[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-48 - 37 candidates

The following cluster contains 37 candidates that were announced
between October 25, 2000 and December 9, 2000.

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.  The voting web
site will be updated with this cluster later today.  Recent additions
to the Editorial Board will also be notified about their account
information at that time.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0889
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0889
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: CERT:CA-2000-19
Reference: URL:http://www.cert.org/advisories/CA-2000-19.html
Reference: SUN:00198
Reference: URL:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/198&type=0&nav=sec.sba

Two Sun security certificates have been compromised, which could allow
attackers to insert malicious code such as applets and make it appear
that it is signed by Sun.

Analysis
----------------
ED_PRI CAN-2000-0889 1
Vendor Acknowledgement: yes advisory

This might not belong in CVE.  In addition, this candidate is probably
at a high level of abstraction.  However, it has been reported in a
few vulnerability databases.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: XF:cisco-catalyst-telnet-dos
Reference: URL:http://xforce.iss.net/static/5656.php

Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches
allows remote attackers to cause a denial of service via a series of
failed telnet authentication attempts.

Analysis
----------------
ED_PRI CAN-2001-0041 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: REDHAT:RHSA-2000:126-03
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-126.html
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: XF:irc-bitchx-dns-bo
Reference: URL:http://xforce.iss.net/static/5701.php

Buffer overflow in BitchX IRC client allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via an IP
address that resolves to a long DNS hostname or domain name.

Analysis
----------------
ED_PRI CAN-2001-0050 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets
Reference: URL:http://xforce.iss.net/static/5627.php

CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to
cause a denial of service via a slow stream of TCP SYN packets.

Analysis
----------------
ED_PRI CAN-2001-0055 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0056
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login
Reference: URL:http://xforce.iss.net/static/5628.php

The Cisco Web Management interface in routers running CBOS 2.4.1 and
earlier does not log invalid logins, which allows remote attackers to
guess passwords without detection.

Analysis
----------------
ED_PRI CAN-2001-0056 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0057
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-icmp-echo
Reference: URL:http://xforce.iss.net/static/5629.php

Cisco 600 routers running CBOS 2.4.1 and earlier allow remote
attackers to cause a denial of service via a large ICMP echo (ping)
packet.

Analysis
----------------
ED_PRI CAN-2001-0057 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-web-access
Reference: URL:http://xforce.iss.net/static/5626.php

The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier
allow remote attackers to cause a denial of service via a URL that
does not end in a space character.

Analysis
----------------
ED_PRI CAN-2001-0058 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
Reference: DEBIAN:DSA-005-1
Reference: URL:http://www.debian.org/security/2000/20001217a
Reference: MANDRAKE:MDKSA-2000:085
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
Reference: REDHAT:RHSA-2000:128-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html
Reference: CONECTIVA:CLA-2001:369
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
Reference: BID:2004
Reference: URL:http://www.securityfocus.com/bid/2004

Secure Locate (slocate) allows local users to corrupt memory via a
malformed database file that specifies an offset value that accesses
memory outside of the intended buffer.

Analysis
----------------
ED_PRI CAN-2001-0066 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-form-file-upload
Reference: URL:http://xforce.iss.net/static/5615.php

Internet Explorer 5.0 through 5.5 allows remote attackers to read
arbitrary files from the client via the INPUT TYPE element in an HTML
form, aka the "File Upload via Form" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0089 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0090
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp

The Print Templates feature in Internet Explorer 5.5 executes
arbitrary custom print templates without prompting the user, which
could allow an attacker to execute arbitrary ActiveX controls, aka the
"Browser Print Template" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0090 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0
through 5.5 renders arbitrary file types instead of HTML, which allows
an attacker to read arbitrary files, aka a variant of the "Scriptlet
Rendering" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0091 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp

A function in Internet Explorer 5.0 through 5.5 does not properly
verify the domain of a frame within a browser window, which allows a
remote attacker to read client files, aka a new variant of the "Frame
Domain Verification" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0092 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0021
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: XF:mailman-alternate-templates
Reference: URL:http://xforce.iss.net/static/5649.php

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute
arbitrary commands via shell metacharacters in the alternate_template
paramater.

Analysis
----------------
ED_PRI CAN-2001-0021 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config
Reference: URL:http://xforce.iss.net/static/5738.php

KTH Kerberos IV allows local users to change the configuration of a
Kerberos server running at an elevated privilege by specifying an
alternate directory using with the KRBCONFDIR environmental variable,
which allows the user to gain additional privileges.

Analysis
----------------
ED_PRI CAN-2001-0033 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy
Reference: URL:http://xforce.iss.net/static/5733.php

KTH Kerberos IV allows local users to specify an alternate proxy using
the krb4_proxy variable, which allows the user to generate false proxy
responses and possibly gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0034 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-auth-packet-overflow
Reference: URL:http://xforce.iss.net/static/5734.php

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands via a long authentication request.

Analysis
----------------
ED_PRI CAN-2001-0035 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-tmpfile-dos
Reference: URL:http://xforce.iss.net/static/5754.php

KTH Kerberos IV allows local users to overwrite arbitrary files via a
symlink attack on a ticket file.

Analysis
----------------
ED_PRI CAN-2001-0036 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos
Reference: URL:http://xforce.iss.net/static/5674.php

IPSwitch IMail 6.0.5 allows remore attackers to cause a denial of
service using the SMTP AUTH command by sending a base64 encoded user
password whose length is between 80 and 136 bytes.

Analysis
----------------
ED_PRI CAN-2001-0039 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: XF:apc-apcupsd-dos
Reference: URL:http://xforce.iss.net/static/5654.php

APC UPS daemon, apcupsd, saves its process ID in a world-writeable
file, which allows local users to kill an arbitrary process by
specifying the target process ID in the apcupsd.pid file.

Analysis
----------------
ED_PRI CAN-2001-0040 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: XF:ftp-servu-homedir-travers
Reference: URL:http://xforce.iss.net/static/5639.php

Directory traversal vulnerability in FTP Serv-U before 2.5i allows
remote attackers to escape the FTP root and read arbitrary files by
appending a string such as "/..%20." to a CD command, a variant of a
.. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-0054 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0890
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0890
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: CERT-VN:VU#626919
Reference: URL:http://www.kb.cert.org/vuls/id/626919

periodic in FreeBSD and possibly other operating systems allows local
users to overwrite arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2000-0890 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0893
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0893
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: CERT-VN:VU#28027
Reference: URL:http://www.kb.cert.org/vuls/id/28027

The presence of the Distributed GL Daemon (dgld) service on port 5232
on SGI IRIX systems allows remote attackers to identify the target
host as an SGI system.

Analysis
----------------
ED_PRI CAN-2000-0893 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category:
Reference: BID:2089
Reference: URL:http://www.securityfocus.com/bid/2089
Reference: XF:foolproof-security-bypass
Reference: URL:http://xforce.iss.net/static/5758.php

FoolProof 3.9 allows local users to bypass program execution
restrictions by downloading the restricted executables from another
source and renaming them.

Analysis
----------------
ED_PRI CAN-2001-0030 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 BroadVision One-To-One Enterprise Path Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0074.html
Reference: XF:broadvision-bv1to1-reveal-path
Reference: URL:http://xforce.iss.net/static/5661.php

BroadVision One-To-One Enterprise allows remote attackers to determine
the physical path of server files by requesting a .JSP file name that
does not exist.

Analysis
----------------
ED_PRI CAN-2001-0031 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 format string in ssl dump
Reference: URL:http://www.securityfocus.com/archive/1/149917
Reference: BID:2096
Reference: URL:http://www.securityfocus.com/bid/2096
Reference: XF:ssldump-format-strings
Reference: URL:http://xforce.iss.net/static/5717.php

Format string vulnerability in ssldump possibly allows remote
attackers to cause a denial of service and possibly gain root
privileges via malicious format string specifiers in a URL.

Analysis
----------------
ED_PRI CAN-2001-0032 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 HomeSeer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0082.html
Reference: BID:2085
Reference: URL:http://www.securityfocus.com/bid/2085
Reference: MISC:http://www.keware.com/hsbetachanges.htm
Reference: XF:homeseer-directory-traversal
Reference: URL:http://xforce.iss.net/static/5663.php

Directory traversal vulnerability in HomeSeer before 1.4.29 allows
remote attackers to read arbitrary files via a URL containing .. (dot
dot) specifiers.

Analysis
----------------
ED_PRI CAN-2001-0037 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0038
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 MetaProducts Offline Explorer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0078.html
Reference: BID:2084
Reference: URL:http://www.securityfocus.com/bid/2084
Reference: XF:offline-explorer-reveal-files
Reference: URL:http://xforce.iss.net/static/5728.php

Offline Explorer 1.4 before Service Release 2 allows remote attackers
to read arbitrary files by specifying the drive letter (e.g. C:) in
the requested URL.

Analysis
----------------
ED_PRI CAN-2001-0038 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
Reference: URL:http://www.securityfocus.com/archive/1/149210
Reference: BID:2060
Reference: URL:http://www.securityfocus.com/bid/2060
Reference: XF:apache-php-disclose-files
Reference: URL:http://xforce.iss.net/static/5659.php

PHP3 running on Apache 1.3.6 allows remote attackers to read arbitrary
files via a modified .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-0042 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: XF:phpgroupware-include-files
Reference: URL:http://xforce.iss.net/static/5650.php
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary
PHP commands by specifying a malicious include file in the phpgw_info
parameter of the phpgw.inc.php program.

Analysis
----------------
ED_PRI CAN-2001-0043 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00007) Local root compromise through Lexmark MarkVision printer drivers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0064.html
Reference: BID:2075
Reference: URL:http://www.securityfocus.com/bid/2075
Reference: XF:markvision-printer-driver-bo
Reference: URL:http://xforce.iss.net/static/5651.php

Multiple buffer overflows in Lexmark MarkVision printer driver
programs allows local users to gain privileges via long arguments to
the cat_network, cat_paraller, and cat_serial commands.

Analysis
----------------
ED_PRI CAN-2001-0044 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: MS:MS00-095
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-095.asp
Reference: BID:2064
Reference: URL:http://www.securityfocus.com/bid/2064
Reference: XF:nt-ras-reg-perms
Reference: URL:http://xforce.iss.net/static/5671.php

The default permissions for the RAS Administration key in Windows NT
4.0 allows local users to execute arbitrary commands by changing the
value to point to a malicious DLL, aka one of the "Registry
Permissions" vulnerabilities.

Analysis
----------------
ED_PRI CAN-2001-0045 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-REGISTRY

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: MS:MS00-095
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-095.asp
Reference: BID:2066
Reference: URL:http://www.securityfocus.com/bid/2066
Reference: XF:nt-snmp-reg-perms
Reference: URL:http://xforce.iss.net/static/5672.php

The default permissions for the SNMP Parameters registry key in
Windows NT 4.0 allows remote attackers to read and possibly modify the
SNMP community strings to obtain sensitive information or modify
network configuration, aka one of the "Registry Permissions"
vulnerabilities.

Analysis
----------------
ED_PRI CAN-2001-0046 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-REGISTRY

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: MS:MS00-095
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-095.asp
Reference: BID:2065
Reference: URL:http://www.securityfocus.com/bid/2065
Reference: XF:nt-mts-reg-perms
Reference: URL:http://xforce.iss.net/static/5673.php

The default permissions for the MTS Package Administration registry
key in Windows NT 4.0 allows local users to install or modify
arbitrary Microsoft Transaction Server (MTS) packages and gain
privileges, aka one of the "Registry Permissions" vulnerabilities.

Analysis
----------------
ED_PRI CAN-2001-0047 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-REGISTRY

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 WatchGuard SOHO v2.2.1 DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0079.html
Reference: BID:2082
Reference: URL:http://www.securityfocus.com/bid/2082
Reference: XF:watchguard-soho-get-dos
Reference: URL:http://xforce.iss.net/static/5665.php

WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to
cause a denial of service via a large number of GET requests.

Analysis
----------------
ED_PRI CAN-2001-0049 3
Vendor Acknowledgement: unknown discloser-claimed

EXISTENCE:
WatchGuard sent a followup email to say that they were "rying to reproduce
the symptoms that [were] observed," but there is no additional
information as of January 29, 2001.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: BUGTRAQ:20001205 IBM DB2 default account and password Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/149222
Reference: BID:2068
Reference: URL:http://www.securityfocus.com/bid/2068
Reference: XF:ibm-db2-gain-access
Reference: URL:http://xforce.iss.net/static/5662.php

IBM DB2 Universal Database version 6.1 creates an account with a
default user name and password, which allows remote attackers to gain
access to the databasse.

Analysis
----------------
ED_PRI CAN-2001-0051 3
Vendor Acknowledgement:
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001205 IBM DB2 SQL DOS
Reference: URL:http://www.securityfocus.com/archive/1/149207
Reference: BID:2067
Reference: URL:http://www.securityfocus.com/bid/2067
Reference: XF:ibm-db2-dos
Reference: URL:http://xforce.iss.net/static/5664.php

IBM DB2 Universal Database version 6.1 allows users to cause a denial
of service via a malformed query.

Analysis
----------------
ED_PRI CAN-2001-0052 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001202 Bypassing admin authentication in phpWebLog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0025.html
Reference: BID:2047
Reference: URL:http://www.securityfocus.com/bid/2047
Reference: XF:phpweblog-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5625.php

common.inc.php in phpWebLog 0.4.2 does not properly initialize the
$CONF array, which inadvertently sets the password to a single
character, allowing remote attackers to easily guess the SiteKey and
gain administrative privileges to phpWebLog.

Analysis
----------------
ED_PRI CAN-2001-0088 3
Vendor Acknowledgement:

CD:EX-BETA suggests that beta software should not be included in CVE,
unless it is widely deployed.  The discloser says that this version
is commonly used.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007