[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 134 recent candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-2001-0002	CVE-2001-0002
CAN-2001-0003	CVE-2001-0003
CAN-2001-0005	CVE-2001-0005
CAN-2001-0006	CVE-2001-0006
CAN-2001-0008	CVE-2001-0008
CAN-2001-0009	CVE-2001-0009
CAN-2001-0010	CVE-2001-0010
CAN-2001-0011	CVE-2001-0011
CAN-2001-0012	CVE-2001-0012
CAN-2001-0013	CVE-2001-0013
CAN-2001-0014	CVE-2001-0014
CAN-2001-0015	CVE-2001-0015
CAN-2001-0016	CVE-2001-0016
CAN-2001-0017	CVE-2001-0017
CAN-2001-0021	CVE-2001-0021
CAN-2001-0026	CVE-2001-0026
CAN-2001-0028	CVE-2001-0028
CAN-2001-0033	CVE-2001-0033
CAN-2001-0034	CVE-2001-0034
CAN-2001-0035	CVE-2001-0035
CAN-2001-0036	CVE-2001-0036
CAN-2001-0039	CVE-2001-0039
CAN-2001-0040	CVE-2001-0040
CAN-2001-0041	CVE-2001-0041
CAN-2001-0043	CVE-2001-0043
CAN-2001-0050	CVE-2001-0050
CAN-2001-0053	CVE-2001-0053
CAN-2001-0054	CVE-2001-0054
CAN-2001-0055	CVE-2001-0055
CAN-2001-0056	CVE-2001-0056
CAN-2001-0057	CVE-2001-0057
CAN-2001-0058	CVE-2001-0058
CAN-2001-0059	CVE-2001-0059
CAN-2001-0060	CVE-2001-0060
CAN-2001-0061	CVE-2001-0061
CAN-2001-0062	CVE-2001-0062
CAN-2001-0063	CVE-2001-0063
CAN-2001-0066	CVE-2001-0066
CAN-2001-0069	CVE-2001-0069
CAN-2001-0071	CVE-2001-0071
CAN-2001-0072	CVE-2001-0072
CAN-2001-0080	CVE-2001-0080
CAN-2001-0081	CVE-2001-0081
CAN-2001-0083	CVE-2001-0083
CAN-2001-0085	CVE-2001-0085
CAN-2001-0089	CVE-2001-0089
CAN-2001-0090	CVE-2001-0090
CAN-2001-0091	CVE-2001-0091
CAN-2001-0092	CVE-2001-0092
CAN-2001-0096	CVE-2001-0096
CAN-2001-0099	CVE-2001-0099
CAN-2001-0100	CVE-2001-0100
CAN-2001-0105	CVE-2001-0105
CAN-2001-0106	CVE-2001-0106
CAN-2001-0109	CVE-2001-0109
CAN-2001-0110	CVE-2001-0110
CAN-2001-0111	CVE-2001-0111
CAN-2001-0115	CVE-2001-0115
CAN-2001-0116	CVE-2001-0116
CAN-2001-0117	CVE-2001-0117
CAN-2001-0118	CVE-2001-0118
CAN-2001-0119	CVE-2001-0119
CAN-2001-0120	CVE-2001-0120
CAN-2001-0123	CVE-2001-0123
CAN-2001-0124	CVE-2001-0124
CAN-2001-0125	CVE-2001-0125
CAN-2001-0126	CVE-2001-0126
CAN-2001-0128	CVE-2001-0128
CAN-2001-0129	CVE-2001-0129
CAN-2001-0130	CVE-2001-0130
CAN-2001-0137	CVE-2001-0137
CAN-2001-0138	CVE-2001-0138
CAN-2001-0139	CVE-2001-0139
CAN-2001-0140	CVE-2001-0140
CAN-2001-0141	CVE-2001-0141
CAN-2001-0142	CVE-2001-0142
CAN-2001-0143	CVE-2001-0143
CAN-2001-0144	CVE-2001-0144
CAN-2001-0147	CVE-2001-0147
CAN-2001-0148	CVE-2001-0148
CAN-2001-0149	CVE-2001-0149
CAN-2001-0150	CVE-2001-0150
CAN-2001-0151	CVE-2001-0151
CAN-2001-0152	CVE-2001-0152
CAN-2001-0153	CVE-2001-0153
CAN-2001-0154	CVE-2001-0154
CAN-2001-0157	CVE-2001-0157
CAN-2001-0165	CVE-2001-0165
CAN-2001-0166	CVE-2001-0166
CAN-2001-0169	CVE-2001-0169
CAN-2001-0170	CVE-2001-0170
CAN-2001-0178	CVE-2001-0178
CAN-2001-0179	CVE-2001-0179
CAN-2001-0183	CVE-2001-0183
CAN-2001-0185	CVE-2001-0185
CAN-2001-0187	CVE-2001-0187
CAN-2001-0190	CVE-2001-0190
CAN-2001-0191	CVE-2001-0191
CAN-2001-0193	CVE-2001-0193
CAN-2001-0194	CVE-2001-0194
CAN-2001-0195	CVE-2001-0195
CAN-2001-0196	CVE-2001-0196
CAN-2001-0197	CVE-2001-0197
CAN-2001-0218	CVE-2001-0218
CAN-2001-0219	CVE-2001-0219
CAN-2001-0221	CVE-2001-0221
CAN-2001-0222	CVE-2001-0222
CAN-2001-0230	CVE-2001-0230
CAN-2001-0233	CVE-2001-0233
CAN-2001-0234	CVE-2001-0234
CAN-2001-0259	CVE-2001-0259
CAN-2001-0260	CVE-2001-0260
CAN-2001-0266	CVE-2001-0266
CAN-2001-0267	CVE-2001-0267
CAN-2001-0268	CVE-2001-0268
CAN-2001-0274	CVE-2001-0274
CAN-2001-0278	CVE-2001-0278
CAN-2001-0279	CVE-2001-0279
CAN-2001-0284	CVE-2001-0284
CAN-2001-0287	CVE-2001-0287
CAN-2001-0288	CVE-2001-0288
CAN-2001-0289	CVE-2001-0289
CAN-2001-0290	CVE-2001-0290
CAN-2001-0295	CVE-2001-0295
CAN-2001-0299	CVE-2001-0299
CAN-2001-0301	CVE-2001-0301
CAN-2001-0309	CVE-2001-0309
CAN-2001-0310	CVE-2001-0310
CAN-2001-0311	CVE-2001-0311
CAN-2001-0316	CVE-2001-0316
CAN-2001-0317	CVE-2001-0317
CAN-2001-0318	CVE-2001-0318
CAN-2001-0319	CVE-2001-0319
CAN-2001-0326	CVE-2001-0326


======================================================
Candidate: CAN-2001-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0002
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010309
Assigned: 20010104
Category: SF
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97475003815911&w=2
Reference: XF:ie-chm-execute-files(5567)

Internet Explorer 5.5 and earlier allows remote attackers to obtain
the physical location of cached content and open the content in the
Local Computer Zone, then use compiled HTML help (.chm) files to
execute arbitrary programs.


Modifications:
  ADDREF XF:ie-chm-execute-files(5567)

INFERRED ACTION: CAN-2001-0002 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-chm-execute-files(5567)


======================================================
Candidate: CAN-2001-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0003
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: MS:MS01-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp
Reference: XF:wec-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5920.php
Reference: BID:2199
Reference: URL:http://www.securityfocus.com/bid/2199

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and
Windows Me does not properly process Internet Explorer security
settings for NTLM authentication, which allows attackers to obtain
NTLM credentials and possibly obtain the password, aka the "Web Client
NTLM Authentication" vulnerability.


Modifications:
  ADDREF BID:2199
  ADDREF XF:wec-ntlm-authentication

INFERRED ACTION: CAN-2001-0003 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Cole, Wall
   MODIFY(1) Frech
   NOOP(2) Ziese, Christey

Voter Comments:
 Christey> BID:2199
   URL:http://www.securityfocus.com/bid/2199
 Frech> XF:wec-ntlm-authentication(5920)
 Christey> XF:wec-ntlm-authentication
   URL:http://xforce.iss.net/static/5920.php


======================================================
Candidate: CAN-2001-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0005
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: ATSTAKE:A012301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt
Reference: MS:MS01-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp
Reference: XF:powerpoint-execute-code(5996)

Buffer overflow in the parsing mechanism of the file loader in
Microsoft PowerPoint 2000 allows attackers to execute arbitrary
commands.


Modifications:
  ADDREF XF:powerpoint-execute-code(5996)

INFERRED ACTION: CAN-2001-0005 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(5) Ziese, Prosser, Cole, Collins, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:powerpoint-execute-code(5996)
 Christey> XF:powerpoint-execute-code(5996)
 Prosser> MS01-002


======================================================
Candidate: CAN-2001-0006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0006
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2
Reference: MS:MS01-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp
Reference: XF:winnt-mutex-dos(6006)

The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has
inappropriate Everyone/Full Control permissions, which allows local
users to modify the permissions to "No Access" and disable Winsock
network connectivity to cause a denial of service, aka the "Winsock
Mutex" vulnerability.


Modifications:
  ADDREF XF:winnt-mutex-dos(6006)

INFERRED ACTION: CAN-2001-0006 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Wall
   MODIFY(1) Frech
   NOOP(2) Ziese, Christey

Voter Comments:
 Frech> XF:winnt-mutex-dos(6006)
 Christey> XF:winnt-mutex-dos(6006)
 Prosser> MS01-003


======================================================
Candidate: CAN-2001-0008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0008
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010110
Category: SF
Reference: CERT:CA-2001-01
Reference: URL:http://www.cert.org/advisories/CA-2001-01.html
Reference: BID:2192
Reference: URL:http://www.securityfocus.com/bid/2192
Reference: XF:interbase-backdoor-account(5911)
Reference: URL:http://xforce.iss.net/static/5911.php

Backdoor account in Interbase database server allows remote attackers
to overwrite arbitrary files using stored procedures.


Modifications:
  ADDREF BID:2192
  ADDREF XF:interbase-backdoor-account

INFERRED ACTION: CAN-2001-0008 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Collins
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Christey> BID:2192
   URL:http://www.securityfocus.com/bid/2192
 Frech> XF:interbase-backdoor-account(5911)
 Christey> XF:interbase-backdoor-account
   URL:http://xforce.iss.net/static/5911.php
 Prosser> CA-2001-01


======================================================
Candidate: CAN-2001-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0009
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010110
Category: SF
Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
Reference: URL:http://www.securityfocus.com/archive/1/154537
Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
Reference: URL:http://www.securityfocus.com/archive/1/155124
Reference: BID:2173
Reference: URL:http://www.securityfocus.com/bid/2173
Reference: XF:lotus-domino-directory-traversal(5899)
Reference: URL:http://xforce.iss.net/static/5899.php

Directory traversal vulnerability in Lotus Domino 5.0.5 web server
allows remote attackers to read arbitrary files via a .. attack.


Modifications:
  ADDREF XF:lotus-domino-directory-traversal(5899)

INFERRED ACTION: CAN-2001-0009 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Cole, Collins
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> XF:lotus-domino-directory-traversal(5899)
 Christey> reorganize the Bugtraq ref's into chronological order
   XF:lotus-domino-directory-traversal
   URL:http://xforce.iss.net/static/5899.php


======================================================
Candidate: CAN-2001-0010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0010
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010118
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-tsig-bo
Reference: BID:2302

Buffer overflow in transaction signature (TSIG) handling code in BIND
8 allows remote attackers to gain root privileges.


Modifications:
  ADDREF IBM:ERS-SVA-E01-2001:002.1
  ADDREF MANDRAKE:MDKSA-2001-017
  ADDREF REDHAT:RHSA-2001-007
  ADDREF CONECTIVA:000377
  ADDREF FREEBSD:FreeBSD-SA-01:18
  ADDREF XF:bind-tsig-bo
  ADDREF BID:2302

INFERRED ACTION: CAN-2001-0010 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Baker, Collins
   MODIFY(1) Frech
   NOOP(4) Ziese, Christey, Cole, Wall

Voter Comments:
 Frech> XF:bind-tsig-bo(6015)
 Christey> IBM:ERS-SVA-E01-2001:002.1
   MANDRAKE:MDKSA-2001-017
   REDHAT:RHSA-2001-007
   CONECTIVA:000377
   FREEBSD:FreeBSD-SA-01:18
 Christey> XF:bind-tsig-bo
   URL:http://xforce.iss.net/static/6015.php
   BID:2302
   URL:http://www.securityfocus.com/bid/2302


======================================================
Candidate: CAN-2001-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0011
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010118
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-bo
Reference: BID:2307

Buffer overflow in nslookupComplain function in BIND 4 allows remote
attackers to gain root privileges.


Modifications:
  ADDREF IBM:ERS-SVA-E01-2001:002.1
  ADDREF MANDRAKE:MDKSA-2001-017
  ADDREF REDHAT:RHSA-2001-007
  ADDREF CONECTIVA:000377
  ADDREF FREEBSD:FreeBSD-SA-01:18
  ADDREF XF:bind-complain-bo
  ADDREF BID:2307

INFERRED ACTION: CAN-2001-0011 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Collins
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> XF:bind-complain-bo(6016)
 Christey> IBM:ERS-SVA-E01-2001:002.1
   MANDRAKE:MDKSA-2001-017
   REDHAT:RHSA-2001-007
   CONECTIVA:000377
   FREEBSD:FreeBSD-SA-01:18
 Christey> XF:bind-complain-bo
   URL:http://xforce.iss.net/static/6016.php
   BID:2307
   URL:http://www.securityfocus.com/bid/2307


======================================================
Candidate: CAN-2001-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0012
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010119
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-inverse-query-disclosure
Reference: BID:2321

BIND 4 and BIND 8 allow remote attackers to access sensitive
information such as environment variables.


Modifications:
  ADDREF IBM:ERS-SVA-E01-2001:002.1
  ADDREF MANDRAKE:MDKSA-2001-017
  ADDREF REDHAT:RHSA-2001-007
  ADDREF CONECTIVA:000377
  ADDREF FREEBSD:FreeBSD-SA-01:18
  ADDREF XF:bind-inverse-query-disclosure
  ADDREF BID:2321

INFERRED ACTION: CAN-2001-0012 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Collins
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> XF:bind-inverse-query-disclosure(6018)
 Christey> XF:bind-inverse-query-disclosure
   URL:http://xforce.iss.net/static/6018.php
   Add these ref's to this and other CAN's:
   IBM:ERS-SVA-E01-2001:002.1
   MANDRAKE:MDKSA-2001-017
   REDHAT:RHSA-2001-007
   CONECTIVA:000377
   FREEBSD:FreeBSD-SA-01:18
 Christey> BID:2321
   URL:http://www.securityfocus.com/bid/2321
 Christey> Make sure ISS/BID ref's are added


======================================================
Candidate: CAN-2001-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0013
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010125
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-format-string
Reference: BID:2309

Format string vulnerability in nslookupComplain function in BIND 4
allows remote attackers to gain root privileges.


Modifications:
  ADDREF IBM:ERS-SVA-E01-2001:002.1
  ADDREF MANDRAKE:MDKSA-2001-017
  ADDREF REDHAT:RHSA-2001-007
  ADDREF CONECTIVA:000377
  ADDREF FREEBSD:FreeBSD-SA-01:18
  ADDREF XF:bind-complain-format-string
  ADDREF BID:2309

INFERRED ACTION: CAN-2001-0013 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Collins
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> XF:bind-complain-format-string(6017)
 Christey> IBM:ERS-SVA-E01-2001:002.1
   MANDRAKE:MDKSA-2001-017
   REDHAT:RHSA-2001-007
   CONECTIVA:000377
   FREEBSD:FreeBSD-SA-01:18
 Christey> XF:bind-complain-format-string
   URL:http://xforce.iss.net/static/6017.php
   BID:2309
   URL:http://www.securityfocus.com/bid/2309
 Prosser> CERT Advisory CA-2001-02
   Multiple Vulnerabilities in BIND
   http://www.cert.org/advisories

   Internet Software Consortium
   BIND Vulnerabilities
   http://www.isc.org/products/BIND/bind-security.html

   COVERT Labs Security Advisory
   COVERT-2001-01
   http://www.pgp.com/covert


======================================================
Candidate: CAN-2001-0014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0014
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010127
Category: SF
Reference: MS:MS01-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp
Reference: XF:win2k-rdp-dos
Reference: BID:2326

Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not
properly handle certain malformed packets, which allows remote
attackers to cause a denial of service, aka the "Invalid RDP Data"
vulnerability.


Modifications:
  ADDREF XF:win2k-rdp-dos
  ADDREF BID:2326

INFERRED ACTION: CAN-2001-0014 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Prosser, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:win2k-rdp-dos(6035)
 Christey> XF:win2k-rdp-dos
   http://xforce.iss.net/static/6035.php
   BID:2326
   URL:http://www.securityfocus.com/bid/2326
 Prosser> MS01-06


======================================================
Candidate: CAN-2001-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0015
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt
Reference: MS:MS01-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
Reference: BID:2341
Reference: XF:win-dde-elevate-privileges(6062)

Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users
to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible
window that is running with the privileges of the WINLOGON process.


Modifications:
  ADDREF BID:2341
  ADDREF XF:win-dde-elevate-privileges(6062)

INFERRED ACTION: CAN-2001-0015 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Prosser, Baker, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> BID:2341
   URL:http://www.securityfocus.com/bid/2341
 Frech> XF:win-dde-elevate-privileges(6062)
 Prosser> MS01-007


======================================================
Candidate: CAN-2001-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0016
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp
Reference: BID:2348
Reference: XF:ntlm-ssp-elevate-privileges(6076)

NTLM Security Support Provider (NTLMSSP) service does not properly
check the function number in an LPC request, which could allow local
users to gain administrator level access.


Modifications:
  ADDREF BID:2348
  ADDREF XF:ntlm-ssp-elevate-privileges(6076)

INFERRED ACTION: CAN-2001-0016 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Prosser, Baker, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> BID:2348
   URL:http://www.securityfocus.com/bid/2348
 Frech> XF:ntlm-ssp-elevate-privileges(6076)
 Prosser> MS01-008


======================================================
Candidate: CAN-2001-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0017
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: MS:MS01-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp
Reference: BID:2368
Reference: XF:winnt-pptp-dos(6103)

Memory leak in PPTP server in Windows NT 4.0 allows remote attackers
to cause a denial of service via a malformed data packet, aka the
"Malformed PPTP Packet Stream" vulnerability.


Modifications:
  ADDREF BID:2368
  ADDREF XF:winnt-pptp-dos(6103)

INFERRED ACTION: CAN-2001-0017 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Prosser, Baker, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> BID:2368
   URL:http://www.securityfocus.com/bid/2368
 Frech> XF:winnt-pptp-dos(6103)
 Prosser> MS01-009


======================================================
Candidate: CAN-2001-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0021
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: XF:mailman-alternate-templates
Reference: URL:http://xforce.iss.net/static/5649.php

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute
arbitrary commands via shell metacharacters in the alternate_template
paramater.

INFERRED ACTION: CAN-2001-0021 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0026
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: XF:rppppoe-zero-length-dos
Reference: URL:http://xforce.iss.net/static/5727.php

rp-pppoe PPPoE client allows remote attackers to cause a denial of service
via the Clamp MSS option and a TCP packet with a zero-length TCP option.

INFERRED ACTION: CAN-2001-0026 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0028
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: XF:oops-ftputils-bo
Reference: URL:http://xforce.iss.net/static/5725.php

Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2
and earlier allows remote attackers to execute arbitrary commands via a
large number of " (quotation) characters.

INFERRED ACTION: CAN-2001-0028 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0033
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config
Reference: URL:http://xforce.iss.net/static/5738.php

KTH Kerberos IV allows local users to change the configuration of a
Kerberos server running at an elevated privilege by specifying an
alternate directory using with the KRBCONFDIR environmental variable,
which allows the user to gain additional privileges.

INFERRED ACTION: CAN-2001-0033 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0034
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy
Reference: URL:http://xforce.iss.net/static/5733.php

KTH Kerberos IV allows local users to specify an alternate proxy using
the krb4_proxy variable, which allows the user to generate false proxy
responses and possibly gain privileges.

INFERRED ACTION: CAN-2001-0034 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0035
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
Reference: XF:kerberos4-auth-packet-overflow
Reference: URL:http://xforce.iss.net/static/5734.php

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands via a long authentication request.


Modifications:
  ADDREF BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches

INFERRED ACTION: CAN-2001-0035 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Christey> See comments by Dug Song at:
   BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
   http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html


======================================================
Candidate: CAN-2001-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0036
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-tmpfile-dos
Reference: URL:http://xforce.iss.net/static/5754.php

KTH Kerberos IV allows local users to overwrite arbitrary files via a
symlink attack on a ticket file.

INFERRED ACTION: CAN-2001-0036 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0039
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos
Reference: URL:http://xforce.iss.net/static/5674.php

IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of
service using the SMTP AUTH command by sending a base64-encoded user
password whose length is between 80 and 136 bytes.


Modifications:
  DESC fix typo: "remore" and add hyphen to "base64 encoded"

INFERRED ACTION: CAN-2001-0039 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> In description, may want to change to "base64-encoded".
 Christey> fix typo: "remore"


======================================================
Candidate: CAN-2001-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0040
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: XF:apc-apcupsd-dos
Reference: URL:http://xforce.iss.net/static/5654.php

APC UPS daemon, apcupsd, saves its process ID in a world-writable
file, which allows local users to kill an arbitrary process by
specifying the target process ID in the apcupsd.pid file.


Modifications:
  DESC Fix spelling: "writeable" should be "writable"

INFERRED ACTION: CAN-2001-0040 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall

Voter Comments:
 Frech> In description, "writable", not "writeable".


======================================================
Candidate: CAN-2001-0041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0041
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: XF:cisco-catalyst-telnet-dos
Reference: URL:http://xforce.iss.net/static/5656.php

Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches
allows remote attackers to cause a denial of service via a series of
failed telnet authentication attempts.

INFERRED ACTION: CAN-2001-0041 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0043
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: XF:phpgroupware-include-files
Reference: URL:http://xforce.iss.net/static/5650.php

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary
PHP commands by specifying a malicious include file in the phpgw_info
parameter of the phpgw.inc.php program.

INFERRED ACTION: CAN-2001-0043 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0050
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: REDHAT:RHSA-2000:126-03
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-126.html
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: XF:irc-bitchx-dns-bo
Reference: URL:http://xforce.iss.net/static/5701.php

Buffer overflow in BitchX IRC client allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via an IP
address that resolves to a long DNS hostname or domain name.

INFERRED ACTION: CAN-2001-0050 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0053
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: XF:bsd-ftpd-replydirname-bo
Reference: URL:http://xforce.iss.net/static/5776.php

One-byte buffer overflow in replydirname function in BSD-based ftpd
allows remote attackers to gain root privileges.

INFERRED ACTION: CAN-2001-0053 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0054
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: XF:ftp-servu-homedir-travers
Reference: URL:http://xforce.iss.net/static/5639.php

Directory traversal vulnerability in FTP Serv-U before 2.5i allows
remote attackers to escape the FTP root and read arbitrary files by
appending a string such as "/..%20." to a CD command, a variant of a
.. (dot dot) attack.

INFERRED ACTION: CAN-2001-0054 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Frech, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0055
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets
Reference: URL:http://xforce.iss.net/static/5627.php

CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to
cause a denial of service via a slow stream of TCP SYN packets.

INFERRED ACTION: CAN-2001-0055 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0056
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login
Reference: URL:http://xforce.iss.net/static/5628.php

The Cisco Web Management interface in routers running CBOS 2.4.1 and
earlier does not log invalid logins, which allows remote attackers to
guess passwords without detection.

INFERRED ACTION: CAN-2001-0056 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0057
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-icmp-echo
Reference: URL:http://xforce.iss.net/static/5629.php

Cisco 600 routers running CBOS 2.4.1 and earlier allow remote
attackers to cause a denial of service via a large ICMP echo (ping)
packet.

INFERRED ACTION: CAN-2001-0057 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0058
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-web-access
Reference: URL:http://xforce.iss.net/static/5626.php

The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier
allow remote attackers to cause a denial of service via a URL that
does not end in a space character.

INFERRED ACTION: CAN-2001-0058 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0059
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Solaris patchadd(1)  (3) symlink vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2
Reference: BID:2127
Reference: URL:http://www.securityfocus.com/bid/2127
Reference: XF:solaris-patchadd-symlink
Reference: URL:http://xforce.iss.net/static/5789.php

patchadd in Solaris allows local users to overwrite arbitrary files
via a symlink attack.

INFERRED ACTION: CAN-2001-0059 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Dik, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0060
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Stunnel format bug
Reference: URL:http://www.securityfocus.com/archive/1/151719
Reference: REDHAT:RHSA-2000:129-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html
Reference: CONECTIVA:CLA-2000:363
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
Reference: DEBIAN:20001225 DSA-009-1 stunnel: insecure file handling, format string bug
Reference: URL:http://www.debian.org/security/2000/20001225a
Reference: FREEBSD:FreeBSD-SA-01:05
Reference: XF:stunnel-format-logfile
Reference: URL:http://xforce.iss.net/static/5807.php
Reference: BID:2128
Reference: URL:http://www.securityfocus.com/bid/2128

Format string vulnerability in stunnel 3.8 and earlier allows
attackers to execute arbitrary commands via a malformed ident
username.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-01:05

INFERRED ACTION: CAN-2001-0060 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> ADDREF FREEBSD:FreeBSD-SA-01:05


======================================================
Candidate: CAN-2001-0061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0061
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2130
Reference: URL:http://www.securityfocus.com/bid/2130
Reference: XF:procfs-elevate-privileges(6106)

procfs in FreeBSD and possibly other operating systems does not
properly restrict access to per-process mem and ctl files, which
allows local users to gain root privileges by forking a child process
and executing a privileged process from the child, while the parent
retains access to the child's address space.


Modifications:
  ADDREF XF:procfs-elevate-privileges(6106)

INFERRED ACTION: CAN-2001-0061 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:procfs-elevate-privileges(6106)
 Prosser> http://www.linuxsecurity.com/advisories/freebsd_advisory-988.html


======================================================
Candidate: CAN-2001-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0062
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2131
Reference: URL:http://www.securityfocus.com/bid/2131
Reference: XF:procfs-mmap-dos(6107)

procfs in FreeBSD and possibly other operating systems allows local
users to cause a denial of service by calling mmap on the process' own
mem file, which causes the kernel to hang.


Modifications:
  ADDREF XF:procfs-mmap-dos(6107)

INFERRED ACTION: CAN-2001-0062 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:procfs-mmap-dos(6107)


======================================================
Candidate: CAN-2001-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0063
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2132
Reference: URL:http://www.securityfocus.com/bid/2132
Reference: XF:procfs-access-control-bo(6108)

procfs in FreeBSD and possibly other operating systems allows local
users to bypass access control restrictions for a jail environment and
gain additional privileges.


Modifications:
  ADDREF XF:procfs-access-control-bo(6108)

INFERRED ACTION: CAN-2001-0063 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:procfs-access-control-bo(6108)


======================================================
Candidate: CAN-2001-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0066
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
Reference: DEBIAN:DSA-005-1
Reference: URL:http://www.debian.org/security/2000/20001217a
Reference: MANDRAKE:MDKSA-2000:085
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
Reference: REDHAT:RHSA-2000:128-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html
Reference: CONECTIVA:CLA-2001:369
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
Reference: TURBO:TLSA2001002-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html
Reference: XF:slocate-heap-execute-code(5594)
Reference: http://xforce.iss.net/static/5594.php
Reference: BID:2004
Reference: URL:http://www.securityfocus.com/bid/2004

Secure Locate (slocate) allows local users to corrupt memory via a
malformed database file that specifies an offset value that accesses
memory outside of the intended buffer.


Modifications:
  ADDREF XF:slocate-heap-execute-code(5594)
  ADDREF TURBO:TLSA2001002-1

INFERRED ACTION: CAN-2001-0066 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(3) Ziese, Christey, Wall

Voter Comments:
 Frech> XF:slocate-heap-execute-code(5594)
 Christey> TURBO:TLSA2001002-1


======================================================
Candidate: CAN-2001-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0069
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: DEBIAN:DSA-008-1
Reference: URL:http://www.debian.org/security/2000/20001225
Reference: BID:2151
Reference: URL:http://www.securityfocus.com/bid/2151
Reference: XF:dialog-symlink
Reference: URL:http://xforce.iss.net/static/5809.php

dialog before 0.9a-20000118-3bis in Debian Linux allows local users to
overwrite arbitrary files via a symlink attack.

INFERRED ACTION: CAN-2001-0069 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0071
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: REDHAT:RHSA-2000-131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: XF:gnupg-detached-sig-modify
Reference: URL:http://xforce.iss.net/static/5802.php
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BID:2141
Reference: URL:http://www.securityfocus.com/bid/2141
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached
signatures, which allows attackers to modify the contents of a file
without detection.

INFERRED ACTION: CAN-2001-0071 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0072
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: REDHAT:RHSA-2000-131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: BID:2153
Reference: URL:http://www.securityfocus.com/bid/2153
Reference: XF:gnupg-reveal-private
Reference: URL:http://xforce.iss.net/static/5803.php

gpg (aka GnuPG) 1.0.4 and other versions imports both public and
private keys from public key servers without notifying the user about
the private keys, which could allow an attacker to break the web of
trust.

INFERRED ACTION: CAN-2001-0072 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0080
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
Reference: XF:cisco-catalyst-ssh-mismatch
Reference: URL:http://xforce.iss.net/static/5760.php

Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to
cause a denial of service by connecting to the SSH service with a
non-SSH client, which generates a protocol mismatch error.

INFERRED ACTION: CAN-2001-0080 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0081
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt
Reference: XF:ncipher-recover-operator-cards(5999)
Reference: URL:http://xforce.iss.net/static/5999.php

swinit in nCipher does not properly disable the Operator Card Set
recovery feature even when explicitly disabled by the user, which
could allow attackers to gain access to application keys.


Modifications:
  ADDREF XF:ncipher-recover-operator-cards(5999)

INFERRED ACTION: CAN-2001-0081 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Ziese, Wall

Voter Comments:
 Frech> XF:ncipher-recover-operator-cards(5999)
 Prosser> Add Source:
   http://active.ncipher.com/updates/advisory.txt
   Security World Recovery Bug Fix


======================================================
Candidate: CAN-2001-0083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0083
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-097
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp
Reference: MSKB:Q281256
Reference: XF:mediaservices-dropped-connection-dos
Reference: URL:http://xforce.iss.net/static/5785.php

Windows Media Unicast Service in Windows Media Services 4.0 and 4.1
does not properly shut down some types of connections, producing a
memory leak that allows remote attackers to cause a denial of service
via a series of severed connections, aka the "Severed Windows Media
Server Connection" vulnerability.


Modifications:
  DESC Change "which allows" to "that allows"

INFERRED ACTION: CAN-2001-0083 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Cole, Wall
   NOOP(1) Ziese

Voter Comments:
 Frech> In description, consider changing "leak which allows" to
   "leak that allows".


======================================================
Candidate: CAN-2001-0085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0085
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0012-135
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html
Reference: BID:2170
Reference: URL:http://www.securityfocus.com/bid/2170
Reference: XF:hpux-kermit-bo
Reference: URL:http://xforce.iss.net/static/5793.php

Buffer overflow in Kermit communications software in HP-UX 11.0 and
earlier allows local users to cause a denial of service and possibly
execute arbitrary commands.

INFERRED ACTION: CAN-2001-0085 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Prosser, Cole
   NOOP(1) Wall

Voter Comments:
 Prosser> HPSBUX0012-135 Sec. Vulnerability in kermit(1) REVISED01
   http://us-support2.external.hp.com


======================================================
Candidate: CAN-2001-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0089
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-form-file-upload
Reference: URL:http://xforce.iss.net/static/5615.php

Internet Explorer 5.0 through 5.5 allows remote attackers to read
arbitrary files from the client via the INPUT TYPE element in an HTML
form, aka the "File Upload via Form" vulnerability.

INFERRED ACTION: CAN-2001-0089 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Cole, Wall


======================================================
Candidate: CAN-2001-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0090
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-print-template(5614)
Reference: URL:http://xforce.iss.net/static/5614.php

The Print Templates feature in Internet Explorer 5.5 executes
arbitrary custom print templates without prompting the user, which
could allow an attacker to execute arbitrary ActiveX controls, aka the
"Browser Print Template" vulnerability.


Modifications:
  ADDREF XF:ie-print-template(5614)

INFERRED ACTION: CAN-2001-0090 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:ie-print-template(5614)
 Christey> XF:ie-print-template
   URL:http://xforce.iss.net/static/5614.php


======================================================
Candidate: CAN-2001-0091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0091
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-scriptlet-rendering-read-files(6085)
Reference: URL:http://xforce.iss.net/static/6085.php

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0
through 5.5 renders arbitrary file types instead of HTML, which allows
an attacker to read arbitrary files, aka a variant of the "Scriptlet
Rendering" vulnerability.


Modifications:
  ADDREF XF:ie-scriptlet-rendering-read-files(6085)

INFERRED ACTION: CAN-2001-0091 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Wall
   MODIFY(1) Frech
   NOOP(1) Ziese

Voter Comments:
 Frech> XF:ie-scriptlet-rendering-read-files(6085)
 Prosser> ms00-093


======================================================
Candidate: CAN-2001-0092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0092
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-frame-verification-read-files(6086)

A function in Internet Explorer 5.0 through 5.5 does not properly
verify the domain of a frame within a browser window, which allows a
remote attacker to read client files, aka a new variant of the "Frame
Domain Verification" vulnerability.


Modifications:
  ADDREF XF:ie-frame-verification-read-files(6086)

INFERRED ACTION: CAN-2001-0092 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Prosser, Cole, Wall
   MODIFY(1) Frech
   REVIEWING(1) Ziese

Voter Comments:
 Frech> XF:ie-frame-verification-read-files(6086)
 Prosser> ms00-093


======================================================
Candidate: CAN-2001-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0096
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-100
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-100.asp
Reference: XF:iis-web-form-submit
Reference: URL:http://xforce.iss.net/static/5823.php

FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote
attackers to cause a denial of service via a malformed form, aka the
"Malformed Web Form Submission" vulnerability.

INFERRED ACTION: CAN-2001-0096 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Cole, Wall


======================================================
Candidate: CAN-2001-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0099
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bsguest-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5796.php

bsguest.cgi guestbook script allows remote attackers to execute
arbitrary commands via shell metacharacters in the email address.

INFERRED ACTION: CAN-2001-0099 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Ziese, Wall


======================================================
Candidate: CAN-2001-0100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0100
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bslist-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5797.php

bslist.cgi mailing list script allows remote attackers to execute
arbitrary commands via shell metacharacters in the email address.

INFERRED ACTION: CAN-2001-0100 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(2) Wall, Ziese


======================================================
Candidate: CAN-2001-0105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0105
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0012-134
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
Reference: XF:hp-top-sys-files
Reference: URL:http://xforce.iss.net/static/5773.php

Vulnerability in top in HP-UX 11.04 and earlier allows local users to
overwrite files owned by the "sys" group.

INFERRED ACTION: CAN-2001-0105 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0106
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0101-136
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html
Reference: XF:hp-inetd-swait-dos(5904)
Reference: URL:http://xforce.iss.net/static/5904.php

Vulnerability in inetd server in HP-UX 11.04 and earlier allows
attackers to cause a denial of service when the "swait" state is used
by a server.


Modifications:
  ADDREF XF:hp-inetd-swait-dos

INFERRED ACTION: CAN-2001-0106 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Prosser, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:hp-inetd-swait-dos(5904)
 Christey> XF:hp-inetd-swait-dos
   URL:http://xforce.iss.net/static/5904.php
 Prosser> HPSBUX0101-136
   http://us-support2.external.hp.com


======================================================
Candidate: CAN-2001-0109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0109
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
Reference: BID:2207
Reference: URL:http://www.securityfocus.com/bid/2207
Reference: XF:rctab-elevate-privileges(5945)
Reference: URL:http://xforce.iss.net/static/5945.php

rctab in SuSE 7.0 and earlier allows local users to create or overwrite
arbitrary files via a symlink attack on the rctmp temporary file.


Modifications:
  ADDREF XF:rctab-elevate-privileges(5945)
  CHANGEREF BUGTRAQ [fix date]

INFERRED ACTION: CAN-2001-0109 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> XF:rctab-elevate-privileges
   URL:http://xforce.iss.net/static/5945.php
   Also, see the clarification by SuSE at:
   http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
 Frech> XF:rctab-elevate-privileges(5945)


======================================================
Candidate: CAN-2001-0110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0110
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 Vulnerability in jaZip.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
Reference: DEBIAN:DSA-017-1
Reference: URL:http://www.debian.org/security/2001/dsa-017
Reference: XF:jazip-display-bo(5942)
Reference: URL:http://xforce.iss.net/static/5942.php
Reference: BID:2209
Reference: URL:http://www.securityfocus.com/bid/2209

Buffer overflow in jaZip Zip/Jaz drive manager allows local users to
gain root privileges via a long DISPLAY environmental variable.


Modifications:
  ADDREF XF:jazip-display-bo(5942)

INFERRED ACTION: CAN-2001-0110 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:jazip-display-bo(5942)


======================================================
Candidate: CAN-2001-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0111
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-1
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: XF:splitvt-perserc-format-string(5948)
Reference: URL:http://xforce.iss.net/static/5948.php
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210

Format string vulnerability in splitvt before 1.6.5 allows local users
to execute arbitrary commands via the -rcfile command line argument.


Modifications:
  ADDREF XF:splitvt-perserc-format-string(5948)

INFERRED ACTION: CAN-2001-0111 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> XF:splitvt-perserc-format-string(5948)
 Frech> XF:splitvt-perserc-format-string(5948)


======================================================
Candidate: CAN-2001-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0115
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2
Reference: BUGTRAQ:20010112 arp exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2
Reference: SUN:00200
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
Reference: XF:solaris-arp-bo(5928)
Reference: URL:http://xforce.iss.net/static/5928.php
Reference: BID:2193
Reference: URL:http://www.securityfocus.com/bid/2193

Buffer overflow in arp command in Solaris 7 and earlier allows local users
to execute arbitrary commands via a long -f parameter.


Modifications:
  ADDREF XF:solaris-arp-bo(5928)

INFERRED ACTION: CAN-2001-0115 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(2) Frech, Dik
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> XF:solaris-arp-bo
   URL:http://xforce.iss.net/static/5928.php
 Frech> XF:solaris-arp-bo(5928)
 Dik> "allows users to execute arbitrary commands *with euid sys*"
   Sun bug 4296166
 Christey> The "CVE style" implies that "arbitrary commands" means
   "arbitrary commands as another UID," not necessarily root,
   so the addition of euis sys to the description is not
   essential.


======================================================
Candidate: CAN-2001-0116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0116
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:006
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3
Reference: BID:2188
Reference: URL:http://www.securityfocus.com/bid/2188
Reference: XF:linux-gpm-symlink(5917)
Reference: URL:http://xforce.iss.net/static/5917.php

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink
attack.


Modifications:
  ADDREF XF:linux-gpm-symlink(5917)

INFERRED ACTION: CAN-2001-0116 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:linux-gpm-symlink(5917)
 Christey> XF:linux-gpm-symlink
   URL:http://xforce.iss.net/static/5917.php


======================================================
Candidate: CAN-2001-0117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0117
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:008-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3
Reference: XF:linux-diffutils-sdiff-symlink(5914)
Reference: URL:http://xforce.iss.net/static/5914.php
Reference: BID:2191
Reference: URL:http://www.securityfocus.com/bid/2191

sdiff 2.7 in the diffutils package allows local users to overwrite
files via a symlink attack.


Modifications:
  ADDREF XF:linux-diffutils-sdiff-symlink(5914)

INFERRED ACTION: CAN-2001-0117 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:linux-diffutils-sdiff-symlink(5914)
 Christey> http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008-1.php3?dis=7.0
   XF:linux-diffutils-sdiff-symlimk
   URL:http://xforce.iss.net/static/5914.php


======================================================
Candidate: CAN-2001-0118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0118
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001-005
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3
Reference: BID:2195
Reference: URL:http://www.securityfocus.com/bid/2195
Reference: XF:rdist-symlink(5925)
Reference: URL:http://xforce.iss.net/static/5925.php

rdist 6.1.5 allows local users to overwrite arbitrary files via a
symlink attack.


Modifications:
  ADDREF XF:rdist-symlink(5925)

INFERRED ACTION: CAN-2001-0118 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:rdist-symlink(5925)
 Christey> XF:rdist-symlink
   URL:http://xforce.iss.net/static/5925.php
   MANDRAKE:MDKSA-2001-005
   http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-005.php3


======================================================
Candidate: CAN-2001-0119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0119
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:004
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3
Reference: BID:2194
Reference: URL:http://www.securityfocus.com/bid/2194
Reference: XF:gettyps-symlink(5924)
Reference: URL:http://xforce.iss.net/static/5924.php

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a
symlink attack.


Modifications:
  ADDREF XF:gettyps-symlink(5924)

INFERRED ACTION: CAN-2001-0119 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:gettyps-symlink(5924)
 Christey> XF:gettyps-symlink
   URL:http://xforce.iss.net/static/5924.php


======================================================
Candidate: CAN-2001-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0120
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:007
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3
Reference: BID:2196
Reference: URL:http://www.securityfocus.com/bid/2196
Reference: XF:shadow-utils-useradd-symlink(5927)
Reference: URL:http://xforce.iss.net/static/5927.php

useradd program in shadow-utils program may allow local users to
overwrite arbitrary files via a symlink attack.


Modifications:
  ADDREF XF:shadow-utils-useradd-symlink(5927)

INFERRED ACTION: CAN-2001-0120 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:shadow-utils-useradd-symlink(5927)
 Christey> XF:shadow-utils-useradd-symlink
   URL:http://xforce.iss.net/static/5927.php


======================================================
Candidate: CAN-2001-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0123
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2
Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html
Reference: BID:2177
Reference: URL:http://www.securityfocus.com/bid/2177
Reference: XF:http-cgi-bbs-forum(5906)
Reference: URL:http://xforce.iss.net/static/5906.php

Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the file parameter.


Modifications:
  ADDREF XF:http-cgi-bbs-forum(5906)
  ADDREF CONFIRM:http://www.extropia.com/hacks/bbs_security.html

INFERRED ACTION: CAN-2001-0123 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:http-cgi-bbs-forum(5906)
 Christey> XF:http-cgi-bbs-forum
   URL:http://xforce.iss.net/static/5906.php
 Baker> http://www.extropia.com/hacks/bbs_security.html


======================================================
Candidate: CAN-2001-0124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0124
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2
Reference: SUNBUG:4161925
Reference: XF:solaris-exrecover-bo(5913)
Reference: URL:http://xforce.iss.net/static/5913.php
Reference: BID:2179
Reference: URL:http://www.securityfocus.com/bid/2179

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly
allows local users to gain privileges via a long command line
argument.


Modifications:
  ADDREF XF:solaris-exrecover-bo(5913)

INFERRED ACTION: CAN-2001-0124 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Dik, Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:solaris-exrecover-bo(5913)
 Christey> XF:solaris-exrecover-bo
   URL:http://xforce.iss.net/static/5913.php


======================================================
Candidate: CAN-2001-0125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0125
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2
Reference: BUGTRAQ:20010112 exmh security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2
Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html
Reference: FREEBSD:FreeBSD-SA-01:17
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html
Reference: MANDRAKE:MDKSA-2001:015
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3
Reference: DEBIAN:DSA-022-1
Reference: URL:http://www.debian.org/security/2001/dsa-022
Reference: XF:exmh-error-symlink
Reference: URL:http://xforce.iss.net/static/5829.php

exmh 2.2 and earlier allows local users to overwrite arbitrary files
via a symlink attack on the exmhErrorMsg temporary file.

INFERRED ACTION: CAN-2001-0125 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0126
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2
Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2
Reference: XF:oracle-xsql-execute-code(5905)
Reference: URL:http://xforce.iss.net/static/5905.php

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to
execute arbitrary Java code by redirecting the XSQL server to another
source via the xml-stylesheet parameter in the xslt stylesheet.


Modifications:
  ADDREF XF:oracle-xsql-execute-code(5905)

INFERRED ACTION: CAN-2001-0126 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:oracle-xsql-execute-code(5905)
 Christey> XF:oracle-xsql-execute-code(5905)


======================================================
Candidate: CAN-2001-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0128
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: MANDRAKE:MDKSA-2000-083
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: REDHAT:RHSA-2000:127-06
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-127.html
Reference: DEBIAN:DSA-006-1
Reference: URL:http://www.debian.org/security/2000/20001219
Reference: FREEBSD:FreeBSD-SA-01:06
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
Reference: XF:zope-calculate-roles
Reference: URL:http://xforce.iss.net/static/5777.php

Zope before 2.2.4 does not properly compute local roles, which could
allow users to bypass specified access restrictions and gain
privileges.

INFERRED ACTION: CAN-2001-0128 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0129
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2
Reference: DEBIAN:DSA-018-1
Reference: URL:http://www.debian.org/security/2001/dsa-018
Reference: FREEBSD:FreeBSD-SA-01:15
Reference: BID:2217
Reference: URL:http://www.securityfocus.com/bid/2217
Reference: XF:tinyproxy-remote-bo(5954)
Reference: URL:http://xforce.iss.net/static/5954.php

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long connect request.


Modifications:
  ADDREF XF:tinyproxy-remote-bo

INFERRED ACTION: CAN-2001-0129 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> XF:tinyproxy-remote-bo
   URL:http://xforce.iss.net/static/5954.php
 Frech> XF:tinyproxy-remote-bo(5954)


======================================================
Candidate: CAN-2001-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0130
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
Reference: XF:lotus-html-bo(6207)
Reference: URL:http://xforce.iss.net/static/6207.php

Buffer overflow in HTML parser of the Lotus R5 Domino Server before
5.06, and Domino Client before 5.05, allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via a
malformed font size specifier.


Modifications:
  ADDREF XF:lotus-html-bo(6207)

INFERRED ACTION: CAN-2001-0130 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:lotus-html-bo(6207)


======================================================
Candidate: CAN-2001-0137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0137
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2
Reference: MS:MS01-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
Reference: XF:win-mediaplayer-arbitrary-code(5937)
Reference: URL:http://xforce.iss.net/static/5937.php
Reference: BID:2203
Reference: URL:http://www.securityfocus.com/bid/2203

Windows Media Player 7 allows remote attackers to execute malicious
Java applets in Internet Explorer clients by enclosing the applet in a
skin file named skin.wmz, then referencing that skin in the codebase
parameter to an applet tag, aka the Windows Media Player Skins File
Download" vulnerability.


Modifications:
  ADDREF MS:MS01-010
  DESC Add "aka" portion
  ADDREF XF:win-mediaplayer-arbitrary-code(5937)

INFERRED ACTION: CAN-2001-0137 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) LeBlanc, Prosser
   MODIFY(1) Frech
   NOOP(2) Christey, Cole
   REVIEWING(1) Wall

Voter Comments:
 Christey> ADDREF MS:MS01-010
   URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
   Also change description to identify the "Windows Media Player
   Skins File Download" vulnerability.
 Christey> ADDREF XF:win-mediaplayer-arbitrary-code(5937)
   http://xforce.iss.net/static/5937.php
 Frech> XF:win-mediaplayer-arbitrary-code(5937)
   Reference:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
 LeBlanc> Looks to me like we fixed it.
 Prosser> ms01-0010


======================================================
Candidate: CAN-2001-0138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0138
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0010.html
Reference: MANDRAKE:MDKSA-2001-001
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: BID:2189
Reference: URL:http://www.securityfocus.com/bid/2189
Reference: XF:linux-wuftpd-privatepw-symlink(5915)
Reference: URL:http://xforce.iss.net/static/5915.php

privatepw program in wu-ftpd before 2.6.1-6 allows local users to
overwrite arbitrary files via a symlink attack.


Modifications:
  ADDREF XF:linux-wuftpd-privatepw-symlink(5915)
  ADDREF MANDRAKE:MDKSA-2001-001
  ADDREF DEBIAN:DSA-016

INFERRED ACTION: CAN-2001-0138 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:linux-wuftpd-privatepw-symlink(5915)
 Christey> XF:linux-wuftpd-privatepw-symlink
   URL:http://xforce.iss.net/static/5915.php
   MANDRAKE:MDKSA-2001-001
   http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
   DEBIAN:DSA-016
   http://www.debian.org/security/2001/dsa-016


======================================================
Candidate: CAN-2001-0139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0139
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:010
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3
Reference: CALDERA:CSSA-2001-001.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt
Reference: XF:linux-inn-symlink(5916)
Reference: URL:http://xforce.iss.net/static/5916.php
Reference: BID:2190
Reference: URL:http://www.securityfocus.com/bid/2190

inn 2.2.3 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.


Modifications:
  ADDREF XF:linux-inn-symlink(5916)

INFERRED ACTION: CAN-2001-0139 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-inn-symlink(5916)


======================================================
Candidate: CAN-2001-0140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0140
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:002
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3
Reference: XF:tcpdump-arpwatch-symlink(5922)
Reference: URL:http://xforce.iss.net/static/5922.php
Reference: BID:2183
Reference: URL:http://www.securityfocus.com/bid/2183

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.


Modifications:
  ADDREF XF:tcpdump-arpwatch-symlink(5922)

INFERRED ACTION: CAN-2001-0140 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:tcpdump-arpwatch-symlink(5922)
 Christey> XF:tcpdump-arpwatch-symlink
   URL:http://xforce.iss.net/static/5922.php


======================================================
Candidate: CAN-2001-0141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0141
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:009
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
Reference: DEBIAN:DSA-011
Reference: URL:http://www.debian.org/security/2001/dsa-011
Reference: CALDERA:CSSA-2001-002.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
Reference: BID:2187
Reference: URL:http://www.securityfocus.com/bid/2187
Reference: XF:linux-mgetty-symlink(5918)
Reference: URL:http://xforce.iss.net/static/5918.php

mgetty 1.1.22 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.


Modifications:
  ADDREF XF:linux-mgetty-symlink(5918)

INFERRED ACTION: CAN-2001-0141 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:linux-mgetty-symlink(5918)
 Christey> XF:linux-mgetty-symlink
   URL:http://xforce.iss.net/static/5918.php


======================================================
Candidate: CAN-2001-0142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0142
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:003
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
Reference: DEBIAN:DSA-019
Reference: URL:http://www.debian.org/security/2001/dsa-019
Reference: XF:squid-email-symlink(5921)
Reference: URL:http://xforce.iss.net/static/5921.php
Reference: BID:2184
Reference: URL:http://www.securityfocus.com/bid/2184

squid 2.3 and earlier allows local users to overwrite arbitrary files
via a symlink attack in some configurations.


Modifications:
  ADDREF XF:squid-email-symlink(5921)
  ADDREF DEBIAN:DSA-019

INFERRED ACTION: CAN-2001-0142 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:squid-email-symlink(5921)
 Christey> ADDREF XF:squid-email-symlink
   URL:http://xforce.iss.net/static/5921.php
   http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-003.php3?dis=7.0
   http://www.debian.org/security/2001/dsa-019
 Christey> http://archives.neohapsis.com/archives/vendor/2001-q1/0015.html


======================================================
Candidate: CAN-2001-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0143
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:011
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3
Reference: BID:2186
Reference: URL:http://www.securityfocus.com/bid/2186
Reference: XF:linuxconf-vpop3d-symlink(5923)
Reference: URL:http://xforce.iss.net/static/5923.php

vpop3d program in linuxconf 1.23r and earlier allows local users to
overwrite arbitrary files via a symlink attack.


Modifications:
  ADDREF XF:linuxconf-vpop3d-symlink(5923)

INFERRED ACTION: CAN-2001-0143 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:linuxconf-vpop3d-symlink(5923)
 Christey> XF:linuxconf-vpop3d-symlink
   URL:http://xforce.iss.net/static/5923.php


======================================================
Candidate: CAN-2001-0144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0144
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010208
Category: SF
Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2
Reference: XF:ssh-deattack-overwrite-memory(6083)
Reference: URL:http://xforce.iss.net/static/6083.php
Reference: BID:2347
Reference: URL:http://www.securityfocus.com/bid/2347

CORE SDI SSH1 CRC-32 compensation attack detector allows remote
attackers to execute arbitrary commands on an SSH server or client via
an integer overflow.


Modifications:
  ADDREF XF:ssh-deattack-overwrite-memory(6083)

INFERRED ACTION: CAN-2001-0144 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ssh-deattack-overwrite-memory(6083)


======================================================
Candidate: CAN-2001-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0147
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp

Buffer overflow in Windows 2000 event viewer snap-in allows attackers
to execute arbitrary commands via a malformed field that is improperly
handled during the detailed view of event records.

INFERRED ACTION: CAN-2001-0147 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(5) Wall, Ziese, Balinsky, Cole, Bishop


======================================================
Candidate: CAN-2001-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0148
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:media-player-execute-commands(6227)
Reference: URL:http://xforce.iss.net/static/6227.php

The WMP ActiveX Control in Windows Media Player 7 allows remote
attackers to execute commands in Internet Explorer via javascript
URLs, a variant of the "Frame Domain Verification" vulnerability.


Modifications:
  ADDREF XF:media-player-execute-commands(6227)

INFERRED ACTION: CAN-2001-0148 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:media-player-execute-commands(6227)


======================================================
Candidate: CAN-2001-0149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0149
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html
Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:ie-getobject-expose-files(5293)

Windows Scripting Host in Internet Explorer 5.5 and earlier allows
remote attackers to read arbitrary files via the GetObject Javascript
function and the htmlfile ActiveX object.


Modifications:
  ADDREF XF:ie-getobject-expose-files(5293)

INFERRED ACTION: CAN-2001-0149 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-getobject-expose-files(5293)


======================================================
Candidate: CAN-2001-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0150
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:ie-telnet-execute-commands(6230)

Internet Explorer 5.5 and earlier executes Telnet sessions using
command line arguments that are specified by the web site, which could
allow remote attackers to execute arbitrary commands if the IE client
is using the Telnet client provided in Services for Unix (SFU) 2.0,
which creates session transcripts.


Modifications:
  ADDREF XF:ie-telnet-execute-commands(6230)

INFERRED ACTION: CAN-2001-0150 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> ie-telnet-execute-commands(6230)


======================================================
Candidate: CAN-2001-0151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0151
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: MS:MS01-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp
Reference: XF:iis-webdav-dos(6205)

IIS 5.0 allows remote attackers to cause a denial of service via a
series of malformed WebDAV requests.


Modifications:
  ADDREF XF:iis-webdav-dos(6205)

INFERRED ACTION: CAN-2001-0151 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-webdav-dos(6205)


======================================================
Candidate: CAN-2001-0152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0152
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp

The password protection option for the Compressed Folders feature in
Plus! for Windows 98 and Windows Me writes password information to a
file, which allows local users to recover the passwords and read the
compressed folders.

INFERRED ACTION: CAN-2001-0152 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Wall, Ziese, Cole, Bishop


======================================================
Candidate: CAN-2001-0153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0153
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html
Reference: MS:MS01-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual
Studio 6.0 Enterprise Edition allows remote attackers to execute
arbitrary commands.

INFERRED ACTION: CAN-2001-0153 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Wall, Ziese, Cole, Bishop


======================================================
Candidate: CAN-2001-0154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2
Reference: MS:MS01-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

HTML e-mail feature in Internet Explorer 5.5 and earlier allows
attackers to execute attachments by setting an unusual MIME type for
the attachment, which Internet Explorer does not process correctly.

INFERRED ACTION: CAN-2001-0154 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Wall, Ziese, Cole, Bishop


======================================================
Candidate: CAN-2001-0157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0157
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010301
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A030101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt
Reference: XF:palm-debug-bypass-password(6196)

Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier
allows attackers with physical access to a Palm device to bypass
access restrictions and obtain passwords, even if the system lockout
mechanism is enabled.


Modifications:
  ADDREF XF:palm-debug-bypass-password(6196)

INFERRED ACTION: CAN-2001-0157 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Cole
   MODIFY(1) Frech
   NOOP(1) Ziese

Voter Comments:
 Frech> XF:palm-debug-bypass-password(6196)


======================================================
Candidate: CAN-2001-0165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0165
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
Reference: SUNBUG:4409148
Reference: XF:solaris-ximp40-bo
Reference: URL:http://xforce.iss.net/static/6039.php
Reference: BID:2322
Reference: URL:http://www.securityfocus.com/bid/2322

Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8
allows local users to gain privileges via a long "arg0" (process name)
argument.


Modifications:
  ADDREF SUNBUG:4409148

INFERRED ACTION: CAN-2001-0165 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Frech, Dik
   NOOP(1) Ziese

Voter Comments:
 Dik> More research needed on my part (the ximp40.so
   appear to be loaded only in specific circumstances)
 CHANGE> [Dik changed vote from REVIEWING to ACCEPT]
 Dik> Sun bug 4409148


======================================================
Candidate: CAN-2001-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0166
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
Reference: XF:shockwave-flash-swf-bo
Reference: URL:http://xforce.iss.net/static/5826.php

Macromedia Shockwave Flash plugin version 8 and earlier allows remote
attackers to cause a denial of service via malformed tag length
specifiers in a SWF file.

INFERRED ACTION: CAN-2001-0166 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0169
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:012
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
Reference: SUSE:SuSE-SA:2001:01
Reference: URL:http://www.suse.com/de/support/security/2001_001_glibc_txt.txt
Reference: CALDERA:CSSA-2001-007
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
Reference: REDHAT:RHSA-2001:002-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html
Reference: DEBIAN:DSA-039
Reference: URL:http://www.debian.org/security/2001/dsa-039
Reference: TURBO:TLSA2000021-2
Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc
Reference: URL:http://www.securityfocus.com/archive/1/157650
Reference: BID:2223
Reference: URL:http://www.securityfocus.com/bid/2223
Reference: XF:linux-glibc-preload-overwrite
Reference: URL:http://xforce.iss.net/static/5971.php

When using the LD_PRELOAD environmental variable in SUID or SGID
applications, glibc does not verify that preloaded libraries in
/etc/ld.so.cache are also SUID/SGID, which could allow a local user to
overwrite arbitrary files by loading a library from /lib or /usr/lib.


Modifications:
  ADDREF DEBIAN:DSA-039
  ADDREF TURBO:TLSA2000021-2

INFERRED ACTION: CAN-2001-0169 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech
   NOOP(1) Christey

Voter Comments:
 Christey> DEBIAN:DSA-039
   URL:http://www.debian.org/security/2001/dsa-039
   TURBO:TLSA2000021-2
   http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html


======================================================
Candidate: CAN-2001-0170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0170
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010110 Glibc Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
Reference: REDHAT:RHSA-2001:001-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html
Reference: BID:2181
Reference: URL:http://www.securityfocus.com/bid/2181
Reference: XF:linux-glibc-read-files
Reference: URL:http://xforce.iss.net/static/5907.php

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF,
HOSTALIASES, or RES_OPTIONS environmental variables when executing
setuid/setgid programs, which could allow local users to read
arbitrary files.

INFERRED ACTION: CAN-2001-0170 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0178
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:018
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Reference: CALDERA:CSSA-2001-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Reference: SUSE:SuSE-SA:2001:02
Reference: URL:http://www.suse.com/de/support/security/2001_002_kdesu_txt.txt
Reference: XF:kde2-kdesu-retrieve-passwords
Reference: URL:http://xforce.iss.net/static/5995.php

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify
the owner of a UNIX socket that is used to send a password, which
allows local users to steal passwords and gain privileges.

INFERRED ACTION: CAN-2001-0178 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0179
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: ALLAIRE:ASB01-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
Reference: XF:jrun-webinf-file-retrieval
Reference: URL:http://xforce.iss.net/static/6008.php

Allaire JRun 3.0 allows remote attackers to list contents of the
WEB-INF directory, and the web.xml file in the WEB-INF directory, via
a malformed URL that contains a "."

INFERRED ACTION: CAN-2001-0179 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0183
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:08
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
Reference: BID:2293
Reference: URL:http://www.securityfocus.com/bid/2293
Reference: XF:ipfw-bypass-firewall
Reference: URL:http://xforce.iss.net/static/5998.php

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to
bypass access restrictions by setting the ECE flag in a TCP packet,
which makes the packet appear to be part of an established connection.

INFERRED ACTION: CAN-2001-0183 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0185
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
Reference: URL:http://www.securityfocus.com/archive/1/157952
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035651825590&w=2
Reference: BID:2287
Reference: URL:http://www.securityfocus.com/bid/2287
Reference: XF:netopia-telnet-dos
Reference: URL:http://xforce.iss.net/static/6001.php

Netopia R9100 router version 4.6 allows authenticated users to cause a
denial of service by using the router's telnet program to connect to
the router's IP address, which causes a crash.

INFERRED ACTION: CAN-2001-0185 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0187
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
Reference: BID:2296
Reference: URL:http://www.securityfocus.com/bid/2296
Reference: XF:wuftp-debug-format-string
Reference: URL:http://xforce.iss.net/static/6020.php

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running
with debug mode enabled, allows remote attackers to execute arbitrary
commands via a malformed argument that is recorded in a PASV port
assignment.

INFERRED ACTION: CAN-2001-0187 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0190
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2
Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2
Reference: SUNBUG:4406722
Reference: XF:cu-argv-bo(6224)

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and
possibly other operating systems, allows local users to gain
privileges by executing cu with a long program name (arg0).


Modifications:
  ADDREF XF:cu-argv-bo(6224)
  ADDREF SUNBUG:4406722

INFERRED ACTION: CAN-2001-0190 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Dik
   MODIFY(1) Frech
   NOOP(1) Ziese

Voter Comments:
 Frech> XF:cu-argv-bo(6224)
 Dik> Sun bug  4406722


======================================================
Candidate: CAN-2001-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0191
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
Reference: REDHAT:RHSA-2001:010
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html
Reference: REDHAT:RHSA-2001:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html
Reference: MANDRAKE:MDKSA-2001:019
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
Reference: XF:gnuserv-tcp-cookie-overflow(6056)

gnuserv before 3.12, as shipped with XEmacs, does not properly check
the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which
allows remote attackers to execute arbitrary commands via a buffer
overflow, or brute force authentication by using a short cookie
length.


Modifications:
  ADDREF XF:gnuserv-tcp-cookie-overflow(6056)
  DESC Correct spelling: "MIT-MAGIC-COOKIE"

INFERRED ACTION: CAN-2001-0191 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Ziese
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:gnuserv-tcp-cookie-overflow(6056)
 Christey> Correct spelling: "MIT-MAGIC-COOKIE"


======================================================
Candidate: CAN-2001-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0193
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98096782126481&w=2
Reference: DEBIAN:DSA-028-1
Reference: URL:http://www.debian.org/security/2001/dsa-028
Reference: BID:2327
Reference: URL:http://www.securityfocus.com/bid/2327
Reference: XF:man-i-format-string(6059)

Format string vulnerability in man in some Linux distributions allows
local users to gain privileges via a malformed -l parameter.


Modifications:
  ADDREF XF:man-i-format-string(6059)

INFERRED ACTION: CAN-2001-0193 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Lawler
   MODIFY(1) Frech
   NOOP(1) Ziese

Voter Comments:
 Frech> XF:man-i-format-string(6059)


======================================================
Candidate: CAN-2001-0194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0194
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:020-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3
Reference: XF:cups-httpgets-dos(6043)

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote
attackers to execute arbitrary commands via a long input line.


Modifications:
  ADDREF XF:cups-httpgets-dos(6043)

INFERRED ACTION: CAN-2001-0194 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:cups-httpgets-dos(6043)


======================================================
Candidate: CAN-2001-0195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0195
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-015
Reference: URL:http://www.debian.org/security/2001/dsa-015
Reference: XF:linux-sash-shadow-readable
Reference: URL:http://xforce.iss.net/static/5994.php

sash before 3.4-4 in Debian Linux does not properly clone /etc/shadow,
which makes it world-readable and could allow local users to gain
privileges via password cracking.

INFERRED ACTION: CAN-2001-0195 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0196
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:11
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
Reference: BID:2324
Reference: URL:http://www.securityfocus.com/bid/2324
Reference: XF:inetd-ident-read-files(6052)

inetd ident server in FreeBSD 4.x and earlier does not properly set
group permissions, which allows remote attackers to read the first 16
bytes of files that are accessible by the wheel group.


Modifications:
  ADDREF XF:inetd-ident-read-files(6052)

INFERRED ACTION: CAN-2001-0196 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:inetd-ident-read-files(6052)


======================================================
Candidate: CAN-2001-0197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0197
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
Reference: CONECTIVA:CLA-2001:374
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
Reference: REDHAT:RHSA-2001:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html
Reference: XF:icecast-format-string
Reference: URL:http://xforce.iss.net/static/5978.php
Reference: BID:2264
Reference: URL:http://www.securityfocus.com/bid/2264

Format string vulnerability in print_client in icecast 1.3.8beta2 and
earlier allows remote attackers to execute arbitrary commands.

INFERRED ACTION: CAN-2001-0197 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0218
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0218
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html
Reference: FREEBSD:FreeBSD-SA-01:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html
Reference: XF:mars-nwe-format-string(6019)
Reference: URL:http://xforce.iss.net/static/6019.php

Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.


Modifications:
  CHANGEREF XF [canonicalize]

INFERRED ACTION: CAN-2001-0218 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mars-nwe-format-string(6019)


======================================================
Candidate: CAN-2001-0219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0219
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: HP:HPSBUX0101-137
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
Reference: XF:hp-stm-dos
Reference: URL:http://xforce.iss.net/static/5957.php
Reference: BID:2239
Reference: URL:http://www.securityfocus.com/bid/2239

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11
and earlier allows local users to cause a denial of service.

INFERRED ACTION: CAN-2001-0219 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0221
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:19
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html
Reference: XF:ja-xklock-bo(6073)

Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to
gain root privileges.


Modifications:
  ADDREF XF:ja-xklock-bo(6073)

INFERRED ACTION: CAN-2001-0221 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ja-xklock-bo(6073)


======================================================
Candidate: CAN-2001-0222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0222
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001-016
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
Reference: CALDERA:CSSA-2001-004.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
Reference: XF:linux-webmin-tmpfiles
Reference: URL:http://xforce.iss.net/static/6011.php

webmin 0.84 and earlier allows local users to overwrite and create
arbitrary files via a symlink attack.

INFERRED ACTION: CAN-2001-0222 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0230
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:22
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html
Reference: XF:dc20ctrl-port-bo(6077)

Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly
other operating systems, allows local users to gain privileges.


Modifications:
  ADDREF XF:dc20ctrl-port-bo(6077)

INFERRED ACTION: CAN-2001-0230 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:dc20ctrl-port-bo(6077)


======================================================
Candidate: CAN-2001-0233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0233
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
Reference: DEBIAN:DSA-012
Reference: URL:http://www.debian.org/security/2001/dsa-012
Reference: FREEBSD:FreeBSD-SA-01:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
Reference: REDHAT:RHSA-2001:005-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html
Reference: XF:micq-sprintf-remote-bo(5962)
Reference: URL:http://xforce.iss.net/static/5962.php

Buffer overflow in micq client 0.4.6 and earlier allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long Description field.

INFERRED ACTION: CAN-2001-0233 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Lawler, Ziese, Frech


======================================================
Candidate: CAN-2001-0234
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0234
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570
Reference: XF:newsdaemon-gain-admin-access
Reference: URL:http://xforce.iss.net/static/6010.php

NewsDaemon before 0.21b allows remote attackers to execute arbitrary
SQL queries and gain privileges via a malformed user_username
parameter.

INFERRED ACTION: CAN-2001-0234 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Lawler, Frech
   NOOP(1) Ziese


======================================================
Candidate: CAN-2001-0259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0259
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
Reference: BID:2222
Reference: URL:http://www.securityfocus.com/bid/2222
Reference: XF:ssh-rpc-private-key
Reference: URL:http://xforce.iss.net/static/5963.php

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local
attackers to recover a SUN-DES-1 magic phrase generated by another
user, which the attacker can use to decrypt that user's private key
file.


Modifications:
  ADDREF CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html

INFERRED ACTION: CAN-2001-0259 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Cole, Bishop
   NOOP(1) Wall

Voter Comments:
 Frech> "SSH1 Secure RPC Vulnerability" at
   http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html


======================================================
Candidate: CAN-2001-0260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0260
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
Reference: XF:lotus-domino-smtp-bo
Reference: URL:http://xforce.iss.net/static/5993.php
Reference: BID:2283
Reference: URL:http://www.securityfocus.com/bid/2283

Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a
remote attacker to crash the server or execute arbitrary code via a
long "RCPT TO" command.

INFERRED ACTION: CAN-2001-0260 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Frech, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0266
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBUX0102-143
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html

Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier
allows local users to gain privileges.

INFERRED ACTION: CAN-2001-0266 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0267
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-008
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-nmdebug-gain-privileges(6226)

NM debug in HP MPE/iX 6.5 and earlier does not properly handle
breakpoints, which allows local users to gain privileges.


Modifications:
  ADDREF XF:hp-nmdebug-gain-privileges(6226)

INFERRED ACTION: CAN-2001-0267 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:hp-nmdebug-gain-privileges(6226)


======================================================
Candidate: CAN-2001-0268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0268
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: NETBSD:NetBSD-SA:2001-002
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
Reference: BUGTRAQ:20010219 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Reference: URL:http://www.openbsd.org/errata.html#userldt
Reference: XF:user-ldt-validation(6222)

NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local users
to gain root privileges by accessing kernel memory via a segment call
gate when the USER_LDT kernel option is enabled.


Modifications:
  ADDREF XF:user-ldt-validation(6222)

INFERRED ACTION: CAN-2001-0268 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:user-ldt-validation(6222)


======================================================
Candidate: CAN-2001-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0274
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010214 Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
Reference: BUGTRAQ:20010303 Re: Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html
Reference: XF:kicq-execute-commands(6112)

kicq IRC client 1.0.0, and possibly later versions, allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.


Modifications:
  ADDREF XF:kicq-execute-commands(6112)

INFERRED ACTION: CAN-2001-0274 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:kicq-execute-commands(6112)


======================================================
Candidate: CAN-2001-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0278
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-009
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-linkeditor-gain-privileges(6223)

Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local
users to gain privileges.


Modifications:
  ADDREF XF:hp-linkeditor-gain-privileges(6223)

INFERRED ACTION: CAN-2001-0278 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:hp-linkeditor-gain-privileges(6223)


======================================================
Candidate: CAN-2001-0279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0279
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
Reference: MANDRAKE:MDKSA-2001:024
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
Reference: DEBIAN:DSA-031
Reference: URL:http://www.debian.org/security/2001/dsa-031
Reference: CONECTIVA:CLA-2001:381
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to
gain root privileges.

INFERRED ACTION: CAN-2001-0279 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0284
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a malformed Authentication
header (AH) IPv4 option.

INFERRED ACTION: CAN-2001-0284 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0287
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm

VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to
cause a denial of service (system panic) via the -L option to the
lltstat command.

INFERRED ACTION: CAN-2001-0287 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(2) Wall, Dik

Voter Comments:
 Dik> No insight in veritas bugs


======================================================
Candidate: CAN-2001-0288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0288
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

Cisco switches and routers running IOS 12.1 and earlier produce
predictable TCP Initial Sequence Numbers (ISNs), which allows remote
attackers to spoof or hijack TCP connections.

INFERRED ACTION: CAN-2001-0288 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0289
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Reference: MANDRAKE:MDKSA-2001:026
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
Reference: DEBIAN:DSA-041
Reference: URL:http://www.debian.org/security/2001/dsa-041
Reference: REDHAT:RHSA-2001:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html

Joe text editor 2.8 searches the current working directory (CWD) for
the .joerc configuration file, which could allow local users to gain
privileges of other users by placing a Trojan Horse .joerc file into a
directory, then waiting for users to execute joe from that directory.

INFERRED ACTION: CAN-2001-0289 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0290
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html

Vulnerability in Mailman 2.0.1 and earlier allows list administrators
to obtain user passwords.

INFERRED ACTION: CAN-2001-0290 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0295
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2
Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
Reference: BID:2444
Reference: URL:http://www.securityfocus.com/bid/2444

Directory traversal vulnerability in War FTP 1.67.04 allows remote
attackers to list directory contents and possibly read files via a
"dir *./../.." command.

INFERRED ACTION: CAN-2001-0295 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0299
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20001127 Nokia firewalls
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2
Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2
Reference: XF:nokia-ip440-bo(5640)
Reference: BID:2054
Reference: URL:http://www.securityfocus.com/bid/2054

Buffer overflow in Voyager web administration server for Nokia IP440
allows local users to cause a denial of service, and possibly execute
arbitrary commands, via a long URL.


Modifications:
  ADDREF XF:nokia-ip440-bo(5640)

INFERRED ACTION: CAN-2001-0299 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Cole, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:nokia-ip440-bo(5640)


======================================================
Candidate: CAN-2001-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0301
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Security advisory for analog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
Reference: CONFIRM:http://www.analog.cx/security2.html
Reference: REDHAT:RHSA-2001:017
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
Reference: DEBIAN:DSA-033
Reference: URL:http://www.debian.org/security/2001/dsa-033
Reference: BID:2377
Reference: URL:http://www.securityfocus.com/bid/2377
Reference: XF:analog-alias-bo(6105)

Buffer overflow in Analog before 4.16 allows remote attackers to
execute arbitrary commands by using the ALIAS command to construct
large strings.


Modifications:
  ADDREF XF:analog-alias-bo(6105)

INFERRED ACTION: CAN-2001-0301 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:analog-alias-bo(6105)


======================================================
Candidate: CAN-2001-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0309
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html
Reference: XF:inetd-internal-socket-dos(6380)

inetd in Red Hat 6.2 does not properly close sockets for internal
services such as chargen, daytime, echo, etc., which allows remote
attackers to cause a denial of service via a series of connections to
the internal services.


Modifications:
  ADDREF XF:inetd-internal-socket-dos(6380)

INFERRED ACTION: CAN-2001-0309 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:inetd-internal-socket-dos(6380)


======================================================
Candidate: CAN-2001-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0310
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
Reference: XF:sort-temp-file-abort
Reference: URL:http://xforce.iss.net/static/6038.php

sort in FreeBSD 4.1.1 and earlier, and possibly other operating
systems, uses predictable temporary file names and does not properly
handle when the temporary file already exists, which causes sort to
crash and possibly impacts security-sensitive scripts.

INFERRED ACTION: CAN-2001-0310 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Bishop, Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0311
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBUX0102-142
Reference: HPBUG:PHSS_22914
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
Reference: HPBUG:PHSS_22915
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html
Reference: XF:omniback-unauthorized-access(6434)

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows
attackers to gain unauthorized access to an ImniBack client.


Modifications:
  ADDREF XF:omniback-unauthorized-access(6434)
  ADDREF HP:HPSBUX0102-142

INFERRED ACTION: CAN-2001-0311 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:omniback-unauthorized-access(6434)
   In description should be "OmniBack" instead of "Imniback"
   Add Reference: Hewlett-Packard Company Security Bulletin
   HPSBUX0102-142
   URL:http://www.securityfocus.com/advisories/3160


======================================================
Candidate: CAN-2001-0316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0316
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: XF:linux-sysctl-read-memory(6079)

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and
possibly gain privileges via a negative argument to the sysctl call.


Modifications:
  ADDREF XF:linux-sysctl-read-memory(6079)

INFERRED ACTION: CAN-2001-0316 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-sysctl-read-memory(6079)


======================================================
Candidate: CAN-2001-0317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0317
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: XF:linux-ptrace-modify-process(6080)

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local
users to gain privileges by using ptrace to track and modify a running
setuid process.


Modifications:
  ADDREF XF:linux-ptrace-modify-process(6080)

INFERRED ACTION: CAN-2001-0317 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-ptrace-modify-process(6080)


======================================================
Candidate: CAN-2001-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0318
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2
Reference: BUGTRAQ:20010206 Response to ProFTPD issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: XF:proftpd-format-string(6433)

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to
execute arbitrary commands by shutting down the FTP server while using
a malformed working directory (cwd).


Modifications:
  ADDREF XF:proftpd-format-string(6433)

INFERRED ACTION: CAN-2001-0318 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Bishop, Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:proftpd-format-string(6433)


======================================================
Candidate: CAN-2001-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0319
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010205 IBM NetCommerce Security
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
Reference: BID:2350
Reference: URL:http://www.securityfocus.com/bid/2350
Reference: XF:ibm-netcommerce-reveal-information(6067)

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to
execute arbitrary SQL queries by inserting them into the order_rn
option of the report capability.


Modifications:
  ADDREF XF:ibm-netcommerce-reveal-information(6067)

INFERRED ACTION: CAN-2001-0319 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(5) Bishop, Bollinger, Wall, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ibm-netcommerce-reveal-information(6067)


======================================================
Candidate: CAN-2001-0326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0326
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: CF
Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html
Reference: XF:oracle-jvm-file-permissions(6438)

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle
Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to
read arbitrary files via the .jsp and .sqljsp file extensions when the
server is configured to use the <<ALL FILES>> FilePermission.


Modifications:
  ADDREF XF:oracle-jvm-file-permissions(6438)

INFERRED ACTION: CAN-2001-0326 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Bishop, Wall, Ziese, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:oracle-jvm-file-permissions(6438)

Page Last Updated or Reviewed: May 22, 2007