the attachment_name hidden form variable, which
causes IMP to send the file to the attacker as an attachment.

INFERRED ACTION: CAN-2000-0911 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0912
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html
Reference: XF:http-cgi-multihtml
Reference: URL:http://xforce.iss.net/static/5285.php

MultiHTML CGI script allows remote attackers to read arbitrary files
and possibly execute arbitrary commands by specifying the file name to
the "multi" parameter.

INFERRED ACTION: CAN-2000-0912 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0913
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
Reference: MANDRAKE:MDKSA-2000:060
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088-04.html
Reference: CALDERA:CSSA-2000-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt
Reference: HP:HPSBUX0010-126
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html
Reference: BID:1728
Reference: URL:http://www.securityfocus.com/bid/1728
Reference: XF:apache-rewrite-view-files
Reference: URL:http://xforce.iss.net/static/5310.php

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to
read arbitrary files if a RewriteRule directive is expanded to include
a filename whose name contains a regular expression.

INFERRED ACTION: CAN-2000-0913 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0914
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: XF:bsd-arp-request-dos
Reference: URL:http://xforce.iss.net/static/5340.php

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of
service by flooding the server with ARP requests.

INFERRED ACTION: CAN-2000-0914 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0915
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0915
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: XF:freebsd-fingerd-files
Reference: URL:http://xforce.iss.net/static/5385.php

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary
files by specifying the target file name instead of a regular user
name.

INFERRED ACTION: CAN-2000-0915 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0917
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0917
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html
Reference: CERT:CA-2000-22
Reference: URL:http://www.cert.org/advisories/CA-2000-22.html
Reference: CALDERA:CSSA-2000-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt
Reference: REDHAT:RHSA-2000:065-06
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065-06.html
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc
Reference: XF:lprng-format-string
Reference: URL:http://xforce.iss.net/static/5287.php
Reference: BID:1712
Reference: URL:http://www.securityfocus.com/bid/1712

Format string vulnerability in use_syslog() function in LPRng 3.6.24
allows remote attackers to execute arbitrary commands.


Modifications:
  ADDREF CERT:CA-2000-22

INFERRED ACTION: CAN-2000-0917 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF CERT:CA-2000-22
   URL:http://www.cert.org/advisories/CA-2000-22.html


======================================================
Candidate: CAN-2000-0919
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0919
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: XF:phpix-dir-traversal
Reference: URL:http://xforce.iss.net/static/5331.php

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and
earlier allows remote attackers to read arbitrary files via a .. (dot
dot) attack.

INFERRED ACTION: CAN-2000-0919 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0920
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0920
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: XF:boa-webserver-get-dir-traversal
Reference: URL:http://xforce.iss.net/static/5330.php

Directory traversal vulnerability in BOA web server 0.94.8.2 and
earlier allows remote attackers to read arbitrary files via a modified
.. (dot dot) attack in the GET HTTP request that uses a "%2E" instead
of a "."

INFERRED ACTION: CAN-2000-0920 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0921
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: XF:hassan-shopping-cart-dir-traversal
Reference: URL:http://xforce.iss.net/static/5342.php

Directory traversal vulnerability in Hassan Consulting shop.cgi
shopping cart program allows remote attackers to read arbitrary files
via a .. (dot dot) attack on the page parameter.

INFERRED ACTION: CAN-2000-0921 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0922
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: XF:web-shopper-directory-traversal
Reference: URL:http://xforce.iss.net/static/5351.php

Directory traversal vulnerability in Bytes Interactive Web Shopper
shopping cart program (shopper.cgi) 2.0 and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
newpage parameter.

INFERRED ACTION: CAN-2000-0922 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0923
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute
Reference: URL:http://xforce.iss.net/static/5333.php
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784

authenticate.cgi CGI program in Aplio PRO allows remote attackers to
execute arbitrary commands via shell metacharacters in the password
parameter.

INFERRED ACTION: CAN-2000-0923 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0924
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772
Reference: XF:master-index-directory-traversal
Reference: URL:http://xforce.iss.net/static/5355.php

Directory traversal vulnerability in search.cgi CGI script in Armada
Master Index allows remote attackers to read arbitrary files via a
.. (dot dot) attack in the "catigory" parameter.


Modifications:
  ADDREF XF:master-index-directory-traversal(5355)

INFERRED ACTION: CAN-2000-0924 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:master-index-directory-traversal(5355)


======================================================
Candidate: CAN-2000-0925
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0925
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html
Reference: BID:1734
Reference: URL:http://www.securityfocus.com/bid/1734
Reference: XF:cyberoffice-world-readable-directory
Reference: URL:http://xforce.iss.net/static/5318.php

The default installation of SmartWin CyberOffice Shopping Cart 2 (aka
CyberShop) installs the _private directory with world readable
permissions, which allows remote attackers to obtain sensitive
information.


Modifications:
  XF:cyberoffice-world-readable-directory(5318)

INFERRED ACTION: CAN-2000-0925 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:cyberoffice-world-readable-directory(5318)


======================================================
Candidate: CAN-2000-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0926
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
Reference: BID:1733
Reference: URL:http://www.securityfocus.com/bid/1733
Reference: XF:cyberoffice-price-modification
Reference: URL:http://xforce.iss.net/static/5319.php

SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote
attackers to modify price information by changing the "Price" hidden
form variable.


Modifications:
  ADDREF XF:cyberoffice-price-modification(5319)

INFERRED ACTION: CAN-2000-0926 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:cyberoffice-price-modification(5319)


======================================================
Candidate: CAN-2000-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0928
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765
Reference: XF:quotaadvisor-list-files
Reference: URL:http://xforce.iss.net/static/5327.php

WQuinn QuotaAdvisor 4.1 allows users to list directories and files by
running a report on the targeted shares.


Modifications:
  ADDREF XF:quotaadvisor-list-files(5327)

INFERRED ACTION: CAN-2000-0928 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:quotaadvisor-list-files(5327)


======================================================
Candidate: CAN-2000-0929
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0929
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2
Reference: MS:MS00-068
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp
Reference: BID:1714
Reference: URL:http://www.securityfocus.com/bid/1714
Reference: XF:mediaplayer-outlook-dos
Reference: URL:http://xforce.iss.net/static/5309.php

Microsoft Windows Media Player 7 allows attackers to cause a denial of
service in RTF-enabled email clients via an embedded OCX control that
is not closed properly, aka the "OCX Attachment" vulnerability.

INFERRED ACTION: CAN-2000-0929 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Cole, Mell, Wall


======================================================
Candidate: CAN-2000-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0930
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html
Reference: BID:1738
Reference: URL:http://www.securityfocus.com/bid/1738
Reference: XF:pegasus-file-forwarding
Reference: URL:http://xforce.iss.net/static/5326.php

Pegasus Mail 3.12 allows remote attackers to read arbitrary files via
an embedded URL that calls the mailto: protocol with a -F switch.

INFERRED ACTION: CAN-2000-0930 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0932
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html
Reference: XF:mailsweeper-smtp-dos
Reference: URL:http://xforce.iss.net/static/5641.php

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA
documents in a ZIP file and hangs, which allows remote attackers to
cause a denial of service.


Modifications:
  ADDREF XF:mailsweeper-smtp-dos(5641)

INFERRED ACTION: CAN-2000-0932 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Mell, Wall

Voter Comments:
 Frech> XF:mailsweeper-smtp-dos(5641)


======================================================
Candidate: CAN-2000-0933
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0933
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp
Reference: BID:1729
Reference: URL:http://www.securityfocus.com/bid/1729
Reference: XF:win2k-simplified-chinese-ime
Reference: URL:http://xforce.iss.net/static/5301.php

The Input Method Editor (IME) in the Simplified Chinese version of
Windows 2000 does not disable access to privileged functionality that
should normally be restricted, which allows local users to gain
privileges, aka the "Simplified Chinese IME State Recognition"
vulnerability.

INFERRED ACTION: CAN-2000-0933 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Cole, Mell, Wall


======================================================
Candidate: CAN-2000-0934
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0934
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: REDHAT:RHSA-2000:062-03
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0250.html
Reference: BID:1703
Reference: URL:http://www.securityfocus.com/bid/1703
Reference: XF:glint-symlink
Reference: URL:http://xforce.iss.net/static/5271.php

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary
files and cause a denial of service via a symlink attack.

INFERRED ACTION: CAN-2000-0934 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0935
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: XF:samba-swat-logging-sym-link
Reference: URL:http://xforce.iss.net/static/5443.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users
to overwrite arbitrary files via a symlink attack on the cgi.log file.

INFERRED ACTION: CAN-2000-0935 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(2) Cole, TempVoter4


======================================================
Candidate: CAN-2000-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0936
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: XF:samba-swat-logfile-info
Reference: URL:http://xforce.iss.net/static/5445.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the
cgi.log logging file with world readable permissions, which allows
local users to read sensitive information such as user names and
passwords.

INFERRED ACTION: CAN-2000-0936 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(2) Cole, TempVoter4


======================================================
Candidate: CAN-2000-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0937
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: XF:samba-swat-brute-force
Reference: URL:http://xforce.iss.net/static/5442.php

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login
attempts in which the username is correct but the password is wrong,
which allows remote attackers to conduct brute force password guessing
attacks.

INFERRED ACTION: CAN-2000-0937 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0938
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a
different error message when a valid username is provided versus an
invalid name, which allows remote attackers to identify valid users on
the server.


Modifications:
  ADDREF XF:samba-swat-brute-force(5442)

INFERRED ACTION: CAN-2000-0938 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Mell, TempVoter4
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:samba-swat-brute-force(5442)


======================================================
Candidate: CAN-2000-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0941
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: XF:kw-whois-meta
Reference: URL:http://xforce.iss.net/static/5438.php

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to
execute arbitrary commands via shell metacharacters in the "whois"
parameter.

INFERRED ACTION: CAN-2000-0941 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4


======================================================
Candidate: CAN-2000-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: XF:iis-htw-cross-scripting
Reference: URL:http://xforce.iss.net/static/5441.php

The CiWebHitsFile component in Microsoft Indexing Services for Windows
2000 allows remote attackers to conduct a cross site scripting (CSS)
attack via a CiRestriction parameter in a .htw request, aka the
"Indexing Services Cross Site Scripting" vulnerability.

INFERRED ACTION: CAN-2000-0942 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0943
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: BID:1858
Reference: XF:bftpd-user-bo
Reference: URL:http://xforce.iss.net/static/5426.php

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers
to cause a denial of service and possibly execute arbitrary commands
via a long USER command.


Modifications:
  ADDREF BID:1858

INFERRED ACTION: CAN-2000-0943 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF BID:1858


======================================================
Candidate: CAN-2000-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0944
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: XF:news-update-bypass-password
Reference: URL:http://xforce.iss.net/static/5433.php

CGI Script Center News Update 1.1 does not properly validate the
original news administration password during a password change
operation, which allows remote attackers to modify the password
without knowing the original password.

INFERRED ACTION: CAN-2000-0944 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0946
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: XF:compaq-ea-elevate-privileges
Reference: URL:http://xforce.iss.net/static/5718.php

Compaq Easy Access Keyboard software 1.3 does not properly disable
access to custom buttons when the screen is locked, which could allow
an attacker to gain privileges or execute programs without
authorization.


Modifications:
  ADDREF XF:compaq-ea-elevate-privileges(5718)

INFERRED ACTION: CAN-2000-0946 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:compaq-ea-elevate-privileges(5718)


======================================================
Candidate: CAN-2000-0947
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0947
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Reference: MANDRAKE:MDKSA-2000:061
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Reference: NETBSD:NetBSD-SA2000-013
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Reference: BID:1757
Reference: URL:http://www.securityfocus.com/bid/1757
Reference: XF:cfengine-cfd-format-string
Reference: URL:http://xforce.iss.net/static/5630.php

Format string vulnerability in cfd daemon in GNU CFEngine before
1.6.0a11 allows attackers to execute arbitrary commands via format
characters in the CAUTH command.


Modifications:
  ADDREF XF:cfengine-cfd-format-string(5630)

INFERRED ACTION: CAN-2000-0947 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cfengine-cfd-format-string(5630)


======================================================
Candidate: CAN-2000-0948
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0948
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/136866
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html
Reference: MANDRAKE:MDKSA-2000:055
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0
Reference: REDHAT:RHSA-2000:072-07
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html
Reference: BID:1761
Reference: URL:http://www.securityfocus.com/bid/1761
Reference: XF:gnorpm-temp-symlink
Reference: URL:http://xforce.iss.net/static/5317.php

GnoRPM before 0.95 allows local users to modify arbitrary files via a
symlink attack.

INFERRED ACTION: CAN-2000-0948 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0949
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0949
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
Reference: CALDERA:CSSA-2000-034.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
Reference: MANDRAKE:MDKSA-2000:053
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
Reference: REDHAT:RHSA-2000:078-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078-02.html
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: URL:http://www.debian.org/security/2000/20001013
Reference: TURBO:TLSA2000023-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
Reference: BID:1739
Reference: URL:http://www.securityfocus.com/bid/1739
Reference: XF:traceroute-heap-overflow
Reference: URL:http://xforce.iss.net/static/5311.php

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier
allows a local user to execute arbitrary commands via the -g option.

INFERRED ACTION: CAN-2000-0949 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0951
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: ATSTAKE:A100400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt
Reference: MSKB:Q272079
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079
Reference: BID:1756
Reference: URL:http://www.securityfocus.com/bid/1756
Reference: XF:iis-index-dir-traverse
Reference: URL:http://xforce.iss.net/static/5335.php

A misconfiguration in IIS 5.0 with Index Server enabled and the Index
property set allows remote attackers to list directories in the web
root via a Web Distributed Authoring and Versioning (WebDAV) search.

INFERRED ACTION: CAN-2000-0951 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Cole, Mell, Wall


======================================================
Candidate: CAN-2000-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0952
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NETBSD:NetBSD-SA2000-014
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: XF:global-execute-remote-commands
Reference: URL:http://xforce.iss.net/static/5424.php

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows
remote attackers to execute arbitrary commands via shell
metacharacters.

INFERRED ACTION: CAN-2000-0952 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0953
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: XF:shambala-connection-dos
Reference: URL:http://xforce.iss.net/static/5345.php

Shambala Server 4.5 allows remote attackers to cause a denial of
service by opening then closing a connection.

INFERRED ACTION: CAN-2000-0953 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0956
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: REDHAT:RHSA-2000:094-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: XF:cyrus-sasl-gain-access
Reference: URL:http://xforce.iss.net/static/5427.php

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify
the authorization for a local user, which could allow the users to
bypass specified access restrictions.

INFERRED ACTION: CAN-2000-0956 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) TempVoter4


======================================================
Candidate: CAN-2000-0957
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0957
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input
Reference: URL:http://xforce.iss.net/static/5447.php

The pluggable authentication module for msql (pam_mysql) before 0.4.7
does not properly cleanse user input when constructing SQL statements,
which allows attackers to obtain plaintext passwords or hashes.

INFERRED ACTION: CAN-2000-0957 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Mell, TempVoter4
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0958
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access
Reference: URL:http://xforce.iss.net/static/5428.php

HotJava Browser 3.0 allows remote attackers to access the DOM of a web
page by opening a javascript: URL in a named window.

INFERRED ACTION: CAN-2000-0958 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0959
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Reference: URL:http://www.securityfocus.com/archive/1/85028
Reference: BID:1719
Reference: URL:http://www.securityfocus.com/bid/1719
Reference: XF:glibc-unset-symlink
Reference: URL:http://xforce.iss.net/static/5299.php

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG
environmental variables when a program is spawned from a setuid
program, which could allow local users to overwrite files via a
symlink attack.

INFERRED ACTION: CAN-2000-0959 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(2) Cole, Wall


======================================================
Candidate: CAN-2000-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0960
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: XF:netscape-messaging-email-verify
Reference: URL:http://xforce.iss.net/static/5364.php

The POP3 server in Netscape Messaging Server 4.15p1 generates
different error messages for incorrect user names versus incorrect
passwords, which allows remote attackers to determine valid users on
the system and harvest email addresses for spam abuse.

INFERRED ACTION: CAN-2000-0960 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0961
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: XF:netscape-messaging-list-dos
Reference: URL:http://xforce.iss.net/static/5292.php

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch
2 allows local users to execute arbitrary commands via a long LIST
command.

INFERRED ACTION: CAN-2000-0961 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0962
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0962
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: BID:1723
Reference: URL:http://www.securityfocus.com/bid/1723
Reference: XF:openbsd-nmap-dos
Reference: URL:http://xforce.iss.net/static/5634.php

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty
AH/ESP packets, which allows remote attackers to cause a denial of
service.


Modifications:
  ADDREF XF:openbsd-nmap-dos(5634)

INFERRED ACTION: CAN-2000-0962 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:openbsd-nmap-dos(5634)


======================================================
Candidate: CAN-2000-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0965
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: XF:hp-virtualvault-nsapi-dos
Reference: URL:http://xforce.iss.net/static/5361.php
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS
10.24 and 11.04 allows an attacker to cause a denial of service (high
CPU utilization)

INFERRED ACTION: CAN-2000-0965 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0966
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: XF:hp-lpspooler-bo
Reference: URL:http://xforce.iss.net/static/5379.php

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of
HP-UX 11.0 and earlier allows local users to gain privileges.

INFERRED ACTION: CAN-2000-0966 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0967
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: DEBIAN:20001014 php3: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014a
Reference: DEBIAN:20001014 php4: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014b
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: XF:php-logging-format-string
Reference: URL:http://xforce.iss.net/static/5359.php

PHP 3 and 4 do not properly cleanse user-injected format strings,
which allows remote attackers to execute arbitrary commands by
triggering error messages that are improperly written to the error
logs.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:75

INFERRED ACTION: CAN-2000-0967 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Christey

Voter Comments:
 Christey> FREEBSD:FreeBSD-SA-00:75
   ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc


======================================================
Candidate: CAN-2000-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0968
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: XF:halflife-server-changelevel-bo
Reference: URL:http://xforce.iss.net/static/5375.php

Buffer overflow in Half Life dedicated server before build 3104 allows
remote attackers to execute arbitrary commands via a long rcon
command.

INFERRED ACTION: CAN-2000-0968 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0969
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-rcon-format-string
Reference: URL:http://xforce.iss.net/static/5413.php

Format string vulnerability in Half Life dedicated server build 3104
and earlier allows remote attackers to execute arbitrary commands by
injecting format strings into the changelevel command, via the system
console or rcon.

INFERRED ACTION: CAN-2000-0969 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0970
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-080
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp
Reference: XF:session-cookie-remote-retrieval
Reference: URL:http://xforce.iss.net/static/5396.php

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure
and insecure web sessions, which could allow remote attackers to
hijack the secure web session of the user if that user moves to an
insecure session, aka the "Session ID Cookie Marking" vulnerability.

INFERRED ACTION: CAN-2000-0970 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0972
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files
Reference: URL:http://xforce.iss.net/static/5410.php

HP-UX 11.00 crontab allows local users to read arbitrary files via the
-e option by creating a symlink to the target file during the crontab
session, quitting the session, and reading the error messages that
crontab generates.

INFERRED ACTION: CAN-2000-0972 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0973
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: DEBIAN:20001013 curl and curl-ssl: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001013a
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: FREEBSD:FreeBSD-SA-00:72
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: XF:curl-error-bo
Reference: URL:http://xforce.iss.net/static/5374.php

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier
than 6.0-1.2, allows remote attackers to execute arbitrary commands by
forcing a long error message to be generated.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:72

INFERRED ACTION: CAN-2000-0973 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:72
   ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc


======================================================
Candidate: CAN-2000-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0974
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: DEBIAN:20001111 gnupg: incorrect signature verification
Reference: URL:http://www.debian.org/security/2000/20001111
Reference: FREEBSD:FreeBSD-SA-00:67
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
Reference: REDHAT:RHSA-2000:089-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089-04.html
Reference: CALDERA:CSSA-2000-038.0
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: XF:gnupg-message-modify
Reference: URL:http://xforce.iss.net/static/5386.php
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file
containing multiple documents, which allows an attacker to modify
contents of all documents but the first without detection.


Modifications:
  ADDREF DEBIAN:20001111 gnupg: incorrect signature verification
  ADDREF FREEBSD:FreeBSD-SA-00:67

INFERRED ACTION: CAN-2000-0974 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF DEBIAN:20001111 gnupg: incorrect signature verification
   http://www.debian.org/security/2000/20001111
   ADDREF FREEBSD:FreeBSD-SA-00:67
   ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc


======================================================
Candidate: CAN-2000-0975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0975
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html
Reference: XF:anaconda-apexec-directory-traversal
Reference: URL:http://xforce.iss.net/static/5750.php

Directory traversal vulnerability in apexec.pl in Anaconda Foundation
Directory allows remote attackers to read arbitrary files via a
.. (dot dot) attack.


Modifications:
  ADDREF XF:anaconda-apexec-directory-traversal(5750)

INFERRED ACTION: CAN-2000-0975 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:anaconda-apexec-directory-traversal(5750)


======================================================
Candidate: CAN-2000-0977
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0977
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807
Reference: XF:mailfile-post-file-read
Reference: URL:http://xforce.iss.net/static/5358.php

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to
read arbitrary files by specifying the target file name in the
"filename" parameter in a POST request, which is then sent by email to
the address specified in the "email" parameter.


Modifications:
  ADDREF XF:mailfile-post-file-read(5358)

INFERRED ACTION: CAN-2000-0977 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:mailfile-post-file-read(5358)


======================================================
Candidate: CAN-2000-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0978
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779
Reference: XF:bb4-netmon-execute-commands
Reference: URL:http://xforce.iss.net/static/5719.php

bbd server in Big Brother System and Network Monitor before 1.5c2
allows remote attackers to execute arbitrary commands via the "&"
shell metacharacter.


Modifications:
  ADDREF XF:bb4-netmon-execute-commands(5719)

INFERRED ACTION: CAN-2000-0978 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:bb4-netmon-execute-commands(5719)


======================================================
Candidate: CAN-2000-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0979
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: XF:win9x-share-level-password
Reference: URL:http://xforce.iss.net/static/5395.php

File and Print Sharing service in Windows 95, Windows 98, and Windows
Me does not properly check the password for a file share, which allows
remote attackers to bypass share access controls by sending a 1-byte
password that matches the first character of the real password, aka
the "Share Level Password" vulnerability.

INFERRED ACTION: CAN-2000-0979 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0980
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-073
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: XF:win-nmpi-packet-dos
Reference: URL:http://xforce.iss.net/static/5357.php

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink
does not properly filter packets from a broadcast address, which
allows remote attackers to cause a broadcast storm and flood the
network.

INFERRED ACTION: CAN-2000-0980 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0981
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication
Reference: URL:http://xforce.iss.net/static/5409.php

MySQL Database Engine uses a weak authentication method which leaks
information that could be used by a remote attacker to recover the
password.

INFERRED ACTION: CAN-2000-0981 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0982
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-076
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: XF:ie-cache-info
Reference: URL:http://xforce.iss.net/static/5367.php

Internet Explorer before 5.5 forwards cached user credentials for a
secure web site to insecure pages on the same web site, which could
allow remote attackers to obtain the credentials by monitoring
connections to the web server, aka the "Cached Web Credentials"
vulnerability.

INFERRED ACTION: CAN-2000-0982 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0983
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: MSKB:Q273854
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: XF:netmeeting-desktop-sharing-dos
Reference: URL:http://xforce.iss.net/static/5368.php

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote
attackers to cause a denial of service (CPU utilization) via a
sequence of null bytes to the NetMeeting port, aka the "NetMeeting
Desktop Sharing" vulnerability.

INFERRED ACTION: CAN-2000-0983 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0984
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: XF:cisco-ios-query-dos
Reference: URL:http://xforce.iss.net/static/5412.php

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to
cause a denial of service (crash and reload) via a URL containing a
"?/" string.

INFERRED ACTION: CAN-2000-0984 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0989
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: XF:intel-email-username-bo
Reference: URL:http://xforce.iss.net/static/5414.php

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service
allows remote attackers to cause a denial of service and possibly
execute commands via a long username.

INFERRED ACTION: CAN-2000-0989 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0990
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: XF:cmd5checkpw-qmail-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5382.php

cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial
of service via an "SMTP AUTH" command with an unknown username.

INFERRED ACTION: CAN-2000-0990 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0991
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-079
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: XF:win-hyperterminal-telnet-bo
Reference: URL:http://xforce.iss.net/static/5387.php

Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98,
ME, and 2000 allows remote attackers to execute arbitrary commands via
a long telnet URL, aka the "HyperTerminal Buffer Overflow"
vulnerability.

INFERRED ACTION: CAN-2000-0991 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-0992
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0992
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000930 scp file transfer hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Reference: MANDRAKE:MDKSA-2000:057
Reference: BID:1742
Reference: URL:http://www.securityfocus.com/bid/1742
Reference: XF:scp-overwrite-files
Reference: URL:http://xforce.iss.net/static/5312.php

Directory traversal vulnerability in scp in sshd 1.2.xx allows a
remote malicious scp server to overwrite arbitrary files via a .. (dot
dot) attack.


Modifications:
  ADDREF XF:scp-overwrite-files(5312)

INFERRED ACTION: CAN-2000-0992 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Frech> XF:scp-overwrite-files(5312)


======================================================
Candidate: CAN-2000-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0993
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function.
Reference: URL:http://www.openbsd.org/errata27.html#pw_error
Reference: NETBSD:NetBSD-SA2000-015
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:58
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/137482
Reference: BID:1744
Reference: URL:http://www.securityfocus.com/bid/1744
Reference: XF:bsd-libutil-format
Reference: URL:http://xforce.iss.net/static/5339.php

Format string vulnerability in pw_error function in BSD libutil
library allows local users to gain root privileges via a malformed
password in commands such as chpass or passwd.

INFERRED ACTION: CAN-2000-0993 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0994
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/137482
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: BID:1746
Reference: URL:http://www.securityfocus.com/bid/1746
Reference: XF:bsd-fstat-format
Reference: URL:http://xforce.iss.net/static/5338.php

Format string vulnerability in OpenBSD fstat program (and possibly
other BSD-based operating systems) allows local users to gain root
privileges via the PWD environmental variable.

INFERRED ACTION: CAN-2000-0994 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0995
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-yp-passwd-format
Reference: URL:http://xforce.iss.net/static/5635.php

Format string vulnerability in OpenBSD yp_passwd program (and possibly
other BSD-based operating systems) allows attackers to gain root
privileges a malformed name.


Modifications:
  ADDREF XF:bsd-yp-passwd-format(5635)

INFERRED ACTION: CAN-2000-0995 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Mell, Wall

Voter Comments:
 Frech> XF:bsd-yp-passwd-format(5635)


======================================================
Candidate: CAN-2000-0996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0996
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-su-format
Reference: URL:http://xforce.iss.net/static/5636.php

Format string vulnerability in OpenBSD su program (and possibly other
BSD-based operating systems) allows local attackers to gain root
privileges via a malformed shell.


Modifications:
  ADDREF XF:bsd-su-format(5636)

INFERRED ACTION: CAN-2000-0996 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Mell, Wall

Voter Comments:
 Frech> XF:bsd-su-format(5636)


======================================================
Candidate: CAN-2000-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1000
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS
Reference: URL:http://www.securityfocus.com/archive/1/137374
Reference: BID:1747
Reference: URL:http://www.securityfocus.com/bid/1747
Reference: XF:aim-file-transfer-dos
Reference: URL:http://xforce.iss.net/static/5314.php

Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands by transferring a file whose name includes
format characters.

INFERRED ACTION: CAN-2000-1000 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Mell, Wall
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1001
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001024 Price modification in Element InstantShop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267884631455&w=2
Reference: XF:instantshop-modify-price
Reference: URL:http://xforce.iss.net/static/5402.php

add_2_basket.asp in Element InstantShop allows remote attackers to
modify price information via the "price" hidden form variable.


Modifications:
  ADDREF XF:instantshop-modify-price(5402)
  DESC CHANGEREF BUGTRAQ [fix date]

INFERRED ACTION: CAN-2000-1001 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> Change date in Bugtraq reference to 20001024
 Frech> XF:instantshop-modify-price(5402)


======================================================
Candidate: CAN-2000-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1002
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify
Reference: URL:http://xforce.iss.net/static/5363.php
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error
messages for invalid usernames versus invalid passwords, which allows
remote attackers to determine valid email addresses on the server for
SPAM attacks.

INFERRED ACTION: CAN-2000-1002 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1003
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: XF:win-netbios-driver-type-dos
Reference: URL:http://xforce.iss.net/static/5370.php

NETBIOS client in Windows 95 and Windows 98 allows a remote attacker
to cause a denial of service by changing a file sharing service to
return an unknown driver type, which causes the client to crash.

INFERRED ACTION: CAN-2000-1003 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1004
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2
Reference: XF:bsd-photurisd-format
Reference: URL:http://xforce.iss.net/static/5336.php

Format string vulnerability in OpenBSD photurisd allows local users to
execute arbitrary commands via a configuration file directory name
that contains formatting characters.

INFERRED ACTION: CAN-2000-1004 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Mell, Wall
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1005
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: XF:extropia-webstore-fileread
Reference: URL:http://xforce.iss.net/static/5347.php

Directory traversal vulnerability in html_web_store.cgi and
web_store.cgi CGI programs in eXtropia WebStore allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
page parameter.

INFERRED ACTION: CAN-2000-1005 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1006
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-082
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp
Reference: XF:ms-exchange-mime-dos
Reference: URL:http://xforce.iss.net/static/5448.php
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869

Microsoft Exchange Server 5.5 does not properly handle a MIME header
with a blank charset specified, which allows remote attackers to cause
a denial of service via a charset="" command, aka the "Malformed MIME
Header" vulnerability.

INFERRED ACTION: CAN-2000-1006 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4


======================================================
Candidate: CAN-2000-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1007
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html
Reference: XF:igear-invalid-log(5791)
Reference: URL:http://xforce.iss.net/static/5791.php

I-gear 3.5.7 and earlier does not properly process log entries in
which a URL is longer than 255 characters, which allows an attacker to
cause reporting errors.


Modifications:
  ADDREF XF:igear-invalid-log(5791)

INFERRED ACTION: CAN-2000-1007 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:igear-invalid-log(5791)


======================================================
Candidate: CAN-2000-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1010
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: XF:linux-talkd-overwrite-root
Reference: URL:http://xforce.iss.net/static/5344.php

Format string vulnerability in talkd in OpenBSD and possibly other
BSD-based OSes allows remote attackers to execute arbitrary commands
via a user name that contains format characters.

INFERRED ACTION: CAN-2000-1010 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1011
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
Reference: XF:freebsd-catopen-bo
Reference: URL:http://xforce.iss.net/static/5638.php

Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and
possibly other OSes, allows local users to gain root privileges via a
long environmental variable.


Modifications:
  XF:freebsd-catopen-bo(5638)

INFERRED ACTION: CAN-2000-1011 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:freebsd-catopen-bo(5638)


======================================================
Candidate: CAN-2000-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1014
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html
Reference: BID:1717
Reference: URL:http://www.securityfocus.com/bid/1717
Reference: XF:unixware-scohelp-format
Reference: URL:http://xforce.iss.net/static/5291.php

Format string vulnerability in the search97.cgi CGI script in SCO help
http server for Unixware 7 allows remote attackers to execute
arbitrary commands via format characters in the queryText parameter.

INFERRED ACTION: CAN-2000-1014 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2000-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1016
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4
Reference: URL:http://www.securityfocus.com/archive/1/84360
Reference: BID:1707
Reference: URL:http://www.securityfocus.com/bid/1707
Reference: XF:suse-installed-packages-exposed
Reference: URL:http://xforce.iss.net/static/5276.php

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes
an alias for the /usr/doc directory, which allows remote attackers to
read package documentation and obtain system configuration information
via an HTTP request for the /doc/packages URL.

INFERRED ACTION: CAN-2000-1016 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1018
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788
Reference: XF:shred-recover-files
Reference: URL:http://xforce.iss.net/static/5722.php

shred 1.0 file wiping utility does not properly open a file for
overwriting or flush its buffers, which prevents shred from properly
replacing the file's data and allows local users to recover the file.


Modifications:
  ADDREF XF:shred-recover-files(5722)

INFERRED ACTION: CAN-2000-1018 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:shred-recover-files(5722)


======================================================
Candidate: CAN-2000-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1019
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: XF:ultraseek-malformed-url-dos
Reference: URL:http://xforce.iss.net/static/5439.php

Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows
remote attackers to cause a denial of service via a malformed URL.

INFERRED ACTION: CAN-2000-1019 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Mell, TempVoter4
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1022
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Reference: BID:1698
Reference: URL:http://www.securityfocus.com/bid/1698
Reference: XF:cisco-pix-smtp-filtering
Reference: URL:http://xforce.iss.net/static/5277.php

The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier
does not properly restrict access to SMTP commands, which allows
remote attackers to execute restricted commands by sending a DATA
command before sending the restricted commands.

INFERRED ACTION: CAN-2000-1022 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1024
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: XF:ewave-servletexec-file-upload
Reference: URL:http://xforce.iss.net/static/5450.php

eWave ServletExec 3.0C and earlier does not restrict access to the
UploadServlet Java/JSP servlet, which allows remote attackers to
upload files and execute arbitrary commands.

INFERRED ACTION: CAN-2000-1024 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Mell, TempVoter4
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1026
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: SUSE:SuSE-SA:2000:46
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
Reference: DEBIAN:20001120 tcpdump: remote denial of service
Reference: URL:http://www.debian.org/security/2000/20001120a
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870
Reference: XF:tcpdump-afs-packet-overflow(5480)

Multiple buffer overflows in LBNL tcpdump allows remote attackers to
execute arbitrary commands.


Modifications:
  ADDREF SUSE:SuSE-SA:2000:46
  ADDREF DEBIAN:20001120 tcpdump: remote denial of service
  ADDREF XF:tcpdump-afs-packet-overflow(5480)

INFERRED ACTION: CAN-2000-1026 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> SUSE:SuSE-SA:2000:46
   http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
   DEBIAN:20001120 tcpdump: remote denial of service
   URL:http://www.debian.org/security/2000/20001120a
 Frech> XF:tcpdump-afs-packet-overflow(5480)


======================================================
Candidate: CAN-2000-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1027
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2
Reference: BID:1877
Reference: URL:http://www.securityfocus.com/bid/1877
Reference: XF:cisco-pix-reveal-address
Reference: URL:http://xforce.iss.net/static/5646.php

Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine
the real IP address of a target FTP server by flooding the server with
PASV requests, which includes the real IP address in the response when
passive mode is established.


Modifications:
  ADDREF XF:cisco-pix-reveal-address(5646)

INFERRED ACTION: CAN-2000-1027 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Voter Comments:
 Frech> XF:cisco-pix-reveal-address(5646)


======================================================
Candidate: CAN-2000-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1031
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )
Reference: URL:http://www.securityfocus.com/archive/1/75188
Reference: HP:HPSBUX0011-128
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html
Reference: BID:1889
Reference: URL:http://www.securityfocus.com/bid/1889
Reference: XF:hp-dtterm(5461)

Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain
privileges via a long -tn option.


Modifications:
  ADDREF XF:hp-dtterm(5461)

INFERRED ACTION: CAN-2000-1031 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Baker, Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:hp-dtterm(5461)


======================================================
Candidate: CAN-2000-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1032
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890
Reference: XF:fw1-login-response(5816)

The client authentication interface for Check Point Firewall-1 4.0 and
earlier generates different error messages for invalid usernames
versus invalid passwords, which allows remote attackers to identify
valid usernames on the firewall.


Modifications:
  ADDREF XF:fw1-login-response(5816)

INFERRED ACTION: CAN-2000-1032 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Baker, Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:fw1-login-response(5816)


======================================================
Candidate: CAN-2000-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1034
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899
Reference: XF:system-monitor-activex-bo(5467)

Buffer overflow in the System Monitor ActiveX control in Windows 2000
allows remote attackers to execute arbitrary commands via a long
LogFileName parameter in HTML source code, aka the "ActiveX Parameter
Validation" vulnerability.


Modifications:
  ADDREF XF:system-monitor-activex-bo(5467)

INFERRED ACTION: CAN-2000-1034 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) TempVoter4

Voter Comments:
 Frech> XF:system-monitor-activex-bo(5467)


======================================================
Candidate: CAN-2000-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1036
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000920 Extent RBS directory Transversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html
Reference: BID:1704
Reference: URL:http://www.securityfocus.com/bid/1704
Reference: XF:rbs-isp-directory-traversal
Reference: URL:http://xforce.iss.net/static/5275.php

Directory traversal vulnerability in Extent RBS ISP web server allows
remote attackers to read sensitive information via a .. (dot dot)
attack on the Image parameter.

INFERRED ACTION: CAN-2000-1036 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1038
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: AIXAPAR:SA90544
Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Reference: XF:as400-firewall-dos
Reference: URL:http://xforce.iss.net/static/5266.php

The web administration interface for IBM AS/400 Firewall allows remote
attackers to cause a denial of service via an empty GET request.

INFERRED ACTION: CAN-2000-1038 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1040
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: REDHAT:RHSA-2000:086-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086-05.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820

Format string vulnerability in logging function of ypbind 3.3, while
running in debug mode, leaks file descriptors and allows an attacker
to cause a denial of service.

INFERRED ACTION: CAN-2000-1040 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1041
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: XF:ypbind-remote-bo
Reference: URL:http://xforce.iss.net/static/5759.php

Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root
privileges.


Modifications:
  ADDREF XF:ypbind-remote-bo(5759)

INFERRED ACTION: CAN-2000-1041 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ypbind-remote-bo(5759)


======================================================
Candidate: CAN-2000-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1042
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-bo
Reference: URL:http://xforce.iss.net/static/5730.php

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and
possibly other Linux operating systems, allows an attacker to gain
root privileges when ypserv is built without a vsyslog() function.


Modifications:
  ADDREF XF:linux-ypserv-bo(5730)

INFERRED ACTION: CAN-2000-1042 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:linux-ypserv-bo(5730)


======================================================
Candidate: CAN-2000-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1043
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-format-string
Reference: URL:http://xforce.iss.net/static/5731.php

Format string vulnerability in ypserv in Mandrake Linux 7.1 and
earlier, and possibly other Linux operating systems, allows an
attacker to gain root privileges when ypserv is built without a
vsyslog() function.


Modifications:
  XF:linux-ypserv-format-string(5731)

INFERRED ACTION: CAN-2000-1043 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:linux-ypserv-format-string(5731)


======================================================
Candidate: CAN-2000-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1044
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php

Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and
possibly other Linux operating systems, allows an attacker to gain
root privileges.


Modifications:
  ADDREF XF:ypbind-printf-format-string(5394)

INFERRED ACTION: CAN-2000-1044 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ypbind-printf-format-string(5394)


======================================================
Candidate: CAN-2000-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1045
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: XF:nssldap-nscd-dos
Reference: URL:http://xforce.iss.net/static/5449.php

nss_ldap earlier than 121, when run with nscd (name service caching
daemon), allows remote attackers to cause a denial of service via a
flood of LDAP requests.

INFERRED ACTION: CAN-2000-1045 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1049
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: XF:allaire-jrun-servlet-dos
Reference: URL:http://xforce.iss.net/static/5452.php

Allaire JRun 3.0 http servlet server allows remote attackers to cause
a denial of service via a URL that contains a long string of "."
characters.

INFERRED ACTION: CAN-2000-1049 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1050
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: XF:allaire-jrun-webinf-access
Reference: URL:http://xforce.iss.net/static/5407.php

Allaire JRun 3.0 http servlet server allows remote attackers to
directly access the WEB-INF directory via a URL request that contains
an extra "/" in the beginning of the request (aka the "extra leading
slash").

INFERRED ACTION: CAN-2000-1050 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1051
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: XF:allaire-jrun-ssifilter-url
Reference: URL:http://xforce.iss.net/static/5405.php

Directory traversal vulnerability in Allaire JRun 2.3 server allows
remote attackers to read arbitrary files via the SSIFilter servlet.

INFERRED ACTION: CAN-2000-1051 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell


======================================================
Candidate: CAN-2000-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1054
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1705
Reference: URL:http://www.securityfocus.com/bid/1705
Reference: XF:ciscosecure-csadmin-bo
Reference: URL:http://xforce.iss.net/static/5272.php

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a large packet.

INFERRED ACTION: CAN-2000-1054 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1055
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1706
Reference: URL:http://www.securityfocus.com/bid/1706
Reference: XF:ciscosecure-tacacs-dos
Reference: URL:http://xforce.iss.net/static/5273.php

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a large TACACS+ packet.

INFERRED ACTION: CAN-2000-1055 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1056
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1708
Reference: URL:http://www.securityfocus.com/bid/1708
Reference: XF:ciscosecure-ldap-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5274.php

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to
bypass LDAP authentication on the server if the LDAP server allows
null passwords.

INFERRED ACTION: CAN-2000-1056 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1057
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: unknown
Reference: HP:HPSBUX0009-120
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html
Reference: BID:1682
Reference: URL:http://www.securityfocus.com/bid/1682
Reference: XF:hp-openview-nnm-scripts
Reference: URL:http://xforce.iss.net/static/5229.php

Vulnerabilities in database configuration scripts in HP OpenView
Network Node Manager (NNM) 6.1 and earlier allows local users to gain
privileges, possibly via insecure permissions.

INFERRED ACTION: CAN-2000-1057 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1058
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2
Reference: HP:HPSBUX0009-121
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html
Reference: XF:openview-nmm-snmp-bo
Reference: URL:http://xforce.iss.net/static/5282.php

Buffer overflow in OverView5 CGI program in HP OpenView Network Node
Manager (NNM) 6.1 and earlier allows remote attackers to cause a
denial of service, and possibly execute arbitrary commands, in the
SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID
parsing problem."

INFERRED ACTION: CAN-2000-1058 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1059
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security.
Reference: URL:http://www.securityfocus.com/archive/1/136495
Reference: MANDRAKE:MDKSA-2000:052
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
Reference: BID:1735
Reference: URL:http://www.securityfocus.com/bid/1735
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php

The default configuration of the Xsession file in Mandrake Linux 7.1
and 7.0 bypasses the Xauthority access control mechanism with an
"xhost + localhost" command, which allows local users to sniff X
Windows events and gain privileges.

INFERRED ACTION: CAN-2000-1059 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Cole, Mell
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1060
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
Reference: FREEBSD:FreeBSD-SA-00:65
Reference: BID:1736
Reference: URL:http://www.securityfocus.com/bid/1736
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php

The default configuration of XFCE 3.5.1 bypasses the Xauthority access
control mechanism with an "xhost + localhost" command in the xinitrc
program, which allows local users to sniff X Windows traffic and gain
privileges.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:65

INFERRED ACTION: CAN-2000-1060 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:65


======================================================
Candidate: CAN-2000-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1061
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category:
Reference: MS:MS00-075
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp
Reference: XF:java-vm-applet
Reference: URL:http://xforce.iss.net/static/5127.php

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows
an unsigned applet to create and use ActiveX controls, which allows a
remote attacker to bypass Internet Explorer's security settings and
execute arbitrary commands via a malicious web page or email, aka the
"Microsoft VM ActiveX Component" vulnerability.


Modifications:
  ADDREF XF:java-vm-applet(5127)

INFERRED ACTION: CAN-2000-1061 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:java-vm-applet(5127)


======================================================
Candidate: CAN-2000-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1068
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: CONFIRM:http://www.cgi-world.com/pollit.html
Reference: XF:pollit-polloptions-execute-commands
Reference: URL:http://xforce.iss.net/static/5792.php

pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary
commands via shell metacharacters in the poll_options parameter.


Modifications:
  ADDREF CONFIRM:http://www.cgi-world.com/pollit.html
  ADDREF XF:pollit-polloptions-execute-commands(5792)

INFERRED ACTION: CAN-2000-1068 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(1) Mell
   MODIFY(1) Frech
   NOOP(2) Christey, Cole

Voter Comments:
 Christey> CONFIRM:http://www.cgi-world.com/pollit.html

   Under the "product features" section, an item titled
   "Version 2.05 (Released: 10.24.00)" says:
   "Update to Fix Security Issues (Upgrade Suggested)"
 Frech> XF:pollit-polloptions-execute-commands(5792)


======================================================
Candidate: CAN-2000-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1069
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var
Reference: URL:http://xforce.iss.net/static/5419.php

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to
access administrative functions without knowing the real password by
specifying the same value to the entered_password and admin_password
parameters.

INFERRED ACTION: CAN-2000-1069 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1070
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-webroot-gain-access
Reference: URL:http://xforce.iss.net/static/5794.php

pollit.cgi in Poll It 2.01 and earlier uses data files that are
located under the web document root, which allows remote attackers to
access sensitive or private information.


Modifications:
  ADDREF XF:pollit-webroot-gain-access(5794)

INFERRED ACTION: CAN-2000-1070 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:pollit-webroot-gain-access(5794)


======================================================
Candidate: CAN-2000-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1071
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767
Reference: XF:ical-xhost-gain-privileges
Reference: URL:http://xforce.iss.net/static/5752.php

The GUI installation for iCal 2.1 Patch 2 disables access control for
the X server using an "xhost +" command, which allows remote attackers
to monitor X Windows events and gain privileges.


Modifications:
  ADDREF XF:ical-xhost-gain-privileges(5752)

INFERRED ACTION: CAN-2000-1071 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ical-xhost-gain-privileges(5752)


======================================================
Candidate: CAN-2000-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1072
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768
Reference: XF:ical-iplncal-gain-access
Reference: URL:http://xforce.iss.net/static/5756.php

iCal 2.1 Patch 2 installs many files with world-writeable permissions,
which allows local users to modify the iCal configuration and execute
arbitrary commands by replacing the iplncal.sh program with a Trojan
horse.


Modifications:
  ADDREF XF:ical-iplncal-gain-access(5756)

INFERRED ACTION: CAN-2000-1072 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:ical-iplncal-gain-access(5756)


======================================================
Candidate: CAN-2000-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1073
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php

csstart program in iCal 2.1 Patch 2 searches for the cshttpd program
in the current working directory, which allows local users to gain
root privileges by creating a Trojan Horse cshttpd program in a
directory and calling csstart from that directory.


Modifications:
  ADDREF XF:ical-csstart-gain-access(5757)

INFERRED ACTION: CAN-2000-1073 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ical-csstart-gain-access(5757)


======================================================
Candidate: CAN-2000-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1074
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install
the libsocket and libnsl libraries, which could allow the icsuser
account to gain root privileges by creating a Trojan Horse library in
the current or parent directory.


Modifications:
  ADDREF XF:ical-csstart-gain-access(5757)

INFERRED ACTION: CAN-2000-1074 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:ical-csstart-gain-access(5757)


======================================================
Candidate: CAN-2000-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1077
Final-Decision: 20010122
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo
Reference: URL:http://xforce.iss.net/static/5446.php

Buffer overflow in the SHTML logging functionality of iPlanet Web
Server 4.x allows remote attackers to execute arbitrary commands via a
long filename with a .shtml extension.

INFERRED ACTION: CAN-2000-1077 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(4) Frech, Baker, Mell, TempVoter4
   NOOP(1) Cole


======================================================
Candidate: CAN-2000-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1080
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900
Reference: XF:quake-empty-udp-dos(5527)

Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers
to cause a denial of service via a malformed (empty) UDP packet.


Modifications:
  ADDREF XF:quake-empty-udp-dos(5527)

INFERRED ACTION: CAN-2000-1080 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Mell
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:quake-empty-udp-dos(5527)


======================================================
Candidate: CAN-2000-1089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1089
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001201
Category: SF
Reference: ATSTAKE:A120400-1
Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt
Reference: MS:MS00-094
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp
Reference: BID:2048
Reference: URL:http://www.securityfocus.com/bid/2048
Reference: XF:phone-book-service-bo(5623)

Buffer overflow in Microsoft Phone Book Service allows local users to
execute arbitrary commands, aka the "Phone Book Service Buffer
Overflow" vulnerability.


Modifications:
  ADDREF XF:phone-book-service-bo(5623)

INFERRED ACTION: CAN-2000-1089 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:phone-book-service-bo(5623)


======================================================
Candidate: CAN-2000-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1094
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001212
Category: SF
Reference: ATSTAKE:A121200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt
Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2
Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2
Reference: XF:aolim-buddyicon-bo

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows
remote attackers to execute arbitrary commands via a "buddyicon"
command with a long "src" argument.


Modifications:
  ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory
  ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory
  ADDREF XF:aolim-buddyicon-bo

INFERRED ACTION: CAN-2000-1094 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2
   ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2
 Frech> XF:aolim-buddyicon-bo


======================================================
Candidate: CAN-2000-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1095
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936
Reference: XF:linux-modprobe-execute-code
Reference: URL:http://xforce.iss.net/static/5516.php

modprobe in the modutils 2.3.x package on Linux systems allows a local
user to execute arbitrary commands via shell metacharacters.


Modifications:
  ADDREF XF:linux-modprobe-execute-code(5516)

INFERRED ACTION: CAN-2000-1095 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-modprobe-execute-code(5516)


======================================================
Candidate: CAN-2000-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1096
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118 cron: local privilege escalation
Reference: URL:http://www.debian.org/security/2000/20001118a
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960
Reference: XF:vixie-cron-execute-commands(5543)

crontab by Paul Vixie uses predictable file names for a temporary file
and does not properly ensure that the file is owned by the user
executing the crontab -e command, which allows local users with write
access to the crontab spool directory to execute arbitrary commands by
creating world-writeable temporary files and modifying them while the
victim is editing the file.


Modifications:
  ADDREF XF:vixie-cron-execute-commands(5543)

INFERRED ACTION: CAN-2000-1096 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:vixie-cron-execute-commands(5543)


======================================================
Candidate: CAN-2000-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1097
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
Reference: BID:2013
Reference: URL:http://www.securityfocus.com/bid/2013
Reference: XF:sonicwall-soho-dos(5596)

The web server for the SonicWALL SOHO firewall allows remote attackers
to cause a denial of service via a long username in the authentication
page.


Modifications:
  ADDREF XF:sonicwall-soho-dos(5596)
  DESC Change name to "SonicWALL"

INFERRED ACTION: CAN-2000-1097 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sonicwall-soho-dos(5596)
   The company's name is SonicWALL.


======================================================
Candidate: CAN-2000-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1099
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: SUN:00199
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba
Reference: HP:HPSBUX0011-132
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0061.html
Reference: XF:jdk-untrusted-java-class(5605)

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and
earlier can allow an untrusted Java class to call into a disallowed
class, which could allow an attacker to escape the Java sandbox and
conduct unauthorized activities.


Modifications:
  ADDREF XF:jdk-untrusted-java-class(5605)

INFERRED ACTION: CAN-2000-1099 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:jdk-untrusted-java-class(5605)


======================================================
Candidate: CAN-2000-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1106
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem
Reference: URL:http://www.securityfocus.com/archive/1/147563
Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html
Reference: BID:2014
Reference: URL:http://www.securityfocus.com/bid/2014
Reference: XF:interscan-viruswall-unauth-access
Reference: URL:http://xforce.iss.net/static/5606.php

Trend Micro InterScan VirusWall creates an "Intscan" share to the
"InterScan" directory with permissions that grant Full Control
permissions to the Everyone group, which allows attackers to gain
privileges by modifying the VirusWall programs.


Modifications:
  ADDREF XF:interscan-viruswall-unauth-access(5606)

INFERRED ACTION: CAN-2000-1106 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:interscan-viruswall-unauth-access(5606)


======================================================
Candidate: CAN-2000-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1107
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html
Reference: BID:2015
Reference: URL:http://www.securityfocus.com/bid/2015
Reference: XF:linux-ident-bo
Reference: URL:http://xforce.iss.net/static/5590.php

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote
attackers to cause a denial of service via a long request, which
causes the server to access a NULL pointer and crash.


Modifications:
  ADDREF XF:linux-ident-bo(5590)

INFERRED ACTION: CAN-2000-1107 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-ident-bo(5590)
 Baker> http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-01-14%26fromthread%3D1%26threads%3D0%26end%3D2001-01-20%26mid%3D147592%26


======================================================
Candidate: CAN-2000-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1112
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1976
Reference: URL:http://www.securityfocus.com/bid/1976
Reference: XF:mediaplayer-wms-script-exe
Reference: URL:http://xforce.iss.net/static/5575.php

Microsoft Windows Media Player 7 executes scripts in custom skin
(.WMS) files, which could allow remote attackers to gain privileges
via a skin that contains a malicious script, aka the ".WMS Script
Execution" vulnerability.


Modifications:
  ADDREF XF:mediaplayer-wms-script-exe(5575)

INFERRED ACTION: CAN-2000-1112 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mediaplayer-wms-script-exe(5575)


======================================================
Candidate: CAN-2000-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1113
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: ATSTAKE:A112300-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1980
Reference: URL:http://www.securityfocus.com/bid/1980
Reference: XF:mediaplayer-asx-bo
Reference: URL:http://xforce.iss.net/static/5574.php

Buffer overflow in Microsoft Windows Media Player allows remote
attackers to execute arbitrary commands via a malformed Active Stream
Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.


Modifications:
  ADDREF XF:mediaplayer-asx-bo(5574)

INFERRED ACTION: CAN-2000-1113 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mediaplayer-asx-bo(5574)


======================================================
Candidate: CAN-2000-1115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1115
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html
Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html
Reference: BID:1979
Reference: URL:http://www.securityfocus.com/bid/1979
Reference: XF:software602-lan-suite-bo
Reference: URL:http://xforce.iss.net/static/5583.php

Buffer overflow in remote web administration component (webprox.dll)
of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to
cause a denial of service and possibly execute arbitrary commands via
a long GET request.


Modifications:
  ADDREF XF:software602-lan-suite-bo(5583)

INFERRED ACTION: CAN-2000-1115 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:software602-lan-suite-bo(5583)


======================================================
Candidate: CAN-2000-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1120
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08143
Reference: AIXAPAR:IY08287
Reference: BID:2033
Reference: URL:http://www.securityfocus.com/bid/2033
Reference: XF:aix-digest-bo(5620)

Buffer overflow in digest command in IBM AIX 4.3.x and earlier
allows local users to execute arbitrary commands.


Modifications:
  ADDREF XF:aix-digest-bo(5620)

INFERRED ACTION: CAN-2000-1120 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Bollinger, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:aix-digest-bo(5620)


======================================================
Candidate: CAN-2000-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1131
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940
Reference: XF:gbook-cgi-remote-execution
Reference: URL:http://xforce.iss.net/static/5509.php

Bill Kendrick web site guestbook (GBook) allows remote attackers to
execute arbitrary commands via shell metacharacters in the _MAILTO
form variable.


Modifications:
  ADDREF XF:gbook-cgi-remote-execution(5509)

INFERRED ACTION: CAN-2000-1131 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:gbook-cgi-remote-execution(5509)


======================================================
Candidate: CAN-2000-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1132
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1
Reference: XF:dcforum-cgi-view-files(5533)

DCForum cgforum.cgi CGI script allows remote attackers to read
arbitrary files, and delete the program itself, via a malformed
"forum" variable.


Modifications:
  ADDREF XF:dcforum-cgi-view-files(5533)

INFERRED ACTION: CAN-2000-1132 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:dcforum-cgi-view-files(5533)


======================================================
Candidate: CAN-2000-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1135
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001130
Reference: XF:linux-fsh-symlink(5633)

fshd (fsh daemon) in Debian Linux allows local users to overwrite
files of other users via a symlink attack.


Modifications:
  ADDREF XF:linux-fsh-symlink(5633)

INFERRED ACTION: CAN-2000-1135 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-fsh-symlink(5633)


======================================================
Candidate: CAN-2000-1136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1136
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001122 New version of elvis-tiny released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2
Reference: BID:1984
Reference: URL:http://www.securityfocus.com/bid/1984
Reference: XF:linux-tinyelvis-tmpfiles
Reference: URL:http://xforce.iss.net/static/5632.php

elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux
operating systems, allows local users to overwrite files of other
users via a symlink attack.


Modifications:
  ADDREF XF:linux-tinyelvis-tmpfiles(5632)

INFERRED ACTION: CAN-2000-1136 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-tinyelvis-tmpfiles(5632)
 Baker> http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2887


======================================================
Candidate: CAN-2000-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1137
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001129
Reference: MANDRAKE:MDKSA-2000:076
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3
Reference: REDHAT:RHSA-2000:123-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html
Reference: BUGTRAQ:20001211 Immunix OS Security update for ed
Reference: CONECTIVA:CLA-2000:359-2
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359
Reference: XF:gnu-ed-symlink(5723)

GNU ed before 0.2-18.1 allows local users to overwrite the files of
other users via a symlink attack.


Modifications:
  ADDREF CONECTIVA:CLA-2000:359-2
  ADDREF XF:gnu-ed-symlink(5723)

INFERRED ACTION: CAN-2000-1137 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> ADDREF CONECTIVA:CLA-2000:359-2
 Frech> XF:gnu-ed-symlink(5723)


======================================================
Candidate: CAN-2000-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1139
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: MS:MS00-088
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958
Reference: XF:ms-exchange-username-pwd(5537)

The installation of Microsoft Exchange 2000 before Rev. A creates a
user account with a known password, which could allow attackers to
gain privileges, aka the "Exchange User Account" vulnerability.


Modifications:
  ADDREF XF:ms-exchange-username-pwd(5537)

INFERRED ACTION: CAN-2000-1139 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ms-exchange-username-pwd(5537)


======================================================
Candidate: CAN-2000-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1140
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php

Recourse ManTrap 1.6 does not properly hide processes from attackers,
which could allow attackers to determine that they are in a honeypot
system by comparing the results from kill commands with the process
listing in the /proc filesystem.


Modifications:
  ADDREF XF:mantrap-hidden-processes(5473)

INFERRED ACTION: CAN-2000-1140 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-hidden-processes(5473)


======================================================
Candidate: CAN-2000-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1141
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php

Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear
in the /proc listing, which allows attackers to determine that they
are in a honeypot system.


Modifications:
  ADDREF XF:mantrap-hidden-processes(5473)

INFERRED ACTION: CAN-2000-1141 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-hidden-processes(5473)


======================================================
Candidate: CAN-2000-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1142
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-pwd-reveal-information
Reference: URL:http://xforce.iss.net/static/5949.php

Recourse ManTrap 1.6 generates an error when an attacker cd's to
/proc/self/cwd and executes the pwd command, which allows attackers to
determine that they are in a honeypot system.


Modifications:
  ADDREF XF:mantrap-pwd-reveal-information(5949)

INFERRED ACTION: CAN-2000-1142 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-pwd-reveal-information(5949)


======================================================
Candidate: CAN-2000-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1143
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris
system, which allows attackers to determine that they are in a
honeypot system.


Modifications:
  ADDREF XF:mantrap-hidden-processes(5473)
  DESC Change "process" to "processes"

INFERRED ACTION: CAN-2000-1143 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-hidden-processes(5473)


======================================================
Candidate: CAN-2000-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1144
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-inode-disclosure
Reference: URL:http://xforce.iss.net/static/5472.php

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact
that it is running, but the inode number for the resulting "/" file
system is higher than normal, which allows attackers to determine that
they are in a chroot environment.


Modifications:
  ADDREF XF:mantrap-inode-disclosure(5472)

INFERRED ACTION: CAN-2000-1144 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-inode-disclosure(5472)


======================================================
Candidate: CAN-2000-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1145
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-identify-processes
Reference: URL:http://xforce.iss.net/static/5950.php

Recourse ManTrap 1.6 allows attackers who have gained root access to
use utilities such as crash or fsdb to read /dev/mem and raw disk
devices to identify ManTrap processes or modify arbitrary data files.


Modifications:
  ADDREF XF:mantrap-identify-processes(5950)

INFERRED ACTION: CAN-2000-1145 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-identify-processes(5950)


======================================================
Candidate: CAN-2000-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1146
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-dir-dos
Reference: URL:http://xforce.iss.net/static/5528.php

Recourse ManTrap 1.6 allows attackers to cause a denial of service via
a sequence of commands that navigate into and out of the /proc/self
directory and executing various commands such as ls or pwd.


Modifications:
  ADDREF XF:mantrap-dir-dos(5528)

INFERRED ACTION: CAN-2000-1146 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:mantrap-dir-dos(5528)


======================================================
Candidate: CAN-2000-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1148
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906
Reference: XF:volanochatpro-plaintext-password
Reference: URL:http://xforce.iss.net/static/5465.php

The installation of VolanoChatPro chat server sets world-readable
permissions for its configuration file and stores the server
administrator passwords in plaintext, which allows local users to gain
privileges on the server.


Modifications:
  ADDREF XF:volanochatpro-plaintext-password(5465)

INFERRED ACTION: CAN-2000-1148 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:volanochatpro-plaintext-password(5465)


======================================================
Candidate: CAN-2000-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1149
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924
Reference: XF:nt-termserv-gina-bo
Reference: URL:http://xforce.iss.net/static/5489.php

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server
allows remote attackers to execute arbitrary commands via a long
username, aka the "Terminal Server Login Buffer Overflow"
vulnerability.


Modifications:
  ADDREF XF:nt-termserv-gina-bo(5489)

INFERRED ACTION: CAN-2000-1149 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-termserv-gina-bo(5489)


======================================================
Candidate: CAN-2000-1162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1162
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: REDHAT:RHSA-2000:114-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1990
Reference: URL:http://www.securityfocus.com/bid/1990
Reference: XF:ghostscript-sym-link
Reference: URL:http://xforce.iss.net/static/5563.php

ghostscript before 5.10-16 allows local users to overwrite files of
other users via a symlink attack.


Modifications:
  ADDREF XF:ghostscript-sym-link(5563)

INFERRED ACTION: CAN-2000-1162 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ghostscript-sym-link(5563)


======================================================
Candidate: CAN-2000-1163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1163
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1991
Reference: URL:http://www.securityfocus.com/bid/1991
Reference: XF:ghostscript-env-variable
Reference: URL:http://xforce.iss.net/static/5564.php

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental
variable to find libraries in the current directory, which could allow
local users to execute commands as other users by placing a Trojan
horse library into a directory from which another user executes
ghostscript.


Modifications:
  ADDREF XF:ghostscript-env-variable(5564)

INFERRED ACTION: CAN-2000-1163 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ghostscript-env-variable(5564)


======================================================
Candidate: CAN-2000-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1167
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974
Reference: XF:freebsd-ppp-bypass-gateway(5584)

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict
access as specified by the "nat deny_incoming" command, which allows
remote attackers to connect to the target system.


Modifications:
  ADDREF XF:freebsd-ppp-bypass-gateway(5584)

INFERRED ACTION: CAN-2000-1167 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:freebsd-ppp-bypass-gateway(5584)


======================================================
Candidate: CAN-2000-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1169
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: REDHAT:RHSA-2000-111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949
Reference: XF:openssh-unauthorized-access(5517)

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent
forwarding, which could allow a malicious SSH server to gain access to
the X11 display and sniff X11 events, or gain access to the ssh-agent.


Modifications:
  ADDREF XF:openssh-unauthorized-access(5517)

INFERRED ACTION: CAN-2000-1169 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:openssh-unauthorized-access(5517)


======================================================
Candidate: CAN-2000-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1178
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: REDHAT:RHSA-2000:110-06
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001121 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959
Reference: XF:joe-symlink-corruption(5546)

Joe text editor follows symbolic links when creating a rescue copy
called DEADJOE during an abnormal exit, which allows local users to
overwrite the files of other users whose joe session crashes.


Modifications:
  ADDREF XF:joe-symlink-corruption(5546)

INFERRED ACTION: CAN-2000-1178 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:joe-symlink-corruption(5546)


======================================================
Candidate: CAN-2000-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1179
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952
Reference: XF:netopia-view-system-log(5536)

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to
read system logs without authentication by directly connecting to the
login screen and typing certain control characters.


Modifications:
  ADDREF XF:netopia-view-system-log(5536)

INFERRED ACTION: CAN-2000-1179 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:netopia-view-system-log(5536)


======================================================
Candidate: CAN-2000-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1181
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957
Reference: XF:realserver-gain-access(5538)

Real Networks RealServer 7 and earlier allows remote attackers to
obtain portions of RealServer's memory contents, possibly including
sensitive information, by accessing the /admin/includes/ URL.


Modifications:
  ADDREF XF:realserver-gain-access(5538)

INFERRED ACTION: CAN-2000-1181 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:realserver-gain-access(5538)


======================================================
Candidate: CAN-2000-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1182
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953
Reference: XF:watchguard-firebox-ftp-dos(5535)

WatchGuard Firebox II allows remote attackers to cause a denial of
service by flooding the Firebox with a large number of FTP or SMTP
requests, which disables proxy handling.


Modifications:
  ADDREF XF:watchguard-firebox-ftp-dos(5535)

INFERRED ACTION: CAN-2000-1182 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:watchguard-firebox-ftp-dos(5535)


======================================================
Candidate: CAN-2000-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1184
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc
Reference: XF:telnetd-termcap-dos(5959)

telnetd in FreeBSD 4.2 and earlier, and possibly other operating
systems, allows remote attackers to cause a denial of service by
specifying an arbitrary large file in the TERMCAP environmental
variable, which consumes resources as the server processes the file.


Modifications:
  ADDREF XF:telnetd-termcap-dos(5959)

INFERRED ACTION: CAN-2000-1184 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:telnetd-termcap-dos(5959)


======================================================
Candidate: CAN-2000-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1187
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: REDHAT:RHSA-2000:109-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html
Reference: CONECTIVA:CLSA-2000:344
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344
Reference: SUSE:SuSE-SA:2000:48
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html
Reference: FREEBSD:FreeBSD-SA-00:66
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2
Reference: XF:netscape-client-html-bo
Reference: URL:http://xforce.iss.net/static/5542.php

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows
remote attackers to execute arbitrary commands via a long password
value in a form field.


Modifications:
  ADDREF XF:netscape-client-html-bo(5542)

INFERRED ACTION: CAN-2000-1187 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:netscape-client-html-bo(5542)


======================================================
Candidate: CAN-2000-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1189
Final-Decision: 20010122
Interim-Decision: 20010117
Modified: 20010119-02
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: REDHAT:RHSA-2000:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html
Reference: CONECTIVA:CLA-2000:358
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358
Reference: MANDRAKE:MDKSA-2000:082-1
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3
Reference: XF:pam-localuser-bo(5747)

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and
6.x allows attackers to gain privileges.


Modifications:
  ADDREF CONECTIVA:CLA-2000:358
  ADDREF MANDRAKE:MDKSA-2000:082-1
  ADDREF XF:pam-localuser-bo(5747)

INFERRED ACTION: CAN-2000-1189 FINAL (Final Decision 20010122)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> ADDREF CONECTIVA:CLA-2000:358
   ADDREF MANDRAKE:MDKSA-2000:082-1
 Frech> XF:pam-localuser-bo(5747)

Page Last Updated or Reviewed: May 22, 2007