[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-ADV - 43 candidates



I am proposing cluster LEGACY-MISC-ADV for review and voting by the
Editorial Board.

Name: LEGACY-MISC-ADV
Description: Candidates confirmed in miscellaneous bulletins, 1999 and earlier
Size: 43

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1100
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml
Reference: XF:cisco-pix-parse-error(1579)
Reference: URL:http://xforce.iss.net/static/1579.php

Cisco PIX Private Link 4.1.6 and earlier does not properly process
certain commands in the configuration file, which reduces the
effective key length of the DES key to 48 bits instead of 56 bits,
which makes it easier for an attacker to find the proper key via a
brute force attack.

Analysis
----------------
ED_PRI CAN-1999-1100 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1102
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Reference: CIAC:E-25a
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating
systems allows local users to create or overwrite arbitrary files via
a symlink attack that is triggered after invoking lpr 1000 times.

Analysis
----------------
ED_PRI CAN-1999-1102 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1117
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961124
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: BID:455
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=455
Reference: XF:ibm-lquerypv(1752)
Reference: URL:http://xforce.iss.net/static/1752.php

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files
by specifying the file in the -h command line parameter.

Analysis
----------------
ED_PRI CAN-1999-1117 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Reference: CIAC:I-054
Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS
11.2 and earlier does not use authentication, which allows remote
attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets
to UDP port 2048.

Analysis
----------------
ED_PRI CAN-1999-1175 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1300
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:B-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-31.shtml

Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users
to read arbitrary files and modify system accounting configuration.

Analysis
----------------
ED_PRI CAN-1999-1300 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: unknown
Reference: BUGTRAQ:19941209 Novell security advisory on sadc, urestore and the suid_exec feature
Reference: URL:http://www.dataguard.no/bugtraq/1994_4/0676.html
Reference: CIAC:F-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-06.shtml

Vulnerability in urestore in Novell UnixWare 1.1 allows local users to
gain root privileges.

Analysis
----------------
ED_PRI CAN-1999-1307 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:F-04
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-04.shtml

Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP
and VAX/VMS systems allow local users to gain privileges or cause a
denial of service.

Analysis
----------------
ED_PRI CAN-1999-1315 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1320
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:D-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml

Vulnerability in Novell NetWare 3.x and earlier allows local users to
gain privileges via packet spoofing.

Analysis
----------------
ED_PRI CAN-1999-1320 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1324
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:D-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or
MOTIF do not properly disable access to user accounts that exceed the
break-in limit threshold for failed login attempts, which makes it
easier for attackers to conduct brute force password guessing.

Analysis
----------------
ED_PRI CAN-1999-1324 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:C-19
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml

SAS System 5.18 on VAX/VMS is installed with insecure permissions for
its directories and startup file, which allows local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-1999-1325 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1379
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2
Reference: AUSCERT:AL-1999.004
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
Reference: CIAC:J-063
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml

DNS allows remote attackers to use DNS name servers as traffic
amplifiers via a UDP DNS query with a spoofed source address, which
produces more traffic to the victim than was sent by the attacker.

Analysis
----------------
ED_PRI CAN-1999-1379 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1488
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BID:371
Reference: URL:http://www.securityfocus.com/bid/371
Reference: CIAC:I-079A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml

sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote
attackers to read files without authentication.

Analysis
----------------
ED_PRI CAN-1999-1488 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1074
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/9138
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html
Reference: BID:98
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=98

Webmin before 0.5 does not restrict the number of invalid passwords
that are entered for a valid username, which could allow remote
attackers to gain privileges via brute force password cracking.

Analysis
----------------
ED_PRI CAN-1999-1074 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html

Windows 95, when Remote Administration and File Sharing for Netware
Networks is enabled, creates a share (C$) when an administrator logs
in remotely, which allows remote attackers to read arbitrary files by
mapping the network drive.

Analysis
----------------
ED_PRI CAN-1999-1105 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish

Directory traversal vulnerability in nph-publish before 1.2 allows
remote attackers to overwrite arbitrary files via a .. (dot dot) in
the pathname for an upload operation.

Analysis
----------------
ED_PRI CAN-1999-1177 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.statslab.cam.ac.uk/~sret1/analog/security.html
Reference: XF:analog-remote-file(1410)
Reference: URL:http://xforce.iss.net/static/1410.php

Vulnerability in Analog 3.0 and earlier allows remote attackers to
read arbitrary files via the forms interface.

Analysis
----------------
ED_PRI CAN-1999-1287 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
Reference: URL:http://xforce.iss.net/static/1397.php

Buffer overflow in nftp FTP client version 1.40 allows remote
malicious FTP servers to cause a denial of service, and possibly
execute arbitrary commands, via a long response string.

Analysis
----------------
ED_PRI CAN-1999-1290 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980106 Apache security advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88413292830649&w=2
Reference: CONFIRM:http://www.apache.org/info/security_bulletin_1.2.5.html

mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause
a denial of service via malformed FTP commands, which causes Apache to
dump core.

Analysis
----------------
ED_PRI CAN-1999-1293 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1327
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows
local users to gain root privileges via a long LANG environmental
variable.

Analysis
----------------
ED_PRI CAN-1999-1327 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf

linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users
to overwrite arbitrary files and gain root access via a symlink
attack.

Analysis
----------------
ED_PRI CAN-1999-1328 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1329
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows
local users to gain privileges.

Analysis
----------------
ED_PRI CAN-1999-1329 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1330
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html

The snprintf function in the db library 1.85.4 ignores the size
parameter, which could allow attackers to exploit buffer overflows
that would be prevented by a properly implemented snprintf.

Analysis
----------------
ED_PRI CAN-1999-1330 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1331
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be
controlled by users on reboot when an option is set, which allows
local users to cause a denial of service by shutting down the
interface.

Analysis
----------------
ED_PRI CAN-1999-1331 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1332
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980128 GZEXE - the big problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows
local users to overwrite files of other users via a symlink attack on
a temporary file.

Analysis
----------------
ED_PRI CAN-1999-1332 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1333
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux
5.0 and earlier allows remote attackers to execute arbitrary commands
via shell metacharacters in the names of files that are to be
downloaded.

Analysis
----------------
ED_PRI CAN-1999-1333 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980129 KSR[T] Advisory #7: filter
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88609666024181&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#elm

Multiple buffer overflows in filter command in Elm 2.4 allows
attackers to execute arbitrary commands via (1) long From: headers,
(2) long Reply-To: headers, or (3) via a long -f (filterfile) command
line argument.

Analysis
----------------
ED_PRI CAN-1999-1334 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp

snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux
4.0 is configured to allow remote attackers to read and write
sensitive information.

Analysis
----------------
ED_PRI CAN-1999-1335 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz

Vulnerability when Network Address Translation (NAT) is enabled in
Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw,
allows remote attackers to cause a denial of service (kernel panic)
via a ping -R (record route) command.

Analysis
----------------
ED_PRI CAN-1999-1339 2
Vendor Acknowledgement: yes patch

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1382
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980108 NetWare NFS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551

NetWare NFS mode 1 and 2 implements the "Read Only" flag in UNIX by
changing the ownership of a file to root, which allows local users to
gain root privileges by creating a setuid program and setting it to
"Read Only," which NetWare-NFS changes to a setuid root program.

Analysis
----------------
ED_PRI CAN-1999-1382 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1386
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl

Perl 5.004_04 and earlier follows symbolic links when running with the
-e option, which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/perl-eaXXXXX file.

Analysis
----------------
ED_PRI CAN-1999-1386 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1456
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/10368
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
Reference: URL:http://xforce.iss.net/static/1809.php

thttpd HTTP server 2.03 and earlier allows remote attackers to read
arbitrary files via a GET request with more than one leading / (slash)
character in the filename.

Analysis
----------------
ED_PRI CAN-1999-1456 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1462
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990426 FW: Security Notice: Big Brother 1.09b/c
Reference: URL:http://www.securityfocus.com/archive/1/13440
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: BID:142
Reference: URL:http://www.securityfocus.com/bid/142
Reference: XF:http-cgi-bigbrother-bbhist(3755)
Reference: URL:http://xforce.iss.net/static/3755.php

Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b
and 1.09c allows remote attacker to read portions of arbitrary files.

Analysis
----------------
ED_PRI CAN-1999-1462 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1474
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.microsoft.com/windows/ie/security/powerpoint.asp
Reference: XF:nt-ppt-patch(179)
Reference: URL:http://xforce.iss.net/static/179.php

PowerPoint 95 and 97 allows remote attackers to cause an application
to be run automatically without prompting the user, possibly through
the slide show, when the document is opened in browsers such as
Internet Explorer.

Analysis
----------------
ED_PRI CAN-1999-1474 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1481
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: BID:741
Reference: URL:http://www.securityfocus.com/bid/741
Reference: XF:squid-proxy-auth-access(3433)
Reference: URL:http://xforce.iss.net/static/3433.php

Squid 2.2.STABLE5 and below, when using external authentication,
allows attackers to bypass access controls via a newline in the
user/password pair.

Analysis
----------------
ED_PRI CAN-1999-1481 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT:
http://www.squid-cache.org/Versions/v2/2.2/bugs/ has a section titled
"Newlines in passwords confuses the authenticator program" which
addresses the problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1512
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: BID:527
Reference: URL:http://www.securityfocus.com/bid/527
Reference: XF:amavis-command-execute(2349)
Reference: URL:http://xforce.iss.net/static/2349.php

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote
attackers to execute arbitrary commands as root via an infected mail
message with shell metacharacters in the reply-to field.

Analysis
----------------
ED_PRI CAN-1999-1512 2
Vendor Acknowledgement: yes readme

ACKNOWLEDGEMENT:
The 1999-07-17 entry in the change log says "fixed possible exploit
published on BugTraq."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0808
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19980518 DHCP 1.0 and 2.0 SECURITY ALERT! (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925960&w=2
Reference: CIAC:I-053
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-053.shtml
Reference: MISC:ftp://ftp.isc.org/isc/dhcp/dhcp-1.0-history/dhcp-1.0.0-1.0pl1.diff.gz

Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0
and 2.0 allow a remote attacker to cause a denial of service (crash)
and possibly execute arbitrary commands via long options.

Analysis
----------------
ED_PRI CAN-1999-0808 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

While the public announcements do not provide the details, analysis of
the source diff in dhcp-1.0.0-1.0pl1.diff.gz clearly indicates that
the problem is related to long buffers and options processing.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19980813 CRM Temporary File Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/crmtmp-pub.shtml

Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log
files and temporary files, which may expose sensitive information, to
local users such as user IDs, passwords and SNMP community strings.

Analysis
----------------
ED_PRI CAN-1999-1042 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CISCO:19980813 CRM Temporary File Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/crmtmp-pub.shtml
Reference: CIAC:I-086
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-086.shtml
Reference: XF:cisco-crm-file-vuln(1575)
Reference: URL:http://xforce.iss.net/static/1575.php

Cisco Resource Manager (CRM) 1.1 and earlier creates certain files
with insecure permissions that allow local users to obtain sensitive
configuration information including usernames, passwords, and SNMP
community strings, from (1) swim_swd.log, (2) swim_debug.log, (3)
dbi_debug.log, and (4) temporary files whose names begin with "DPR_".

Analysis
----------------
ED_PRI CAN-1999-1126 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html

Cross-site scripting vulnerability in Third Voice Web annotation
utility allows remote users to read sensitive data and generate fake
web pages for other Third Voice users by injecting malicious
Javascript into an annotation.

Analysis
----------------
ED_PRI CAN-1999-1167 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1206
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1206
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990729 New ActiveX security problems in Windows 98 PCs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93336970231857&w=2
Reference: CONFIRM:http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm
Reference: BID:555
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=555

SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and
possibly other platforms and operating systems, installs two ActiveX
controls that are marked as safe for scripting, which allows remote
attackers to execute arbitrary commands via a malicious web page that
references (1) the Launch control, or (2) the RegObj control.

Analysis
----------------
ED_PRI CAN-1999-1206 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1355
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990817 Compaq PFCUser account
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93542118727732&w=2
Reference: NTBUGTRAQ:19990905 Case ID  SSRT0620  - PFCUser account communication
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93654336516711&w=2
Reference: NTBUGTRAQ:19990915 (I) UPDATE - PFCUser Account,
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822430801&w=2
Reference: NTBUGTRAQ:19991105 UPDATE: SSRT0620 Compaq Foundation Agents v4.40B  PFCUser issues
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94183795025294&w=2
Reference: CONFIRM:http://www.compaq.com/products/servers/management/advisory.html
Reference: XF:management-pfcuser(3231)
Reference: URL:http://xforce.iss.net/static/3231.php

BMC Patrol component, when installed with Compaq Insight Management
Agent 4.23 and earlier, or Management Agents for Servers 4.40 and
earlier, creates a PFCUser account with a default password and
potentially dangerous privileges.

Analysis
----------------
ED_PRI CAN-1999-1355 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1464
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1464
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19981105 Cisco IOS DFS Access List Leakage
Reference: URL:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml
Reference: CIAC:J-016
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-016.shtml
Reference: XF:cisco-acl-leakage(1401)
Reference: URL:http://xforce.iss.net/static/1401.php

Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast
switching (DFS) enabled allows remote attackers to bypass certain
access control lists when the router switches traffic from a
DFS-enabled interface to an interface that does not have DFS enabled,
as described by Cisco bug CSCdk35564.

Analysis
----------------
ED_PRI CAN-1999-1464 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

The Cisco advisory is vague about the details of the problems, but
makes clear that there are 2 separate problems.  Since the problem
appear in different versions of IOS, CD:SF-LOC argues to create
separate CVE items for the two problems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1465
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1465
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19981105 Cisco IOS DFS Access List Leakage
Reference: URL:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml
Reference: CIAC:J-016
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-016.shtml
Reference: XF:cisco-acl-leakage(1401)
Reference: URL:http://xforce.iss.net/static/1401.php

Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast
switching (DFS) enabled allows remote attackers to bypass certain
access control lists when the router switches traffic from a
DFS-enabled input interface to an output interface with a logical
subinterface.

Analysis
----------------
ED_PRI CAN-1999-1465 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

The Cisco advisory is vague about the details of the problems, but
makes clear that there are 2 separate problems.  Since the problem
appear in different versions of IOS, CD:SF-LOC argues to create
separate CVE items for the two problems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007