[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MS-ADV - 35 candidates



I am proposing cluster LEGACY-MS-ADV for review and voting by the
Editorial Board.

Name: LEGACY-MS-ADV
Description: Candidates announced in Microsoft bulletins/KB articles,
             for 1999 and earlier
Size: 35

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-0154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 19990607
Category: SF
Reference: MSKB:Q163485
Reference: MSKB:Q164059
Reference: BUGTRAQ:19970220 ! [ADVISORY] Major Security Hole in MS ASP
Reference: XF:http-iis-aspdot
Reference: XF:http-iis-aspsource

IIS 2.0 and 3.0 allows remote attackers to read the source code for
ASP pages by appending a . (dot) to the end of the URL.

Analysis
----------------
ED_PRI CAN-1999-0154 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0815
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0815
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 19991125
Category: SF
Reference: MSKB:Q196270
Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote
attackers to conduct a denial of service (memory exhaustion) via a
large number of queries.

Analysis
----------------
ED_PRI CAN-1999-0815 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp
Reference: MSKB:Q192296
Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a
denial of service (hang) via a malformed GET request, aka the IIS
"GET" vulnerability.

Analysis
----------------
ED_PRI CAN-1999-1035 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp
Reference: BID:179
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=179
Reference: XF:excel-call(1737)
Reference: URL:http://xforce.iss.net/static/1737.php

Microsoft Excel 97 does not warn the user before executing worksheet
functions, which could allow attackers to execute arbitrary commands
by using the CALL function to execute a malicious DLL, aka the Excel
"CALL Vulnerability."

Analysis
----------------
ED_PRI CAN-1999-1055 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp
Reference: MSKB:Q168617
Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: XF:ie-dotless(2209)
Reference: URL:http://xforce.iss.net/static/2209.php

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in
the a URL as the hostname instead of an IP address, which causes IE to
apply Local Intranet Zone settings to the resulting web page, allowing
remote malicious web servers to conduct unauthorized activities by
using URLs that contain the dotless IP address for their server.

Analysis
----------------
ED_PRI CAN-1999-1087 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp

Buffer overflow in the Window.External function in the JScript
Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows
remote attackers to execute arbitrary commands via a malicious web
page.

Analysis
----------------
ED_PRI CAN-1999-1093 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2
Reference: XF:iemk-bug(917)
Reference: URL:http://xforce.iss.net/static/917.php

Buffer overflow in Internet Explorer 4.01 and earlier allows remote
attackers to execute arbitrary commands via a long URL with the "mk:"
protocol, aka the "MK Overrun security issue."

Analysis
----------------
ED_PRI CAN-1999-1094 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2
Reference: MSKB:Q140557

Windows 95 uses weak encryption for the password list (.pwl) file used
when password caching is enabled, which allows local users to gain
privileges by decrypting the passwords.

Analysis
----------------
ED_PRI CAN-1999-1104 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp
Reference: MSKB:Q195733
Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp

Windows NT 4.0 does not properly shut down invalid named pipe RPC
connections, which allows remote attackers to cause a denial of
service (resource exhaustion) via a series of connections containing
malformed data, aka the "Named Pipes Over RPC" vulnerability.

Analysis
----------------
ED_PRI CAN-1999-1127 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2
Reference: MSKB:Q179157
Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp
Reference: XF:token-ring-dos(1399)

Windows NT 4.0 allows remote attackers to cause a denial of service
(crash) via extra source routing data such as (1) a Routing
Information Field (RIF) field with a hop count greater than 7, or (2)
a list containing duplicate Token Ring IDs.

Analysis
----------------
ED_PRI CAN-1999-1132 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp
Reference: MSKB:Q189262
Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP
Reference: XF:iis-passive-ftp(1215)
Reference: URL:http://xforce.iss.net/static/1215.php

FTP service in IIS 4.0 and earlier allows remote attackers to cause a
denial of service (resource exhaustion) via many passive (PASV)
connections at the same time.

Analysis
----------------
ED_PRI CAN-1999-1148 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1157
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q192774
Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP
Reference: XF:tcpipsys-icmp-dos(3894)
Reference: URL:http://xforce.iss.net/static/3894.php

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to
cause a denial of service via an ICMP Subnet Mask Address Request
packet, when certain multiple IP addresses are bound to the same
network interface.

Analysis
----------------
ED_PRI CAN-1999-1157 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1222
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q188571
Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP
Reference: XF:dns-netbtsys-dos(3893)
Reference: URL:http://xforce.iss.net/static/3893.php

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to
cause a denial of service (crash) by returning 0.0.0.0 as the IP
address for a DNS host name lookup.

Analysis
----------------
ED_PRI CAN-1999-1222 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1223
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q187503
Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp
Reference: XF:url-asp-av(3892)
Reference: URL:http://xforce.iss.net/static/3892.php

IIS 3.0 allows remote attackers to cause a denial of service via a
request to an ASP page in which the URL contains a large number of /
(forward slash) characters.

Analysis
----------------
ED_PRI CAN-1999-1223 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1233
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS99-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp
Reference: MSKB:241562
Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp
Reference: BID:657
Reference: URL:http://www.securityfocus.com/bid/657
Reference: XF:iis-unresolved-domain-access(3306)
Reference: URL:http://xforce.iss.net/static/3306.php

IIS 4.0 does not properly restrict access for the initial session
request from a user's IP address if the address does not resolve to a
DNS domain, aka the "Domain Resolution" vulnerability.

Analysis
----------------
ED_PRI CAN-1999-1233 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1246
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q229972
Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
Reference: XF:siteserver-directmail-passwords(2068)
Reference: URL:http://xforce.iss.net/static/2068.php

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain
names and passwords in plaintext in the TMLBQueue network share, which
has insecure default permissions, allowing remote attackers to read
the passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1246 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1259
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q189529
Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp
Reference: XF:office-extraneous-data(1780)
Reference: URL:http://xforce.iss.net/static/1780.php

Microsoft Office 98, Macintosh Edition, does not properly initialize
the disk space used by Office 98 files and effectively inserts data
from previously deleted files into the Office file, which could allow
attackers to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-1999-1259 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q138001
Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp
Reference: XF:snaserver-shared-folders(1548)
Reference: URL:http://xforce.iss.net/static/1548.php

An interaction between the AS/400 shared folders feature and Microsoft
SNA Server 3.0 and earlier allows users to view each other's folders
when the users share the same Local APPC LU.

Analysis
----------------
ED_PRI CAN-1999-1279 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q146604
Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp

Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore
permissions, which are inherited by programs such as File Manager that
are started from the Shortcut Bar, which could allow local users to
read folders for which they do not have permission.

Analysis
----------------
ED_PRI CAN-1999-1294 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1316
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q247975
Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp

Passfilt.dll in Windows NT SP2 allows users to create a password that
contains the user's name, which could make it easier for an attacker
to guess.

Analysis
----------------
ED_PRI CAN-1999-1316 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2
Reference: MSKB:Q222159
Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp

Windows NT 4.0 SP4 and earlier allows local users to gain privileges
by modifying the symbolic link table in the \?? object folder using a
different case letter (upper or lower) to point to a different device.

Analysis
----------------
ED_PRI CAN-1999-1317 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1358
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q157673
Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp

When an administrator in Windows NT or Windows 2000 changes a user
policy, the policy is not properly updated if the local ntconfig.pol
is not writable by the user, which could allow local users to bypass
restrictions that would otherwise be enforced by the policy, possibly
by changing the policy file to be read-only.

Analysis
----------------
ED_PRI CAN-1999-1358 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q163875
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp

When the Ntconfig.pol file is used on a server whose name is longer
than 13 characters, Windows NT does not properly enforce policies for
global groups, which could allow users to bypass restrictions that
were intended by those policies.

Analysis
----------------
ED_PRI CAN-1999-1359 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1360
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q160650
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp

Windows NT 4.0 allows local users to cause a denial of service via a
user mode application that closes a handle that was opened in kernel
mode, which causes a crash when the kernel attempts to close the
handle.

Analysis
----------------
ED_PRI CAN-1999-1360 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1362
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1362
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q160601
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp

Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a
denial of service (crash) by calling certain WIN32K functions with
incorrect parameters.

Analysis
----------------
ED_PRI CAN-1999-1362 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1363
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1363
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q163143
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp

Windows NT 3.51 and 4.0 allow local users to cause a denial of service
(crash) by running a program that creates a large number of locks on a
file, which exhausts the NonPagedPool.

Analysis
----------------
ED_PRI CAN-1999-1363 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1364
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q142653
Reference: URL:http://support.microsoft.com/support/kb/articles/q142/6/53.asp

Windows NT 4.0 allows local users to cause a denial of service (crash)
via an illegal kernel mode address to the functions (1)
GetThreadContext or (2) SetThreadContext.

Analysis
----------------
ED_PRI CAN-1999-1364 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1451
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1451
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q231368
Reference: URL:http://support.microsoft.com/support/kb/articles/q231/3/68.asp
Reference: MS:MS99-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-013.asp
Reference: XF:iis-samples-winmsdp(3271)
Reference: URL:http://xforce.iss.net/static/3271.php

The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows
remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1451 1
Vendor Acknowledgement: yes advisory

Winmsdp.exe doesn't have a CAN, but viewcode/showcode/etc. do, so this
CAN should be assigned to be consistent.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1452
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1452
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2
Reference: MSKB:Q214802
Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp
Reference: BID:198
Reference: URL:http://www.securityfocus.com/bid/198
Reference: XF:nt-gina-clipboard(1975)
Reference: URL:http://xforce.iss.net/static/1975.php

GINA in Windows NT 4.0 allows attackers with physical access to
display a portion of the clipboard of the user who has locked the
workstation by pasting (CTRL-V) the contents into the username prompt.

Analysis
----------------
ED_PRI CAN-1999-1452 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1455
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q158320
Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not
properly restrict access as specified in the .Rhosts file when a user
comes from an authorized host, which could allow unauthorized users to
access the service by logging in from an authorized host.

Analysis
----------------
ED_PRI CAN-1999-1455 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1472
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MSKB:Q176794
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:http-ie-spy(587)
Reference: URL:http://xforce.iss.net/static/587.php

Internet Explorer 4.0 allows remote attackers to read arbitrary text
and HTML files on the user's machine via a small IFRAME that uses
Dynamic HTML (DHTML) to send the data to the attacker, aka the
Freiburg text-viewing issue.

Analysis
----------------
ED_PRI CAN-1999-1472 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1473
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp

When a Web site redirects the browser to another site, Internet
Explorer 3.02 and 4.0 automatically resends authentication information
to the second site, aka the "Page Redirect Issue."

Analysis
----------------
ED_PRI CAN-1999-1473 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1476
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1476
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: MSKB:Q163852
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp
Reference: XF:pentium-crash(704)
Reference: URL:http://xforce.iss.net/static/704.php

A bug in Intel Pentium processor (MMX and Overdrive) allows local
users to cause a denial of service (hang) in Intel-based operating
systems such as Windows NT and Windows 95, via an invalid instruction,
aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.

Analysis
----------------
ED_PRI CAN-1999-1476 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-007.asp

Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1)
malformed NNTP data, or (2) malformed SMTP data, which allows remote
attackers to cause a denial of service (application error).

Analysis
----------------
ED_PRI CAN-1999-1043 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION:
CD:SF-EXEC suggests combining multiple executables with the same
problem in the same version of the same software package.  There is
insufficient detail in the advisory to determine if the type of
"incorrect data" that harms the SMTP service is fundamentally
different from the type of incorrect data that affects NNTP.  If there
were enough detail, and the types of incorrect data were different,
then CD:SF-LOC would suggest creating separate entries.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1084
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1084
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: NTBUGTRAQ:19980622 Yet another "get yourself admin rights exploit":
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431604&w=2
Reference: MSKB:Q103861
Reference: URL:http://support.microsoft.com/support/kb/articles/q103/8/61.asp
Reference: MS:MS00-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-008.asp
Reference: CIAC:K-029
Reference: URL:http://www.ciac.org/ciac/bulletins/k-029.shtml
Reference: BID:1044
Reference: URL:http://www.securityfocus.com/bid/1044

The "AEDebug" registry key is installed with insecure permissions,
which allows local users to modify the key to specify a Trojan Horse
debugger which is automatically executed on a system crash.

Analysis
----------------
ED_PRI CAN-1999-1084 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PERM

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007