[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1997 - 59 candidates

I am proposing cluster LEGACY-MISC-1997 for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1997
Description: Legacy candidates announced in 1997 and earlier
Size: 59

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2
Reference: XF:kerberos-user-grab(65)
Reference: URL:http://xforce.iss.net/static/65.php

Kerberos 4 allows remote attackers to obtain sensitive information via
a malformed UDP packet that generates an error string which
inadvertently includes the realm name and the last user.

Analysis
----------------
ED_PRI CAN-1999-1099 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1208
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1208
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2
Reference: XF:ping-bo(803)
Reference: URL:http://xforce.iss.net/static/803.php

Buffer overflow in ping in AIX 4.2 and earlier allows local users to
gain root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-1999-1208 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1263
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19971024 Vulnerability in metamail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2
Reference: XF:metamail-file-creation(1677)
Reference: URL:http://xforce.iss.net/static/1677.php

Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary
files via an e-mail message containing a uuencoded attachment that
specifies the full pathname for the file to be modified, which is
processed by uuencode in Metamail scripts such as sun-audio-file.

Analysis
----------------
ED_PRI CAN-1999-1263 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2
Reference: BUGTRAQ:19970105 BoS:  serious security bug in wu-ftpd v2.4 -- PATCH
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR
(abort file transfer) command is executed during a file transfer,
which causes a signal to be handled incorrectly and allows local and
possibly remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1326 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1402
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2
Reference: BID:456
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=456

The access permissions for a UNIX domain socket are ignored in Solaris
2.x and SunOS 4.x, and other BSD-based operating systems before 4.4,
which could allow local users to connect to the socket and possibly
disrupt or control the operations of the program using that socket.

Analysis
----------------
ED_PRI CAN-1999-1402 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19941002
Reference: URL:http://www.securityfocus.com/archive/1/930
Reference: XF:sgi-serialports(2111)
Reference: URL:http://xforce.iss.net/static/2111.php
Reference: BID:464
Reference: URL:http://www.securityfocus.com/bid/464

serial_ports administrative program in IRIX 4.x and 5.x trusts the
user's PATH environmental variable to find and execute the ls program,
which allows local users to gain root privileges via a Trojan horse ls
program.

Analysis
----------------
ED_PRI CAN-1999-1022 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961220 Solaris 2.5 x86 aspppd (semi-exploitable-hole)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420343&w=2
Reference: BID:292
Reference: URL:http://www.securityfocus.com/bid/292

aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files
and gain root privileges via a symlink attack on the /tmp/.asppp.fifo
file.

Analysis
----------------
ED_PRI CAN-1999-1026 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19971004 HP Laserjet 4M Plus DirectJet Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2
Reference: XF:laserjet-unpassworded(1876)
Reference: URL:http://xforce.iss.net/static/1876.php

HP Laserjet printers with JetDirect cards, when configured with
TCP/IP, can be configured without a password, which allows remote
attackers to connect to the printer and change its IP address or
disable logging.

Analysis
----------------
ED_PRI CAN-1999-1061 3
Vendor Acknowledgement:
Content Decisions: DESIGN, CF-PASS

The initial posts seem to imply that the default configuration didn't
use a password.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971004 HP Laserjet 4M Plus DirectJet Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2
Reference: XF:laserjet-unpassworded(1876)
Reference: URL:http://xforce.iss.net/static/1876.php

HP Laserjet printers with JetDirect cards, when configured with
TCP/IP, allow remote attackers to bypass print filters by directly
sending PostScript documents to TCP ports 9099 and 9100.

Analysis
----------------
ED_PRI CAN-1999-1062 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420919&w=2
Reference: XF:sgi-machineinfo

SGI MachineInfo CGI program, installed by default on some web servers,
prints potentially sensitive system status information, which could be
used by remote attackers for information gathering activities.

Analysis
----------------
ED_PRI CAN-1999-1067 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970723 DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419366&w=2

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows
remote attackers to cause a denial of service via a long HTTP GET
request.

Analysis
----------------
ED_PRI CAN-1999-1068 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971108 Security bug in iCat Suite version 3.0
Reference: URL:http://www.securityfocus.com/archive/1/7943
Reference: BID:2126
Reference: URL:http://www.securityfocus.com/bid/2126
Reference: XF:icat-carbo-server-vuln(1620)
Reference: URL:http://xforce.iss.net/static/1620.php

Directory traversal vulnerability in carbo.dll in iCat Carbo Server
3.0.0 allows remote attackers to read arbitrary files via a .. (dot
dot) in the icatcommand parameter.

Analysis
----------------
ED_PRI CAN-1999-1069 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1081
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf8.html#Q87
Reference: MISC:http://www.roxanne.org/faqs/www-secure/wwwsf4.html#Q35
Reference: XF:http-nov-files(2054)
Reference: URL:http://xforce.iss.net/static/2054.php

Vulnerability in files.pl script in Novell WebServer Examples Toolkit
2 allows remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1081 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960903 [BUG] Vulnerability in TIN
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419835&w=2
Reference: BUGTRAQ:19960903 Re: BoS:      [BUG] Vulnerability in TIN
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419839&w=2
Reference: BUGTRAQ:19970329 symlink bug in tin/rtin
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420726&w=2
Reference: XF:tin-tmpfile(431)
Reference: URL:http://xforce.iss.net/static/431.php

UNIX news readers tin and rtin create the /tmp/.tin_log file with
insecure permissions and follow symlinks, which allows attackers to
modify the permissions of files writable by the user via a symlink
attack.

Analysis
----------------
ED_PRI CAN-1999-1091 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971006 KSR[T] Advisory #3: updatedb / crontabs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87619953510834&w=2
Reference: BUGTRAQ:19980303 updatedb stuff
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88890116304676&w=2
Reference: BUGTRAQ:19980303 updatedb: sort patch
Reference: BUGTRAQ:19980302 overwrite any file with updatedb
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88886870129518&w=2

sort creates temporary files and follows symbolic links, which allows
local users to modify arbitrary files that are writable by the user
running sort, as observed in updatedb and other programs that use
sort.

Analysis
----------------
ED_PRI CAN-1999-1095 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970919 Instresting practises of Oracle [Oracle Webserver]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019796&w=2

Oracle Webserver 2.1 and earlier runs setuid root, but the
configuration file is owned by the oracle account, which allows any
local or remote attacker who obtains access to the oracle account to
gain privileges or modify arbitrary files by modifying the
configuration file.

Analysis
----------------
ED_PRI CAN-1999-1125 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/NT/ie3.html
Reference: MISC:http://members.tripod.com/~unibyte/iebug3.htm

Internet Explorer 3.01 on Windows 95 allows remote malicious web sites
to execute arbitrary commands via a .isp file, which is automatically
downloaded and executed without prompting the user.

Analysis
----------------
ED_PRI CAN-1999-1128 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1141
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970515 MicroSolved finds hole in Ascom Timeplex Router Security
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420981&w=2
Reference: XF:ascom-timeplex-debug(1824)
Reference: URL:http://xforce.iss.net/static/1824.php

Ascom Timeplex router allows remote attackers to obtain sensitive
information or conduct unauthorized activities by entering debug mode
through a sequence of CTRL-D characters.

Analysis
----------------
ED_PRI CAN-1999-1141 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1165
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990721 old gnu finger bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93268249021561&w=2
Reference: BUGTRAQ:19950317 GNU finger 1.37 executes ~/.fingerrc with gid root
Reference: URL:http://www.securityfocus.com/archive/1/2478
Reference: BID:535
Reference: URL:http://www.securityfocus.com/bid/535

GNU fingerd 1.37 does not properly drop privileges before accessing
user information, which could allow local users to (1) gain root
privileges via a malicious program in the .fingerrc file, or (2) read
arbitrary files via symbolic links from .plan, .forward, or .project
files.

Analysis
----------------
ED_PRI CAN-1999-1165 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1182
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970717 KSR[T] Advisory #2: ld.so
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419318&w=2
Reference: BUGTRAQ:19970722 ld.so vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419351&w=2
Reference: BUGTRAQ:19980204 An old ld-linux.so hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88661732807795&w=2

Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for
Linux systems allows local users to gain privileges by calling a
setuid program with a long program name (argv[0]) and forcing
ld.so/ld-linux.so to report an error.

Analysis
----------------
ED_PRI CAN-1999-1182 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-EXEC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970513
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420967&w=2
Reference: BUGTRAQ:19970514 Re: ELM overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420970&w=2

Buffer overflow in Elm 2.4 and earlier allows local users to gain
privileges via a long TERM environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1184 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960102 rxvt security hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418966&w=2

rxvt, when compiled with the PRINT_PIPE option in various Linux
operating systems including Linux Slackware 3.0 and RedHat 2.1, allows
local users to gain root privileges by specifying a malicious program
using the -print-pipe command line parameter.

Analysis
----------------
ED_PRI CAN-1999-1186 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1187
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960826 [BUG] Vulnerability in PINE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419803&w=2
Reference: XF:pine-tmpfile(416)
Reference: URL:http://xforce.iss.net/static/416.php

Pine before version 3.94 allows local users to gain privileges via a
symlink attack on a lockfile that is created when a user receives new
mail.

Analysis
----------------
ED_PRI CAN-1999-1187 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1210
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971112 Digital Unix Security Problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87936891504885&w=2
Reference: XF:dec-xterm(613)
Reference: URL:http://xforce.iss.net/static/613.php

xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to
overwrite arbitrary files via a symlink attack on a core dump file,
which is created when xterm is called with a DISPLAY environmental
variable set to a display that xterm cannot access.

Analysis
----------------
ED_PRI CAN-1999-1210 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1217
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19970725 Re: NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2
Reference: NTBUGTRAQ:19970723 NT security - why bother?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2
Reference: XF:nt-path(526)
Reference: URL:http://xforce.iss.net/static/526.php

The PATH in Windows NT includes the current working directory (.),
which could allow local users to gain privileges by placing Trojan
horse programs with the same name as commonly used system programs
into certain directories.

Analysis
----------------
ED_PRI CAN-1999-1217 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1220
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1220
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970824 Vulnerability in Majordomo
Reference: URL:http://www.securityfocus.com/archive/1/7527
Reference: XF:majordomo-advertise(502)
Reference: URL:http://xforce.iss.net/static/502.php

Majordomo 1.94.3 and earlier allows remote attackers to execute
arbitrary commands when the advertise or noadvertise directive is used
in a configuration file, via shell metacharacters in the Reply-To
header.

Analysis
----------------
ED_PRI CAN-1999-1220 3
Vendor Acknowledgement:

This appears to be different than CVE-1999-0207, whose description
does not match its references. CVE-1999-0207 needs to be RECAST or
deprecated or something.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1221
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961117 Digital Unix v3.x (v4.x?) security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420141&w=2
Reference: XF:dgux-chpwd(399)
Reference: URL:http://xforce.iss.net/static/399.php

dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify
arbitrary files via a symlink attack on the dxchpwd.log file.

Analysis
----------------
ED_PRI CAN-1999-1221 3
Vendor Acknowledgement: unknown followup claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1224
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1224
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971008 L0pht Advisory: IMAP4rev1 imapd server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87635124302928&w=2
Reference: XF:imapd-core(349)
Reference: URL:http://xforce.iss.net/static/349.php

IMAP 4.1 BETA, and possibly other versions, does not properly handle
the SIGABRT (abort) signal, which allows local users to crash the
server (imapd) via certain sequences of commands, which causes a core
dump that may contain sensitive password information.

Analysis
----------------
ED_PRI CAN-1999-1224 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1225
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1225
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970824 Serious security flaw in rpc.mountd on several operating systems.
Reference: URL:http://www.securityfocus.com/archive/1/7526
Reference: XF:mountd-file-exists(347)
Reference: URL:http://xforce.iss.net/static/347.php

rpc.mountd on Linux, Ultrix, and possibly other operating systems,
allows remote attackers to determine the existence of a file on the
server by attempting to mount that file, which generates different
error messages depending on whether the file exists or not.

Analysis
----------------
ED_PRI CAN-1999-1225 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1230
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971224 Quake II Remote Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/8282
Reference: XF:quake2-dos(698)
Reference: URL:http://xforce.iss.net/static/698.php

Quake 2 server allows remote attackers to cause a denial of service
via a spoofed UDP packet with a source address of 127.0.0.1, which
causes the server to attempt to connect to itself.

Analysis
----------------
ED_PRI CAN-1999-1230 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1232
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970516 Irix and WWW
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420994&w=2
Reference: XF:sgi-day5datacopier(3316)
Reference: URL:http://xforce.iss.net/static/3316.php

day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable
to find the "cp" program, which allows local users to execute
arbitrary commands by modifying the PATH to point to a Trojan horse cp
program.

Analysis
----------------
ED_PRI CAN-1999-1232 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1240
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961126 Major Security Vulnerabilities in Remote CD Databases
Reference: URL:http://www.securityfocus.com/archive/1/5784
Reference: XF:cddbd-bo(2203)
Reference: URL:http://xforce.iss.net/static/2203.php

Buffer overflow in cddbd CD database server allows remote attackers to
execute arbitrary commands via a long log message.

Analysis
----------------
ED_PRI CAN-1999-1240 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970819 Lasso CGI security hole (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/7506
Reference: XF:http-cgi-lasso(2044)
Reference: URL:http://xforce.iss.net/static/2044.php

Vulnerability in CGI program in the Lasso application by Blue World,
as used on WebSTAR and other servers, allows remote attackers to read
arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1250 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971126 Xyplex terminal server bug
Reference: URL:http://www.securityfocus.com/archive/1/8134
Reference: XF:xyplex-controlz-login(1825)
Reference: URL:http://xforce.iss.net/static/1825.php
Reference: XF:xyplex-question-login(1826)
Reference: URL:http://xforce.iss.net/static/1826.php

Xyplex terminal server 6.0.1S1, and possibly other versions, allows
remote attackers to bypass the password prompt by entering (1) a
CTRL-Z character, or (2) a ? (question mark).

Analysis
----------------
ED_PRI CAN-1999-1257 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970613 rshd gives away usernames
Reference: URL:http://www.securityfocus.com/archive/1/6978
Reference: XF:rsh-username-leaks(1660)
Reference: URL:http://xforce.iss.net/static/1660.php

rsh daemon (rshd) generates different error messages when a valid
username is provided versus an invalid name, which allows remote
attackers to determine valid users on the system.

Analysis
----------------
ED_PRI CAN-1999-1266 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970505 Hole in the KDE desktop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420906&w=2
Reference: XF:kde-flawed-ipc(1646)
Reference: URL:http://xforce.iss.net/static/1646.php

KDE file manager (kfm) uses a TCP server for certain file operations,
which allows remote attackers to modify arbitrary files by sending a
copy command to the server.

Analysis
----------------
ED_PRI CAN-1999-1267 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1274
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971229 iPass RoamServer 3.1
Reference: URL:http://www.securityfocus.com/archive/1/8307
Reference: XF:ipass-temporary-files(1625)
Reference: URL:http://xforce.iss.net/static/1625.php

iPass RoamServer 3.1 creates temporary files with world-writable
permissions.

Analysis
----------------
ED_PRI CAN-1999-1274 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970908 Password unsecurity in cc:Mail release 8
Reference: URL:http://www.securityfocus.com/archive/1/9478
Reference: XF:lotus-ccmail-passwords(1619)
Reference: URL:http://xforce.iss.net/static/1619.php

Lotus cc:Mail release 8 stores the postoffice password in plaintext in
a hidden file which has insecure permissions, which allows local users
to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1275 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970509 Re: Irix: misc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2
Reference: XF:irix-addnetpr(1433)
Reference: URL:http://xforce.iss.net/static/1433.php

addnetpr in SGI IRIX 6.2 and earlier allows local users to modify
arbitrary files and possibly gain root access via a symlink attack on
a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1286 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19970429 vulnerabilities in kerberos
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420878&w=2

Buffer overflow in Kerberos IV compatibility libraries as used in
Kerberos V allows local users to gain root privileges via a long line
in a kerberos configuration file, which can be specified via the
KRB_CONF environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1296 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1299
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970203 Linux rcp bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420509&w=2

rcp on various Linux systems including Red Hat 4.0 allows a "nobody"
user or other user with UID of 65535 to overwrite arbitrary files,
since 65535 is interpreted as -1 by chown and other system calls,
which causes the calls to fail to modify the ownership of the file.

Analysis
----------------
ED_PRI CAN-1999-1299 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1380
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX
ActiveX control as safe for scripting, which allows remote attackers
to execute arbitrary commands via the run option through malicious web
pages that are accessed by browsers such as Internet Explorer 3.0.

Analysis
----------------
ED_PRI CAN-1999-1380 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1383
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960913 tee see shell problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419868&w=2
Reference: BUGTRAQ:19960919 Vulnerability in expansion of PS1 in bash & tcsh
Reference: URL:http://www.dataguard.no/bugtraq/1996_3/0503.html

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain
privileges via directory names that contain shell metacharacters (`
back-tick), which can cause the commands enclosed in the directory
name to be executed when the shell expands filenames using the \w
option in the PS1 variable.

Analysis
----------------
ED_PRI CAN-1999-1383 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

It seems likely that tcsh and bash share a common codebase, thus
CD:SF-CODEBASE would suggest combining them into a single entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1387
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970402 Fatal bug in NT 4.0 server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420731&w=2
Reference: BUGTRAQ:19970403 Fatal bug in NT 4.0 server (more comments)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420732&w=2
Reference: BUGTRAQ:19970407 DUMP of NT system crash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420741&w=2

Windows NT 4.0 SP2 allows remote attackers to cause a denial of
service (crash), possibly via malformed inputs or packets, such as
those generated by a Linux smbmount command that was compiled on the
Linux 2.0.29 kernel but executed on Linux 2.0.25.

Analysis
----------------
ED_PRI CAN-1999-1387 3
Vendor Acknowledgement:

It is possible that the crash has nothing to do with the SMB
implementation. For example, it could be that lower-level malformed
packets are being generated by the unusual smbmount client which are
triggering some TCP/IP level bug in WinNT 4.0 SP2.  This is important
in that this CAN could be describing a symptom of a problem that
already has a CAN or CVE associated with it.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1388
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19940513 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994
Reference: URL:http://www2.dataguard.no/bugtraq/1994_2/0197.html
Reference: BUGTRAQ:19940514 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX
Reference: URL:http://www2.dataguard.no/bugtraq/1994_2/0207.html
Reference: BUGTRAQ:19941218 Sun Patch Id #102060-01
Reference: URL:http://www.dataguard.no/bugtraq/1994_4/0755.html

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files
via a symlink attack and the -F command line argument.

Analysis
----------------
ED_PRI CAN-1999-1388 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1398
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970507 Irix: misc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420921&w=2
Reference: MISC:http://www.insecure.org/sploits/irix.xfsdump.html
Reference: BID:472
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=472

Vulnerability in xfsdump in SGI IRIX may allow local users to obtain
root privileges via the bck.log log file, possibly via a symlink
attack.

Analysis
----------------
ED_PRI CAN-1999-1398 3
Vendor Acknowledgement:

The original poster suggests that there may be a problem, but provides
no details.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1399
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1399
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970820 SpaceWare 7.3 v1.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719552&w=2
Reference: BID:471
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=471

spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users
to gain root privileges by setting the HOSTNAME environmental variable
to contain the commands to be executed.

Analysis
----------------
ED_PRI CAN-1999-1399 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1408
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970305 Bug in connect() for aix 4.1.4 ?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420641&w=2
Reference: BID:352
Reference: URL:http://www.securityfocus.com/bid/352

Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users
to cause a denial of service (crash) by using a socket to connect to a
port on the localhost, calling shutdown to clear the socket, then
using the same socket to connect to a different port on localhost.

Analysis
----------------
ED_PRI CAN-1999-1408 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1410
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1410
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970509 Re: Irix: misc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2
Reference: MISC:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: BID:330
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=330

addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary
files and possibly gain root privileges via a symlink attack on the
printers temporary file.

Analysis
----------------
ED_PRI CAN-1999-1410 3
Vendor Acknowledgement: unknown vague advisory

SGI:19961203-02-PX may solve this problem, but the advisory is so
vague that it is uncertain whether this was fixed or not. addnetpr is
not specifically named in the advisory, which names netprint, which is
not specified in the original Bugtraq post. In addition, the date on
the advisory is one day earlier than that of the Bugtraq post, though
that could be a difference in time zones. It seems plausible that the
problem had already been patched (the researcher did say "There *was*
[a] race condition") so maybe SGI released this advisory after the
problem was publicized.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1413
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960803 Exploiting Zolaris 2.4 ??  :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419549&w=2
Reference: BID:296
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=296

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to
dump core even if the real user id is not in the set-gid group, which
allows local users to overwrite or create files at higher privileges
by causing a core dump, e.g. through dmesg.

Analysis
----------------
ED_PRI CAN-1999-1413 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1446
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1446
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19970805 Re: Strange behavior regarding directory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719654&w=2
Reference: NTBUGTRAQ:19970806 Re: Strange behavior regarding directory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719655&w=2

Internet Explorer 3 records a history of all URL's that are visited by
a user in DAT files located in the Temporary Internet Files and
History folders, which are not cleared when the user selects the
"Clear History" option, and are not visible when the user browses the
folders because of tailored displays.

Analysis
----------------
ED_PRI CAN-1999-1446 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1449
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1449
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970519 /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's
Reference: URL:http://oamk.fi/~jukkao/bugtraq/before-971202/0498.html
Reference: MISC:http://www.insecure.org/sploits/sunos.dev.tcx0.write.wierd.shit.to.device.bug.html

SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial
of service (kernel panic) by reading from the /dev/tcx0 TCX device.

Analysis
----------------
ED_PRI CAN-1999-1449 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1463
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970710 A New Fragmentation Attack
Reference: URL:http://www.securityfocus.com/archive/1/7219
Reference: XF:nt-frag(528)
Reference: URL:http://xforce.iss.net/static/528.php

Windows NT 4.0 before SP3 allows remote attackers to bypass firewall
restrictions or cause a denial of service (crash) by sending
improperly fragmented IP packets without the first fragment, which the
TCP/IP stack incorrectly reassembles into a valid session.

Analysis
----------------
ED_PRI CAN-1999-1463 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1483
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1483
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970619 svgalib/zgv
Reference: URL:http://www.securityfocus.com/archive/1/7041

Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local
users to execute arbitrary code via a long HOME environment variable.

Analysis
----------------
ED_PRI CAN-1999-1483 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1489
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970304 Linux SuperProbe exploit
Reference: URL:http://www.securityfocus.com/archive/1/6384
Reference: BID:364
Reference: URL:http://www.securityfocus.com/bid/364

Buffer overflow in TestChip function in XFree86 SuperProbe in
Slackware Linux 3.1 allows local users to gain root privileges via a
long -nopr argument.

Analysis
----------------
ED_PRI CAN-1999-1489 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1491
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1491
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960202 abuse Red Hat 2.1 security hole
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418994&w=2
Reference: BID:354
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=354

abuse.console in Red Hat 2.1 uses relative pathnames to find and
execute the undrv program, which allows local users to execute
arbitrary commands via a path that points to a Trojan horse program.

Analysis
----------------
ED_PRI CAN-1999-1491 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1525
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970314 Shockwave Security Alert
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420670&w=2
Reference: XF:shockwave-internal-access(1585)
Reference: URL:http://xforce.iss.net/static/1585.php
Reference: XF:shockwave-file-read-vuln(1586)
Reference: URL:http://xforce.iss.net/static/1586.php
Reference: XF:http-ns-shockwave(460)
Reference: URL:http://xforce.iss.net/static/460.php

Macromedia Shockwave before 6.0 allows a malicious webmaster to read a
user's mail box and possibly access internal web servers via the
GetNextText command on a Shockwave movie.

Analysis
----------------
ED_PRI CAN-1999-1525 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION:
The exploit includes creating a URL to the file or a CGI script plus
its arguments. Although a versatile exploit, it appears to stem from
the same fundamental security issue, i.e. GetNextText.  For a
discussion of the problem see: http://www.webcomics.com/shockwave
--Pease

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1526
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1526
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990311 [Fwd: Shockwave 7 Security Hole]
Reference: URL:http://www.securityfocus.com/archive/1/12842
Reference: XF:shockwave-updater(1931)
Reference: URL:http://xforce.iss.net/static/1931.php

Auto-update feature of Macromedia Shockwave 7 transmits a user's
password and hard disk information back to Macromedia.

Analysis
----------------
ED_PRI CAN-1999-1526 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1552
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19940720 xnews and XDM
Reference: URL:xnews and XDM
Reference: BID:358
Reference: URL:http://www.securityfocus.com/bid/358

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and
earlier does not properly check privileges, which allows local users
to overwrite arbitrary files and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1552 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007