[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-63 - 32 candidates

I have proposed cluster RECENT-63 for review and voting by the
Editorial Board.  The CVE voting web site will be updated early Friday
afternoon.

Name: RECENT-63
Description: Candidates announced between 1/22/2001 and 3/30/2001
Size: 32

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0560
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0560
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010210 vixie cron possible local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
Reference: AIX-APAR:IY17048
Reference: AIX-APAR:IY17261
Reference: MANDRAKE:MDKSA-2001:022
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
Reference: REDHAT:RHSA-2001-014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html
Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
Reference: XF:vixie-crontab-bo(6098)
Reference: URL:http://xforce.iss.net/static/6098.php

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local
attacker to gain additional privileges via a long username (> 20
characters).

Analysis
----------------
ED_PRI CAN-2001-0560 1
Vendor Acknowledgement: unknown

There is a question as to whether or not this is exploitable.  To
create a name longer than 20 characters might require root privileges.
However, many vendors have released security advisories, and it is
possible that some non-root users could be assigned privileges or
capabilities to add users.  Other scenarios are discussed in the long
thread on Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0606
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0606
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: HP:HPSBUX0102-139
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0041.html

Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with
VirtualVault A.04.00 allows a remote attacker to create a denial of
service via the HTTPS service.

Analysis
----------------
ED_PRI CAN-2001-0606 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0607
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0607
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: CF
Reference: HP:HPSBUX0103-145
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0080.html

asecure as included with HP-UX 10.01 through 11.00 can allow a local
attacker to create a denial of service and gain additional privileges
via unsafe permissions on the asecure program.

Analysis
----------------
ED_PRI CAN-2001-0607 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0608
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0608
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: HP:HPSBMP0103-011
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0087.html

HP architected interface facility (AIF) as includes with MPE/iX 5.5
through 6.5 running on a HP3000 allows an attacker to gain additional
privileges and gain access to databases via the AIF - AIFCHANGELOGON
program.

Analysis
----------------
ED_PRI CAN-2001-0608 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0589
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0589
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
Reference: BID:2523
Reference: URL:http://www.securityfocus.com/bid/2523

NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and
Netscreen-100 can allow a local attacker to bypass the DMZ 'denial'
policy via specific traffic patterns.

Analysis
----------------
ED_PRI CAN-2001-0589 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0591
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0591
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html
Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
Reference: BID:2286
Reference: URL:http://www.securityfocus.com/bid/2286

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1
and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read
or execute arbitrary .jsp files via a '..' (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-0591 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0631
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html

Centrinity First Class Internet Services 5.50 allows for the
circumventing of the default 'spam' filters via the presence of '<@>'
in the 'From:' field, which allows remote attackers to send spoofed
email with the identity of local users.

Analysis
----------------
ED_PRI CAN-2001-0631 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0634
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0634
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: CF
Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

Sun Chili!Soft ASP on multiple Unixes has weak permissions on various
configuration files, which allows a local attacker to gain additional
privileges and create a denial of service.

Analysis
----------------
ED_PRI CAN-2001-0634 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0357
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010310 CORRECTION to CODE: FormMail.pl can be used to send anonymous email
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98433523520344&w=2
Reference: XF:formmail-anonymous-flooding
Reference: URL:http://xforce.iss.net/static/6242.php

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to
send anonymous email (spam) by modifying the recipient and message
paramaters.

Analysis
----------------
ED_PRI CAN-2001-0357 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0394
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
Reference: XF:website-pro-remote-dos
Reference: URL:http://xforce.iss.net/static/6295.php

Remote manager service in Website Pro 3.0.37 allows remote attackers
to cause a denial of service via a series of malformed HTTP requests
to the /dyn directory.

Analysis
----------------
ED_PRI CAN-2001-0394 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0556
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...)
Reference: URL:http://www.securityfocus.com/archive/1/180237
Reference: CONFIRM:http://www.nedit.org/archives/develop/2001-Feb/0391.html
Reference: SUSE:SuSE-SA:2001:14
Reference: URL:http://www.suse.de/de/support/security/2001_014_nedit.txt
Reference: MANDRAKE:MDKSA-2001:042
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
Reference: DEBIAN:DSA-053
Reference: URL:http://www.debian.org/security/2001/dsa-053
Reference: REDHAT:RHSA-2001:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-061.html
Reference: BID:2667
Reference: URL:http://www.securityfocus.com/bid/2667

The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker
to overwrite other users' files via a symlink attack on (1) backup
files or (2) temporary files used when nedit prints a file or portions
of a file.

Analysis
----------------
ED_PRI CAN-2001-0556 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0564
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0564
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html

APC Web/SNMP Management Card prior to Firmware 310 only supports one
telnet connection, which allows a remote attacker to create a denial
of service via repeated failed logon attempts which temporarily locks
the card.

Analysis
----------------
ED_PRI CAN-2001-0564 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0568
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0568
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
Reference: MANDRAKE:MDKSA-2001:025
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
Reference: DEBIAN:DSA-043
Reference: URL:http://www.debian.org/security/2001/dsa-043
Reference: REDHAT:RHSA-2001:021
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html
Reference: CONECTIVA:CLA-2001:382
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker
(Zope user) with through-the-web scripting capabilities to alter
ZClasses class attributes.

Analysis
----------------
ED_PRI CAN-2001-0568 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0569
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
Reference: MANDRAKE:MDKSA-2001:025
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
Reference: DEBIAN:DSA-043
Reference: URL:http://www.debian.org/security/2001/dsa-043
Reference: REDHAT:RHSA-2001:021
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html
Reference: CONECTIVA:CLA-2001:382
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the
method return values related to the classes (1) ObjectManager, (2)
PropertyManager, and (3) PropertySheet.

Analysis
----------------
ED_PRI CAN-2001-0569 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0571
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0571
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010323 Elron IM Products Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98538867727489&w=2
Reference: BUGTRAQ:20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98567864203963&w=2
Reference: BUGTRAQ:20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html
Reference: BID:2519
Reference: URL:http://www.securityfocus.com/bid/2519
Reference: BID:2520
Reference: URL:http://www.securityfocus.com/bid/2520

Directory traversal vulnerability in the web server for (1) Elron
Internet Manager (IM) Message Inspector and (2) Anti-Virus before
3.0.4 allows remote attackers to read arbitrary files via a .. (dot
dot) in the requested URL.

Analysis
----------------
ED_PRI CAN-2001-0571 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0572
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0572
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010318 Passive Analysis of SSH (Secure Shell) Traffic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html
Reference: CONECTIVA:CLA-2001:391
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391
Reference: REDHAT:RHSA-2001:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-033.html
Reference: MANDRAKE:MDKSA-2001:033
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and
other packages have various weaknesses which can allow a remote
attacker to obtain the following information via sniffing: (1)
password lengths or ranges of lengths, which simplifies brute force
password guessing, (2) whether RSA or DSA authentication is being
used, (3) the number of authorized_keys in RSA authentication, or (4)
the lengths of shell commands.

Analysis
----------------
ED_PRI CAN-2001-0572 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0575
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0575
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpshut)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html
Reference: XF:sco-openserver-lpshut-bo(6290)
Reference: URL:http://xforce.iss.net/static/6290.php

Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local
attacker to gain additional privileges via a long first argument to
lpshut.

Analysis
----------------
ED_PRI CAN-2001-0575 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Since lpshut, lpadmin, lpforms, and lpusers all appear in the same
package in the same version, it is possible that the vulnerability is
in a library, and CD:SF-LOC would suggest combining these into the
same candidate; if they are fixed in the same version, then even if
the problems don't appear in the same library, then CD:SF-LOC would
suggest combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0576
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpusers)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html
Reference: XF:sco-openserver-lpusers-bo(6292)
Reference: URL:http://xforce.iss.net/static/6292.php

lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a
local attacker to gain additional privileges via a buffer overflow
attack in the '-u' command line parameter.

Analysis
----------------
ED_PRI CAN-2001-0576 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Since lpshut, lpadmin, lpforms, and lpusers all appear in the same
package in the same version, it is possible that the vulnerability is
in a library, and CD:SF-LOC would suggest combining these into the
same candidate; if they are fixed in the same version, then even if
the problems don't appear in the same library, then CD:SF-LOC would
suggest combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0577
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0577
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (recon)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html
Reference: XF:sco-openserver-recon-bo(6289)
Reference: URL:http://xforce.iss.net/static/6289.php

recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker
to gain additional privileges via a buffer overflow attack in the
first command line argument.

Analysis
----------------
ED_PRI CAN-2001-0577 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0578
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0578
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpforms)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html
Reference: XF:sco-openserver-lpforms-bo(6293)
Reference: URL:http://xforce.iss.net/static/6293.php

Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a
local attacker to gain additional privileges via a long first argument
to the lpforms command.

Analysis
----------------
ED_PRI CAN-2001-0578 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Since lpshut, lpadmin, lpforms, and lpusers all appear in the same
package in the same version, it is possible that the vulnerability is
in a library, and CD:SF-LOC would suggest combining these into the
same candidate; if they are fixed in the same version, then even if
the problems don't appear in the same library, then CD:SF-LOC would
suggest combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0579
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0579
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpadmin)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html
Reference: XF:sco-openserver-lpadmin-bo(6291)
Reference: URL:http://xforce.iss.net/static/6291.php

lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain
additional privileges via a buffer overflow attack in the first
argument to the command.

Analysis
----------------
ED_PRI CAN-2001-0579 3
Vendor Acknowledgement: unknown

Since lpshut, lpadmin, lpforms, and lpusers all appear in the same
package in the same version, it is possible that the vulnerability is
in a library, and CD:SF-LOC would suggest combining these into the
same candidate; if they are fixed in the same version, then even if
the problems don't appear in the same library, then CD:SF-LOC would
suggest combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0583
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0583
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010315 def-2001-11: MDaemon 3.5.4 Dos-Device DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0188.html
Reference: XF:mdaemon-webservices-dos(6240)
Reference: URL:http://xforce.iss.net/static/6240.php

Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a
denial of service via the URL request of a MS-DOS device (such as GET
/aux) to (1) the Worldclient service at port 3000, or (2) the
Webconfig service at port 3001.

Analysis
----------------
ED_PRI CAN-2001-0583 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0584
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0584
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010325 MDaemon IMAP Denial Of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0365.html
Reference: BID:2508
Reference: URL:http://www.securityfocus.com/bid/2508
Reference: XF:mdaemon-imap-command-dos(6279)
Reference: URL:http://xforce.iss.net/static/6279.php

IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to
cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE
commands.

Analysis
----------------
ED_PRI CAN-2001-0584 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0585
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
Reference: BID:2494
Reference: URL:http://www.securityfocus.com/bid/2494
Reference: XF:ntmail-long-url-dos(6249)
Reference: URL:http://xforce.iss.net/static/6249.php

Gordano NTMail 6.0.3c allows a remote attacker to create a denial of
service via a long (>= 255 characters) URL request to port 8000 or
port 9000.

Analysis
----------------
ED_PRI CAN-2001-0585 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0586
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0586
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html

TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local
attacker to recover the administrative credentials for ScanMail via a
combination of unprotected registry keys and weakly encrypted
passwords.

Analysis
----------------
ED_PRI CAN-2001-0586 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0587
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0587
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (deliver)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html
Reference: XF:sco-openserver-deliver-bo(6302)
Reference: URL:http://xforce.iss.net/static/6302.php

deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a
local attacker to gain additional privileges via a buffer overflow in
the first argument to the command.

Analysis
----------------
ED_PRI CAN-2001-0587 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0588
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0588
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (sendmail 8.9.3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0417.html

sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO
OpenServer 5.0.6, can allow a local attacker to gain additional
privileges via a buffer overflow in the first argument to the command.

Analysis
----------------
ED_PRI CAN-2001-0588 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0593
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0593
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
Reference: BID:2512
Reference: URL:http://www.securityfocus.com/bid/2512
Reference: XF:anaconda-clipper-directory-traversal(6286)
Reference: URL:http://xforce.iss.net/static/6286.php

Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to
read arbitrary files via a '..' (dot dot) attack in the template
parameter.

Analysis
----------------
ED_PRI CAN-2001-0593 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0605
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0605
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010226 My Getright Unsupervised File Download Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98321819112158&w=2

Headlight Software MyGetright prior to 1.0b allows a remote attacker
to upload and/or overwrite arbitrary files via a malicious .dld
(skins-data) file which contains long strings of random data.

Analysis
----------------
ED_PRI CAN-2001-0605 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0626
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0626
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
Reference: BID:2488
Reference: URL:http://www.securityfocus.com/bid/2488

O'Reilly Website Professional 2.5.4 and earlier allows remote
attackers to determine the physical path to the root directory via a
URL request containing a ":" character.

Analysis
----------------
ED_PRI CAN-2001-0626 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0632
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0632
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: CF
Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin
username and password in the default installation, which can allow a
remote attacker to gain additional privileges.

Analysis
----------------
ED_PRI CAN-2001-0632 3
Vendor Acknowledgement: yes followup
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0633
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0633
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

Directory traversal vulnerability in Sun Chili!Soft ASP on multiple
Unixes allows a remote attacker to read arbitrary files above the web
root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.

Analysis
----------------
ED_PRI CAN-2001-0633 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-CODEBASE

A file named codebrws.asp was once shipped with IIS and SiteServer
(CAN-1999-0739), and it sounds like it had a directory traversal
problem based on related ASP files.a Is this the same codebrws.asp?
If so, then CD:SF-CODEBASE says to combine this item with
CAN-1999-0739.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007