[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-60 - 43 candidates

I have proposed cluster RECENT-60 for review and voting by the
Editorial Board.

Name: RECENT-60
Description: Candidates announced between 3/22/2001 and 4/9/2001
Size: 43

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010322
Category: SF
Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp
Reference: CERT:CA-2001-07
Reference: URL:http://www.cert.org/advisories/CA-2001-07.html
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: FREEBSD:FreeBSD-SA-01:33
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html
Reference: BID:2548
Reference: URL:http://www.securityfocus.com/bid/2548

Buffer overflows in BSD-based FTP servers allows remote attackers to
execute arbitrary commands via a long pattern string containing a {}
sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4)
the glob0 buffer as used in the glob functions glob2 and glob3.

Analysis
----------------
ED_PRI CAN-2001-0247 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010322
Category: SF
Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp
Reference: CERT:CA-2001-07
Reference: URL:http://www.cert.org/advisories/CA-2001-07.html
Reference: BID:2552
Reference: URL:http://www.securityfocus.com/bid/2552

Buffer overflow in FTP server in HPUX 11 allows remote attackers to
execute arbitrary commands by creating a long pathname and calling the
STAT command, which uses glob to generate long strings.

Analysis
----------------
ED_PRI CAN-2001-0248 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0249
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010322
Category: SF/CF/MP/SA/AN/unknown
Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp
Reference: CERT:CA-2001-07
Reference: URL:http://www.cert.org/advisories/CA-2001-07.html
Reference: BID:2550
Reference: URL:http://www.securityfocus.com/bid/2550

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to
execute arbitrary commands by creating a long pathname and calling the
LIST command, which uses glob to generate long strings.

Analysis
----------------
ED_PRI CAN-2001-0249 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0371
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:30
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html
Reference: XF:ufs-ext2fs-data-disclosure
Reference: URL:http://xforce.iss.net/static/6268.php

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and
earlier, and possibly other operating systems, makes deleted data
available to user processes before it is zeroed out, which allows a
local user to access otherwise restricted information.

Analysis
----------------
ED_PRI CAN-2001-0371 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0379
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0103-147
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html

Vulnerability in the newgrp program included with HP9000 servers
running HP-UX 11.11 allows a local attacker to obtain higher access
rights.

Analysis
----------------
ED_PRI CAN-2001-0379 1
Vendor Acknowledgement: yes advisory

There is insufficient information to be certain if this is related to
CVE-2000-0730, which describes another newgrp problem, but for HP-UX
11.0.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0402
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2
Reference: FREEBSD:FreeBSD-SA-01:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html

IPFilter 3.4.16 and earlier does not include sufficient session
information in its cache, which allows remote attackers to bypass
access restrictions by sending fragmented packets to a restricted port
after sending unfragmented packets to an unrestricted port.

Analysis
----------------
ED_PRI CAN-2001-0402 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0408
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:035
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
Reference: REDHAT:RHSA-2001:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: BUGTRAQ:20010329 Immunix OS Security update for vim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2
Reference: BID:2510
Reference: URL:http://www.securityfocus.com/bid/2510
Reference: XF:vim-elevate-privileges
Reference: URL:http://xforce.iss.net/static/6259.php

vim (aka gvim) processes VIM control codes that are embedded in a
file, which could allow attackers to execute arbitrary commands when
another user opens a file containing malicious VIM control codes.

Analysis
----------------
ED_PRI CAN-2001-0408 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0409
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt

vim (aka gvim) allows local users to modify files being edited by
other users via a symlink attack on the backup and swap files, when
the victim is editing the file in a world writeable directory.

Analysis
----------------
ED_PRI CAN-2001-0409 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0412
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml

Cisco Content Services (CSS) switch products 11800 and earlier, aka
Arrowpoint, allows local users to gain privileges by entering debug
mode.

Analysis
----------------
ED_PRI CAN-2001-0412 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0414
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2
Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2
Reference: REDHAT:RHSA-2001:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html
Reference: CALDERA:CSSA-2001-013
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
Reference: MANDRAKE:MDKSA-2001:036
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
Reference: DEBIAN:DSA-045
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2
Reference: NETBSD:NetBSD-SA2001-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
Reference: SUSE:SuSE-SA:2001:10
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
Reference: CONECTIVA:CLA-2001:392
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
Reference: FREEBSD:FreeBSD-SA-01:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
Reference: SCO:SSE073
Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr
Reference: SCO:SSE074
Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr
Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2
Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2
Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2
Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2
Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
Reference: BID:2540
Reference: URL:http://www.securityfocus.com/bid/2540

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and
xntp3) allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a long readvar argument.

Analysis
----------------
ED_PRI CAN-2001-0414 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0427
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0427
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Reference: XF:cisco-vpn-telnet-dos
Reference: URL:http://xforce.iss.net/static/6298.php

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote
attackers to cause a denial of service via a flood of invalid login
requests to (1) the SSL service, or (2) the telnet service, which do
not properly disconnect the user after several failed login attempts.

Analysis
----------------
ED_PRI CAN-2001-0427 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010402
Category: SF
Reference: ATSTAKE:A040901-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers
to create files in arbitrary locations via a malformed ASCII armored
file.

Analysis
----------------
ED_PRI CAN-2001-0265 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0372
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010323 FW: Akopia Interchange E-commerce Package Demo Files Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0337.html
Reference: CONFIRM:http://lists.akopia.com/pipermail/interchange-announce/2001/000009.html
Reference: BID:2499
Reference: URL:http://www.securityfocus.com/bid/2499
Reference: XF:akopia-interchange-gain-access
Reference: URL:http://xforce.iss.net/static/6273.php

Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a
default group account :backup with no password, which allows a remote
attacker to gain administrative access via the demo stores (1) barry,
(2) basic, or (3) construct.

Analysis
----------------
ED_PRI CAN-2001-0372 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0377
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
Reference: XF:inframail-post-dos
Reference: URL:http://xforce.iss.net/static/6297.php

Infradig Inframail prior to 3.98a allows a remote attacker to create a
denial of service via a malformed POST request which includes a space
followed by a large string.

Analysis
----------------
ED_PRI CAN-2001-0377 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0383
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010401 Php-nuke exploit...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to
modify banner ad URL's by directly calling the Change operation, which
does not require authentication.

Analysis
----------------
ED_PRI CAN-2001-0383 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0413
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2
Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2
Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
Reference: BUGTRAQ:20010409 BINTEC X1200
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2

BinTec X4000 Access router, and possibly other versions, allows remote
attackers to cause a denial of service via a SYN port scan, which
causes the router to hang.

Analysis
----------------
ED_PRI CAN-2001-0413 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0465
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0465
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010405
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2
Reference: CONFIRM:http://www.turbotax.com/atr/update/

TurboTax saves passwords in a temporary file when a user imports
investment tax information from a financial institution, which could
allow local users to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-2001-0465 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0482
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0485.html

Configuration error in Argus PitBull LX allows root users to bypass
specified access control restrictions and cause a denial of service or
execute arbitrary commands by modifying kernel variables such as
MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to
sysctl.

Analysis
----------------
ED_PRI CAN-2001-0482 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0263
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010402
Category: SF
Reference: ATSTAKE:A040301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040301-1.txt

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to
read file attributes outside of the web root via the "SIZE" and "MDTM"
commands when the "show relative paths" option is not enabled.

Analysis
----------------
ED_PRI CAN-2001-0263 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010402
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A040301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040301-1.txt
Reference: BID:2534
Reference: URL:http://www.securityfocus.com/bid/2534

Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote
attackers to obtain NETBIOS credentials by requesting information on a
file that is in a network share, which causes the server to send the
credentials to the host that owns the share, and allows the attacker
to sniff the connection.

Analysis
----------------
ED_PRI CAN-2001-0264 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0373
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010323 NT crash dump files insecure by default
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html
Reference: BID:2501
Reference: URL:http://www.securityfocus.com/bid/2501
Reference: XF:win-userdmp-insecure-permission
Reference: URL:http://xforce.iss.net/static/6275.php

The default configuration of the Dr. Watson program in Windows NT and
Windows 2000 generates user.dmp crash dump files with world-readable
permissions, which could allow a local user to gain access to
sensitive information.

Analysis
----------------
ED_PRI CAN-2001-0373 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0374
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: COMPAQ:SSRT0715
Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory.html
Reference: BUGTRAQ:20010322 Compaq Insight Manager Proxy Vuln
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q1/0779.html
Reference: XF:compaq-wbm-bypass-proxy
Reference: URL:http://xforce.iss.net/static/6264.php

The HTTP server in Compaq web-enabled management software for (1)
Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability
Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager
can be used as a generic proxy server, which allows remote attackers
to bypass access restrictions via the management port, 2301.

Analysis
----------------
ED_PRI CAN-2001-0374 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa
authentication to a TACACS+ server allows a remote attacker to cause
a denial of service via a large number (approximately 426) of
authentication requests.

Analysis
----------------
ED_PRI CAN-2001-0375 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0376
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0376
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010327 SonicWall IKE pre-shared key length bug and security concern
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0403.html
Reference: XF:sonicwall-ike-shared-keys
Reference: URL:http://xforce.iss.net/static/6304.php

SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC
with IKE pre-shared keys do not allow for the use of full 128 byte IKE
pre-shared keys, which is the intended design of the IKE pre-shared
key, and only support 48 byte keys.  This allows a remote attacker to
brute force attack the pre-shared keys with significantly less
resources than if the full 128 byte IKE pre-shared keys were used.

Analysis
----------------
ED_PRI CAN-2001-0376 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0380
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:200103 ILMI community in olicom/crosscomm routers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0364.html

Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2
allows a remote attacker SNMP read and write access via a default,
undocumented community string 'ILMI'.

Analysis
----------------
ED_PRI CAN-2001-0380 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0382
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: NTBUGTRAQ:20010327 CA CCC\Harvest exploit
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q2/0001.html

Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak
encryption for passwords, which allows a remote attacker to gain
privileges on the application.

Analysis
----------------
ED_PRI CAN-2001-0382 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0392
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010403 def-2001-17: Navision Financials Server DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98633100728473&w=2
Reference: BID:2539
Reference: URL:http://www.securityfocus.com/bid/2539

Navision Financials Server 2.60 and earlier allows remote attackers to
cause a denial of service by sending a null character and a long
string to the server port (2407), which causes the server to crash.

Analysis
----------------
ED_PRI CAN-2001-0392 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0393
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 Re: def-2001-17: Navision Financials Server DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637870623514&w=2

Navision Financials Server 2.0 allows remote attackers to cause a
denial of service via a series of connections to the server without
providing a username/password combination, which consumes the license
limits.

Analysis
----------------
ED_PRI CAN-2001-0393 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0397
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010329 Silent Runner Collector - HELO buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0454.html

Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long SMTP HELO command.

Analysis
----------------
ED_PRI CAN-2001-0397 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0398
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010402 ~..~!guano
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html
Reference: BID:2530
Reference: URL:http://www.securityfocus.com/bid/2530

The BAT! mail client allows remote attackers to bypass user warnings
of an executable attachment and execute arbitrary commands via an
attachment whose file name contains many spaces, which also causes the
BAT!  to misrepresent the attachment's type with a different icon.

Analysis
----------------
ED_PRI CAN-2001-0398 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0399
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0399
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010403 CHINANSL Security Advisory(CSA-200111)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98633597813833&w=2
Reference: BID:2533
Reference: URL:http://www.securityfocus.com/bid/2533

Caucho Resin 1.3b1 and earlier allows remote attackers to read source
code for Javabean files by inserting a .jsp before the WEB-INF
specifier in an HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0399 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0401
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010327 Solaris /usr/bin/tip Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0394.html
Reference: XF:solaris-tip-bo
Reference: URL:http://xforce.iss.net/static/6284.php

Buffer overflow in tip in Solaris 8 and earlier allows local users to
execute arbitrary commands via a long HOME environmental variable.

Analysis
----------------
ED_PRI CAN-2001-0401 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0403
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010323 [ Hackerslab bug_paper ] SunOS application perfmon vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0326.html
Reference: XF:solaris-perfmon-create-files
Reference: URL:http://xforce.iss.net/static/6267.php

/opt/JSparm/bin/perfmon program in Solaris allows local users to
create arbitrary files as root via the Logging File option in the GUI.

Analysis
----------------
ED_PRI CAN-2001-0403 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0404
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0404
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 CHINANSL Security Advisory(CSA-200106)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98583089425166&w=2

Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK)
1.0.1 allows remote attackers to read arbitrary files via a .. (dot
dot) in an HTTP request to the WEB-INF directory.

Analysis
----------------
ED_PRI CAN-2001-0404 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0410
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0410
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010330 Virus Buster 2001(ver8.02) Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593642520755&w=2

Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long "From" header.

Analysis
----------------
ED_PRI CAN-2001-0410 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0411
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010406 Reliant Unix 5.43 / 5.44 ICMP port unreachable problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658209505849&w=2

Reliant Unix 5.44 and earlier allows remote attackers to cause a
denial of service via an ICMP port unreachable packet, which causes
Reliant to drop all connections to the source address of the packet.

Analysis
----------------
ED_PRI CAN-2001-0411 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0420
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0420
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010409 talkback.cgi vulnerability may allow users to read any file
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0128.html
Reference: BID:2547
Reference: URL:http://www.securityfocus.com/bid/2547

Directory traversal vulnerability in talkback.cgi program allows
remote attackers to read arbitrary files via a .. (dot dot) in the
article parameter.

Analysis
----------------
ED_PRI CAN-2001-0420 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0433
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0433
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010405 Savant 3.0 Denial Of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98655083231635&w=2

Buffer overflow in Savant 3.0 web server allows remote attackers to
cause a denial of service, and possibly execute arbitrary commands,
via a long Host HTTP header.

Analysis
----------------
ED_PRI CAN-2001-0433 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0446
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0446
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 CHINANSL Security Advisory(CSA-200107)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98583082225053&w=2

IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2
allows remote attackers to read source code for .jsp files by
appending a / to the requested URL.

Analysis
----------------
ED_PRI CAN-2001-0446 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0447
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0447
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010326 602Pro Lansuite Denial Of Service 1.0.34
Reference: URL:http://www.securityfocus.com/archive/1/171418
Reference: BID:2514
Reference: URL:http://www.securityfocus.com/bid/2514

Web configuration server in 602Pro LAN SUITE allows remote attackers
to cause a denial of service, and possibly execute arbitrary commands,
via a long HTTP request containing "%2e" (dot dot) characters.

Analysis
----------------
ED_PRI CAN-2001-0447 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0448
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0448
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010326 602Pro Lansuite Denial Of Service 1.0.34
Reference: URL:http://www.securityfocus.com/archive/1/171418

Web configuration server in 602Pro LAN SUITE allows remote attackers
to cause a denial of service via an HTTP GET HTTP request to the aux
directory, and possibly other directories with legacy DOS device
names.

Analysis
----------------
ED_PRI CAN-2001-0448 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0466
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0466
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010403 new advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98633176230748&w=2

Directory traversal vulnerability in ustorekeeper 1.61 allows remote
attackers to read arbitrary files via a .. (dot dot) in the file
parameter.

Analysis
----------------
ED_PRI CAN-2001-0466 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0483
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0483
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010324 Raptor 6.5 http vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0359.html
Reference: BUGTRAQ:20010327 RE: Raptor 6.5 http vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/171953
Reference: BID:2517
Reference: URL:http://www.securityfocus.com/bid/2517

Configuration error in Axent Raptor Firewall 6.5 allows remote
attackers to use the firewall as a proxy to access internal web
resources when the http.noproxy Rule is not set.

Analysis
----------------
ED_PRI CAN-2001-0483 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007