[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1999-A - 52 candidates

I am proposing cluster LEGACY-MISC-1999-A for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1999-A
Description: Legacy candidates announced between 1/1/1999 and 4/27/1999
Size: 52

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote
attackers to cause a denial of service via a spoofed endpoint
identifier.

Analysis
----------------
ED_PRI CAN-1999-1203 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1567
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1567
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990308 Password and DOS Vulnerability with Testrack (bug tracking software)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9903&L=NTBUGTRAQ&P=R1215
Reference: NTBUGTRAQ:19990616 Password and DOS Vulnerability with Testrack (bug tracking software)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9906&L=NTBUGTRAQ&P=R1680

Seapine Software TestTrack server allows a remote attacker to cause a
denial of service (high CPU) via (1) TestTrackWeb.exe and (2)
ttcgi.exe by connecting to port 99 and disconnecting without sending
any data.

Analysis
----------------
ED_PRI CAN-1999-1567 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1568
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2
Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise"
Reference: URL:http://www.securityfocus.com/archive/1/12699
Reference: XF:ncftpd-port-bo(1833)
Reference: URL:http://xforce.iss.net/static/1833.php

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote
attacker to cause a denial of service (crash) via a long PORT command.

Analysis
----------------
ED_PRI CAN-1999-1568 2
Vendor Acknowledgement: yes followup

INCLUSION:
This is a UNIX based server.  The process that crashes is a child
process whose resources are released appropriately, according to
reports.  Since it's also an off-by-one error instead of a buffer
overflow, perhaps this is not "exploitable" and as such should not be
included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0418
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0418
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990308 SMTP server account probing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92100018214316&w=2

Denial of service in SMTP applications such as Sendmail, when a
remote attacker (e.g. spammer) uses many "RCPT TO" commands in the
same connection.

Analysis
----------------
ED_PRI CAN-1999-0418 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990302 Multiple IMail Vulnerabilites
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2
Reference: BID:504
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=504
Reference: XF:imail-imonitor-overflow(1897)
Reference: URL:http://xforce.iss.net/static/1897.php

Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to
cause a denial of service, and possibly execute arbitrary commands,
via a long string to port 8181.

Analysis
----------------
ED_PRI CAN-1999-1046 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990222 Severe Security Hole in ARCserve NT agents (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91972006211238&w=2

ARCserve NT agents use weak encryption (XOR) for passwords, which
allows remote attackers to sniff the authentication request to port
6050 and decrypt the password.

Analysis
----------------
ED_PRI CAN-1999-1049 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990217 Tetrix 1.13.16 is Vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91937090211855&w=2
Reference: BID:340
Reference: URL:http://www.securityfocus.com/bid/340

Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote
attackers to cause a denial of service and possibly execute arbitrary
commands by connecting to port 31457 from a host with a long DNS
hostname.

Analysis
----------------
ED_PRI CAN-1999-1060 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1101
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990219 Yet Another password storing problem (was: Re: Possible Netscape Crypto Security Flaw)
Reference: URL:http://www.securityfocus.com/archive/1/12618

Kabsoftware Lydia utility uses weak encryption to store user passwords
in the lydia.ini file, which allows local users to easily decrypt the
passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1101 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1168
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1168
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990220 ISS install.iss security hole
Reference: URL:http://www.securityfocus.com/archive/1/12640

install.iss installation script for Internet Security Scanner (ISS)
for Linux, version 5.3, allows local users to change the permissions
of arbitrary files via a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1168 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990204 NOBO denial of service
Reference: URL:http://www.securityfocus.com/archive/1/12284

nobo 1.2 allows remote attackers to cause a denial of service (crash)
via a series of large UDP packets.

Analysis
----------------
ED_PRI CAN-1999-1169 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990204 WS FTP Server Remote DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91816507920544&w=2
Reference: BID:218
Reference: URL:http://www.securityfocus.com/bid/218

IPswitch IMail allows local users to gain additional privileges and
modify or add mail accounts by setting the "flags" registry key to
1920.

Analysis
----------------
ED_PRI CAN-1999-1170 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

WS_FTP and IMail are provided by the same vendor, but they are
different packages. Thus CD:SF-EXEC says to create separate items for
the IMail/flags problem versus the WS_FTP/flags problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1171
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990204 WS FTP Server Remote DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91816507920544&w=2
Reference: BID:218
Reference: URL:http://www.securityfocus.com/bid/218

IPswitch WS_FTP allows local users to gain additional privileges and
modify or add mail accounts by setting the "flags" registry key to
1920.

Analysis
----------------
ED_PRI CAN-1999-1171 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

WS_FTP and IMail are provided by the same vendor, but they are
different packages. Thus CD:SF-EXEC says to create separate items for
the IMail/flags problem versus the WS_FTP/flags problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1172
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990114 security hole in Maximizer
Reference: URL:http://www.securityfocus.com/archive/1/11947

By design, Maximizer Enterprise 4 calendar and address book program
allows arbitrary users to modify the calendar of other users when the
calendar is being shared.

Analysis
----------------
ED_PRI CAN-1999-1172 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1180
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/NT/buffer.html
Reference: BUGTRAQ:19990216 Website Pro v2.0 (NT) Configuration Issues
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1999_1/0612.html

O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to
execute arbitrary commands via shell metacharacters in an argument to
(1) args.cmd or (2) args.bat.

Analysis
----------------
ED_PRI CAN-1999-1180 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1196
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990427 NT/Exceed D.O.S.
Reference: URL:http://www.securityfocus.com/archive/1/13451
Reference: BID:158
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=158

Hummingbird Exceed X version 5 allows remote attackers to cause a
denial of service via malformed data to port 6000.

Analysis
----------------
ED_PRI CAN-1999-1196 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1201
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990206 New Windows 9x Bug:  TCP Chorusing
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2
Reference: BID:225
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=225

Windows 95 and Windows 98 systems, when configured with multiple
TCP/IP stacks bound to the same MAC address, allow remote attackers to
cause a denial of service (traffic amplification) via a certain ICMP
echo (ping) packet, which causes all stacks to send a ping response,
aka TCP Chorusing.

Analysis
----------------
ED_PRI CAN-1999-1201 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1235
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990331 Minor Bug in IE5.0
Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=R179
Reference: NTBUGTRAQ:19990825 IE5 FTP password exposure & index.dat null ACL problem
Reference: URL:http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html
Reference: XF:nt-ie5-user-ftp-password(3289)
Reference: URL:http://xforce.iss.net/static/3289.php

Internet Explorer 5.0 records the username and password for FTP
servers in the URL history, which could allow (1) local users to read
the information from another user's index.dat, or (2) people who are
physically observing ("shoulder surfing") another user to read the
information from the status bar when the user moves the mouse over a
link.

Analysis
----------------
ED_PRI CAN-1999-1235 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990415 FSA-99.04-IPFILTER-v3.2.10
Reference: URL:http://www.securityfocus.com/archive/1/13303
Reference: XF:ipfilter-temp-file(2087)
Reference: URL:http://xforce.iss.net/static/2087.php

IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary
files via a symlink attack on the saved output file.

Analysis
----------------
ED_PRI CAN-1999-1244 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: XF:ucd-snmpd-community(2086)
Reference: URL:http://xforce.iss.net/static/2086.php

vacm ucd-snmp SNMP server, version 3.52, does not properly disable
access to the public community string, which could allow remote
attackers to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-1999-1245 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990308 Winfreeze EXPLOIT  Win9x/NT
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92099515709467&w=2
Reference: XF:win-redirects-freeze(1947)
Reference: URL:http://xforce.iss.net/static/1947.php

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of
service by spoofing ICMP redirect messages from a router, which causes
Windows to change its routing tables.

Analysis
----------------
ED_PRI CAN-1999-1254 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: MISC:http://www.rootshell.com/archive-j457nxiqi3gq59dv/199902/hyperseek.txt.html
Reference: XF:hyperseek-modify(1914)
Reference: URL:http://xforce.iss.net/static/1914.php

Hyperseek allows remote attackers to modify the hyperseek
configuration by directly calling the admin.cgi program with an
edit_file action parameter.

Analysis
----------------
ED_PRI CAN-1999-1255 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990304 Oracle Plaintext Password
Reference: URL:http://www.securityfocus.com/archive/1/12744
Reference: NTBUGTRAQ:19990304 Oracle Plaintext Password
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92056752115116&w=2
Reference: XF:oracle-passwords(1902)
Reference: URL:http://xforce.iss.net/static/1902.php

Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition
stores the database master password in plaintext in the spoolmain.log
file when a new database is created, which allows local users to
obtain the password from that file.

Analysis
----------------
ED_PRI CAN-1999-1256 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990215 KSR[T] Advisory #10: mSQL ServerStats
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91910115718150&w=2
Reference: XF:msql-serverstats(1777)
Reference: URL:http://xforce.iss.net/static/1777.php

mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive
server information such as logged users, database names, and server
version via the ServerStats query.

Analysis
----------------
ED_PRI CAN-1999-1260 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1261
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990211 Rainbow Six Buffer Overflow.....
Reference: URL:http://www.securityfocus.com/archive/1/12433
Reference: XF:rainbowsix-nick-bo(1772)
Reference: URL:http://xforce.iss.net/static/1772.php

Buffer overflow in Rainbow Six Multiplayer allows remote attackers to
cause a denial of service, and possibly execute arbitrary commands,
via a long nickname (nick) command.

Analysis
----------------
ED_PRI CAN-1999-1261 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

The poster mentions that the overflow is similar to one in Quake. If
Rainbow Six is based on the Quake codebase (as a number of video games
are), then CD:SF-CODEBASE would suggest combining all affected
products into a single item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1262
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Reference: URL:http://www.securityfocus.com/archive/1/12231
Reference: XF:java-socket-open(1727)
Reference: URL:http://xforce.iss.net/static/1727.php

Java in Netscape 4.5 does not properly restrict applets from
connecting to other hosts besides the one from which the applet was
loaded, which violates the Java security model and could allow remote
attackers to conduct unauthorized activities.

Analysis
----------------
ED_PRI CAN-1999-1262 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990121 WebRamp M3 remote network access bug
Reference: URL:http://www.securityfocus.com/archive/1/12048
Reference: BUGTRAQ:19990203 WebRamp M3 Perceived Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91815321510224&w=2
Reference: XF:webramp-remote-access(1670)
Reference: URL:http://xforce.iss.net/static/1670.php

WebRamp M3 router does not disable remote telnet or HTTP access to
itself, even when access has been expliticly disabled.

Analysis
----------------
ED_PRI CAN-1999-1264 3
Vendor Acknowledgement: no disputed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2
Reference: XF:kde-konsole-hijack(1645)
Reference: URL:http://xforce.iss.net/static/1645.php

Vulnerability in KDE konsole allows local users to hijack or observe
sessions of other users by accessing certain devices.

Analysis
----------------
ED_PRI CAN-1999-1268 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990409 NAV for MS Exchange & Internet Email Gateways
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92370067416739&w=2

Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and
earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and
earlier, store the administrator password in cleartext in (1) the
navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in
NAVMSE.

Analysis
----------------
ED_PRI CAN-1999-1323 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1369
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990414 Real Media Server stores passwords in plain text
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92411181619110&w=2

Real Media RealServer (rmserver) 6.0.3.353 stores a password in
plaintext in the world-readable rmserver.cfg file, which allows local
users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1369 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1370
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1370
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990323 MSIE 5 installer disables screen saver
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92220197414799&w=2

The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1)
the screen saver, which could leave the system open to users with
physical access if a failure occurs during an unattended installation,
and (2) the Task Scheduler Service, which might prevent the scheduled
execution of security-critical programs.

Analysis
----------------
ED_PRI CAN-1999-1370 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1371
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990308 Solaris "/usr/bin/write" bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92100752221493&w=2
Reference: MISC:http://www.securiteam.com/exploits/5ZP0O1P35O.html

Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local
users to gain privileges via a long string in the terminal name
argument.

Analysis
----------------
ED_PRI CAN-1999-1371 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1372
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1372
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990219 Plaintext Password in Tractive's Remote Manager Software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91966339502073&w=2

Triactive Remote Manager with Basic authentication enabled stores the
username and password in cleartext in registry keys, which could allow
local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1372 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1373
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990105 Re: Network Scan Vulnerability [SUMMARY]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91651770130771&w=2

FORE PowerHub before 5.0.1 allows remote attackers to cause a denial
of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting,
e.g. via nmap.

Analysis
----------------
ED_PRI CAN-1999-1373 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1374
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990427 Re: Shopping Carts exposing CC data
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92523159819402&w=2

perlshop.cgi shopping cart program stores sensitive customer
information in directories and files that are under the web root,
which allows remote attackers to obtain that information via an HTTP
request.

Analysis
----------------
ED_PRI CAN-1999-1374 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1375
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990211 Using FSO in ASP to view just about anything
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91877455626320&w=2
Reference: BID:230
Reference: URL:http://www.securityfocus.com/bid/230

FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP)
allows remote attackers to read arbitrary files by specifying the name
in the file parameter.

Analysis
----------------
ED_PRI CAN-1999-1375 3
Vendor Acknowledgement:

It is unclear whether showfile.asp is the exploit, or a vulnerable
program. In addition, it is unknown whether the FSO is expected to act
this way (similar to an open() call).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1376
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1376
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990114 MS IIS 4.0 Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91632724913080&w=2
Reference: BUGTRAQ:19990114 MS IIS 4.0 Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91638375309890&w=2

Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server
Extensions allows remote attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-1999-1376 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2
Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2
Reference: BID:476
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=476

Index Server 2.0 on IIS 4.0 stores physical path information in the
ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose
permissions allows local and remote users to obtain the physical paths
of directories that are being indexed.

Analysis
----------------
ED_PRI CAN-1999-1397 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1405
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990217 snap utility for AIX.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936783009385&w=2
Reference: BUGTRAQ:19990220 Re: snap utility for AIX.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91954824614013&w=2
Reference: BID:375
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=375

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory
with world-readable permissions and does not remove or clear the
directory when snap -a is executed, which could allow local users to
access the shadowed password file by creating
/tmp/ibmsupt/general/passwd before root runs snap -a.

Analysis
----------------
ED_PRI CAN-1999-1405 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1422
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1422
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990102 PATH variable in zip-slackware 2.0.35
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91540043023167&w=2
Reference: BID:211
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=211

The default configuration of Slackware 3.4, and possibly other
versions, includes . (dot, the current directory) in the PATH
environmental variable, which could allow local users to create Trojan
horse programs that are inadvertently executed by other users.

Analysis
----------------
ED_PRI CAN-1999-1422 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1430
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990102 security problem with Royal daVinci
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91540043723185&w=2
Reference: BID:185
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=185

PIM software for Royal daVinci does not properly password-protext
access to data stored in the .mdb (Microsoft Access) file, which
allows local users to read the data without a password by directly
accessing the files with a different application, such as Access.

Analysis
----------------
ED_PRI CAN-1999-1430 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1431
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1431
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990107 WinNT, ZAK and Office 97
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91576100022688&w=2
Reference: NTBUGTRAQ:19990109 WinNT, ZAK and Office 97
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91606260910008&w=2
Reference: BID:181
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=181

ZAK in Appstation mode allows users to bypass the "Run only allowed
apps" policy by starting Explorer from Office 97 applications (such as
Word), installing software into the TEMP directory, and changing the
name to that for an allowed application, such as Winword.exe.

Analysis
----------------
ED_PRI CAN-1999-1431 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1440
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990101 Win32 ICQ 98a flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91522424302962&w=2
Reference: BID:132
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=132

Win32 ICQ 98a 1.30, and possibly other versions, does not display the
entire portion of long filenames, which could allow attackers to send
an executable file with a long name that contains so many spaces that
the .exe extension is not displayed, which could make the user believe
that the file is safe to open from the client.

Analysis
----------------
ED_PRI CAN-1999-1440 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1453
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1453
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990222 New IE4 vulnerability : the clipboard again.
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91979439932341&w=2
Reference: BID:215
Reference: URL:http://www.securityfocus.com/bid/215

Internet Explorer 4 allows remote attackers (malicious web site
operators) to read the contents of the clipboard via the Internet
WebBrowser ActiveX object.

Analysis
----------------
ED_PRI CAN-1999-1453 3
Vendor Acknowledgement: unknown

This is very similar to CVE-1999-0384, but that one deals with the
Forms vulnerability.  That problem had been announced and fixed on
January 21, but this problem was announced on February 21, so
CD:SF-LOC would suggest keeping them separate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1482
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990219 Security hole: "zgv"
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-02-15&msg=Pine.LNX.3.96.990219175605.9622A-100000@ferret.lmh.ox.ac.uk

SVGAlib zgv 3.0-7 and earlier allows local users to gain root access
via a privilege leak of the iopl(3) privileges to child processes.

Analysis
----------------
ED_PRI CAN-1999-1482 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1495
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19990218 xtvscreen and suse 6
Reference: URL:http://www.securityfocus.com/archive/1/12580
Reference: XF:xtvscreen-overwrite(1792)
Reference: URL:http://xforce.iss.net/static/1792.php
Reference: BID:325
Reference: URL:http://www.securityfocus.com/bid/325

xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary
files via a symlink attack on the pic000.pnm file.

Analysis
----------------
ED_PRI CAN-1999-1495 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1538
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990114 MS IIS 4.0 Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91638375309890&w=2
Reference: NTBUGTRAQ:19990114 MS IIS 4.0 Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91632724913080&w=2
Reference: BID:189
Reference: URL:http://www.securityfocus.com/bid/189

When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in
/scripts/iisadmin, which does not restrict access to the local machine
and allows an unauthorized user to gain access to sensitive server
information, including the Administrator's password.

Analysis
----------------
ED_PRI CAN-1999-1538 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1544
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1544
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990124 Advisory: IIS FTP Exploit/DoS Attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91722115016183&w=2

Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows
local and sometimes remote attackers to cause a denial of service via
a long NLST (ls) command.

Analysis
----------------
ED_PRI CAN-1999-1544 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1546
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990129 TROJAN: netstation.navio-comm.rte 1.1.0.1
Reference: URL:http://www.securityfocus.com/archive/1/12217
Reference: XF:navionc-config-script(1724)
Reference: URL:http://xforce.iss.net/static/1724.php

netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on
IBM AIX exports /tmp over NFS as world-readable and world-writable.

Analysis
----------------
ED_PRI CAN-1999-1546 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1551
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990302 Multiple IMail Vulnerabilites
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2
Reference: BID:505
Reference: URL:http://www.securityfocus.com/bid/505
Reference: XF:imail-websvc-overflow(1898)
Reference: URL:http://xforce.iss.net/static/1898.php

Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to
cause a denial of service (crash) and possibly execute arbitrary
commands via a long URL.

Analysis
----------------
ED_PRI CAN-1999-1551 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1553
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990301 [0z0n3] XCmail remotely exploitable vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/12730
Reference: BID:311
Reference: URL:http://www.securityfocus.com/bid/311
Reference: XF:xcmail-reply-overflow(1859)
Reference: URL:http://xforce.iss.net/static/1859.php

Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote
attackers to execute arbitrary commands via a long subject line.

Analysis
----------------
ED_PRI CAN-1999-1553 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1557
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1557
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990301 Multiple IMail Vulnerabilites
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2
Reference: XF:imail-imap-overflow(1895)
Reference: URL:http://xforce.iss.net/static/1895.php

Buffer overflow in the login functions in IMAP server (imapd) in
Ipswitch IMail 5.0 and earlier allows remote attackers to cause a
denial of service and possibly execute arbitrary code via (1) a long
user name or (2) a long password.

Analysis
----------------
ED_PRI CAN-1999-1557 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1559
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1559
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990331 Xylan OmniSwitch "features"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92299263017061&w=2
Reference: XF:xylan-omniswitch-login(2064)
Reference: URL:http://xforce.iss.net/static/2064.php

Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the
login prompt via a CTRL-D (control d) character, which locks other
users out of the switch because it only supports one session at a
time.

Analysis
----------------
ED_PRI CAN-1999-1559 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007