[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 94 candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0756	CVE-1999-0756
CAN-2000-0243	CVE-2000-0243
CAN-2000-0568	CVE-2000-0568
CAN-2000-0569	CVE-2000-0569
CAN-2000-0576	CVE-2000-0576
CAN-2000-0620	CVE-2000-0620
CAN-2000-0799	CVE-2000-0799
CAN-2000-0877	CVE-2000-0877
CAN-2000-0897	CVE-2000-0897
CAN-2000-0945	CVE-2000-0945
CAN-2000-1047	CVE-2000-1047
CAN-2001-0004	CVE-2001-0004
CAN-2001-0020	CVE-2001-0020
CAN-2001-0077	CVE-2001-0077
CAN-2001-0078	CVE-2001-0078
CAN-2001-0095	CVE-2001-0095
CAN-2001-0108	CVE-2001-0108
CAN-2001-0121	CVE-2001-0121
CAN-2001-0136	CVE-2001-0136
CAN-2001-0155	CVE-2001-0155
CAN-2001-0164	CVE-2001-0164
CAN-2001-0174	CVE-2001-0174
CAN-2001-0175	CVE-2001-0175
CAN-2001-0176	CVE-2001-0176
CAN-2001-0182	CVE-2001-0182
CAN-2001-0189	CVE-2001-0189
CAN-2001-0203	CVE-2001-0203
CAN-2001-0207	CVE-2001-0207
CAN-2001-0215	CVE-2001-0215
CAN-2001-0235	CVE-2001-0235
CAN-2001-0237	CVE-2001-0237
CAN-2001-0238	CVE-2001-0238
CAN-2001-0239	CVE-2001-0239
CAN-2001-0240	CVE-2001-0240
CAN-2001-0241	CVE-2001-0241
CAN-2001-0243	CVE-2001-0243
CAN-2001-0244	CVE-2001-0244
CAN-2001-0245	CVE-2001-0245
CAN-2001-0330	CVE-2001-0330
CAN-2001-0331	CVE-2001-0331
CAN-2001-0333	CVE-2001-0333
CAN-2001-0334	CVE-2001-0334
CAN-2001-0335	CVE-2001-0335
CAN-2001-0336	CVE-2001-0336
CAN-2001-0338	CVE-2001-0338
CAN-2001-0339	CVE-2001-0339
CAN-2001-0340	CVE-2001-0340
CAN-2001-0341	CVE-2001-0341
CAN-2001-0344	CVE-2001-0344
CAN-2001-0345	CVE-2001-0345
CAN-2001-0346	CVE-2001-0346
CAN-2001-0347	CVE-2001-0347
CAN-2001-0348	CVE-2001-0348
CAN-2001-0351	CVE-2001-0351
CAN-2001-0353	CVE-2001-0353
CAN-2001-0361	CVE-2001-0361
CAN-2001-0368	CVE-2001-0368
CAN-2001-0377	CVE-2001-0377
CAN-2001-0378	CVE-2001-0378
CAN-2001-0379	CVE-2001-0379
CAN-2001-0383	CVE-2001-0383
CAN-2001-0387	CVE-2001-0387
CAN-2001-0388	CVE-2001-0388
CAN-2001-0402	CVE-2001-0402
CAN-2001-0405	CVE-2001-0405
CAN-2001-0408	CVE-2001-0408
CAN-2001-0409	CVE-2001-0409
CAN-2001-0412	CVE-2001-0412
CAN-2001-0413	CVE-2001-0413
CAN-2001-0414	CVE-2001-0414
CAN-2001-0427	CVE-2001-0427
CAN-2001-0428	CVE-2001-0428
CAN-2001-0429	CVE-2001-0429
CAN-2001-0430	CVE-2001-0430
CAN-2001-0434	CVE-2001-0434
CAN-2001-0439	CVE-2001-0439
CAN-2001-0440	CVE-2001-0440
CAN-2001-0455	CVE-2001-0455
CAN-2001-0456	CVE-2001-0456
CAN-2001-0457	CVE-2001-0457
CAN-2001-0462	CVE-2001-0462
CAN-2001-0465	CVE-2001-0465
CAN-2001-0467	CVE-2001-0467
CAN-2001-0469	CVE-2001-0469
CAN-2001-0473	CVE-2001-0473
CAN-2001-0474	CVE-2001-0474
CAN-2001-0475	CVE-2001-0475
CAN-2001-0481	CVE-2001-0481
CAN-2001-0482	CVE-2001-0482
CAN-2001-0486	CVE-2001-0486
CAN-2001-0488	CVE-2001-0488
CAN-2001-0489	CVE-2001-0489
CAN-2001-0494	CVE-2001-0494
CAN-2001-0495	CVE-2001-0495


======================================================
Candidate: CAN-1999-0756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0756
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos(2207)
Reference: URL:http://xforce.iss.net/static/2207.php

ColdFusion Administrator with Advanced Security enabled allows remote
users to stop the ColdFusion server via the Start/Stop utility.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-1999-0756 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:coldfusion-admin-dos


======================================================
Candidate: CAN-2000-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0243
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:http://xforce.iss.net/static/4189.php
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076

AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to
cause a denial of service via a short GET request to cgi-bin.


Modifications:
  DESC Remove "buffer overflow"
  CHANGEREF [normalize] XF:simpleserver-exception-dos(4189)

INFERRED ACTION: CAN-2000-0243 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Frech, Levy, Baker
   NOOP(3) Cole, Magdych, Christey

Voter Comments:
 Christey> Change description: this is a buffer *underflow*, now overflow.
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0568
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0568
Final-Decision: 20010918
Interim-Decision: 20010911
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se
Reference: XF:sybergen-routing-table-modify
Reference: BID:1417
Reference: URL:http://www.securityfocus.com/bid/1417

Sybergen Secure Desktop 2.1 does not properly protect against false
router advertisements (ICMP type 9), which allows remote attackers to
modify default routes.

INFERRED ACTION: CAN-2000-0568 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Levy, Baker, Frech
   NOOP(6) Wall, Cole, Armstrong, Magdych, LeBlanc, Ozancin

Voter Comments:
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0569
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
Reference: BID:1420
Reference: URL:http://www.securityfocus.com/bid/1420
Reference: XF:sygate-udp-packet-dos(5049)
Reference: URL:http://xforce.iss.net/static/5049.php

Sybergen Sygate allows remote attackers to cause a denial of service
by sending a malformed DNS UDP packet to its internal interface.


Modifications:
  CHANGEREF Change MISC reference to WIN2KSEC
  ADDREF XF:sygate-udp-packet-dos(5049)

INFERRED ACTION: CAN-2000-0569 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Levy, Baker, Cole
   MODIFY(1) Frech
   NOOP(5) Wall, Armstrong, Magdych, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:sygate-udp-packet-dos(5049)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0576
Final-Decision: 20010918
Interim-Decision: 20010911
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows
remote attackers to cause a denial of service via a malformed URL.

INFERRED ACTION: CAN-2000-0576 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Levy, Baker, Cole, Blake, Collins
   MODIFY(1) Frech
   NOOP(6) Wall, Bollinger, Armstrong, Magdych, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:oracle-web-listener-dos(4874)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0620
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0620
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409
Reference: XF:libx11-infinite-loop-dos(4996)
Reference: URL:http://xforce.iss.net/static/4996.php

libX11 X library allows remote attackers to cause a denial of service
via a resource mask of 0, which causes libX11 to go into an infinite
loop.


Modifications:
  ADDREF BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
  ADDREF XF:libx11-infinite-loop-dos(4996)

INFERRED ACTION: CAN-2000-0620 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Levy, Baker, Cole, Armstrong, Blake, Collins
   MODIFY(1) Frech
   NOOP(4) Wall, Magdych, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:libx11-infinite-loop-dos(4996)
   See also
   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-22%26msg%3DPine.LNX.4.21.0006192251480.9945-100000@ferret.lmh.ox.ac.uk, specifically flaw #2.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0799
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0799
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: BID:1530
Reference: URL:http://www.securityfocus.com/bid/1530
Reference: XF:irix-inpview-symlink(5065)
Reference: URL:http://xforce.iss.net/static/5065.php

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local
users to gain privileges via a symlink attack on the .ilmpAAA
temporary file.


Modifications:
  ADDREF XF:irix-inpview-symlink(5065)
  ADDREF SGI:20001101-01-I
  Add "InPerson" to facilitate search; add details for affected file.

INFERRED ACTION: CAN-2000-0799 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Levy, Baker
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> XF:irix-inpview-symlink
   http://xforce.iss.net/static/5065.php
 Christey> ADDREF SGI:20001101-01-I
   URL:http://archives.neohapsis.com/archives/vendor/2000-q4/0072.html
 Christey> Add "InPerson" to description to facilitate search, and
   describe the affected file as ".ilmpAAA"
   A brief allusion to this problem is also in:
   BUGTRAQ:19970507 Irix: misc
   http://www.securityfocus.com/archive/1/6702


======================================================
Candidate: CAN-2000-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0877
Final-Decision: 20010918
Interim-Decision: 20010911
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: XF:mailform-attach-file
Reference: URL:http://xforce.iss.net/static/5224.php

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read
arbitrary files by specifying the file name in the XX-attach_file
parameter, which MailForm then sends to the attacker.

INFERRED ACTION: CAN-2000-0877 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Frech, Collins, Baker
   NOOP(4) Wall, Cole, Armstrong, Magdych


======================================================
Candidate: CAN-2000-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0897
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20001219
Assigned: 20001114
Category: SF
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941
Reference: XF:small-http-nofile-dos(5524)
Reference: URL:http://xforce.iss.net/static/5524.php

Small HTTP Server 2.03 and earlier allows remote attackers to cause a
denial of service by repeatedly requesting a URL that references a
directory that does not contain an index.html file, which consumes
memory that is not released after the request is completed.


Modifications:
  ADDREF XF:small-http-nofile-dos(5524)
  ADDREF CONFIRM:http://home.lanck.net/mf/srv/index.htm
  DESC Change version to "before 2.03" based on vendor acknowledgement.

INFERRED ACTION: CAN-2000-0897 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Balinsky
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Armstrong

Voter Comments:
 Frech> XF:small-http-nofile-dos(5524)
 Balinsky> Vendor acknowledges problem in version 2.03 comments at this URL:
   http://home.lanck.net/mf/srv/index.htm


======================================================
Candidate: CAN-2000-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0945
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: URL:http://xforce.iss.net/static/5415.php
Reference: BID:1846
Reference: URL:http://www.securityfocus.com/bid/1846

The web configuration interface for Catalyst 3500 XL switches allows
remote attackers to execute arbitrary commands without authentication
when the enable password is not set, via a URL containing the /exec/
directory.


Modifications:
  CHANGEREF [normalize] XF:cisco-catalyst-remote-commands
  ADDREF BID:1846
  ADDREF BUGTRAQ:20001113 Re: 3500XL
  DESC added "when enable password is not set" based on Cisco followup

INFERRED ACTION: CAN-2000-0945 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Cole, Frech, Ziese, Renaud, Mell, Baker
   NOOP(2) Christey, Balinsky

Voter Comments:
 Christey> See Cisco's response at:
   http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
   It also references BID:1846
 CHANGE> [Balinsky changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1047
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010911-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server
Reference: URL:http://www.securityfocus.com/archive/1/143071
Reference: XF:lotus-domino-smtp-envid(5488)
Reference: URL:http://xforce.iss.net/static/5488.php
Reference: BID:1905
Reference: URL:http://www.securityfocus.com/bid/1905

Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands via a long ENVID keyword in the "MAIL FROM"
command.


Modifications:
  ADDREF XF:lotus-domino-smtp-envid(5488)

INFERRED ACTION: CAN-2000-1047 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Mell, Baker, Collins
   MODIFY(1) Frech
   NOOP(2) Cole, Wall

Voter Comments:
 Collins> SPR CDOY4GFP35 @ http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=CDOY4GFP35&SearchMax=0&Start=1&Count=25
 Frech> XF:lotus-domino-smtp-envid(5488)


======================================================
Candidate: CAN-2001-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0004
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-02
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2
Reference: MS:MS01-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
Reference: BID:2313
Reference: URL:http://www.securityfocus.com/bid/2313
Reference: XF:iis-read-files(5903)
Reference: URL:http://xforce.iss.net/static/5903.php

IIS 5.0 and 4.0 allows remote attackers to read the source code for
executable web server programs by appending "%3F+.htr" to the
requested URL, which causes the files to be parsed by the .HTR ISAPI
extension, aka a variant of the "File Fragment Reading via .HTR"
vulnerability.


Modifications:
  ADDREF XF:iis-read-files(5903)
  ADDREF BID:2313

INFERRED ACTION: CAN-2001-0004 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Baker, Cole, Collins, Ziese, Wall
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:microsoft-iis-read-files(5903)
 Christey> Change XF:microsoft-iis-read-files to XF:iis-read-files
 Christey> XF:iis-read-files(5903)
   BID:2313
 Christey> XF:iis-isapi-obtain-code
   URL:http://xforce.iss.net/static/6032.php
 Christey> OK, the proper XF reference to use is iis-read-files(5903).


======================================================
Candidate: CAN-2001-0020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0020
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010131
Category: SF
Reference: ATSTAKE:A013101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt
Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
Reference: XF:cisco-ccs-file-access(6031)
Reference: URL:http://xforce.iss.net/static/6031.php
Reference: BID:2331
Reference: URL:http://www.securityfocus.com/bid/2331

Directory traversal vulnerability in Arrowpoint (aka Cisco Content
Services, or CSS) allows local unprivileged users to read arbitrary
files via a .. (dot dot) attack.


Modifications:
  ADDREF XF:cisco-ccs-file-access(6031)
  ADDREF BID:2331

INFERRED ACTION: CAN-2001-0020 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Baker, Cole, Ziese
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:cisco-ccs-file-access(6031)
 Christey> XF:cisco-ccs-file-access
 Christey> BID:2331
   URL:http://www.securityfocus.com/bid/2331


======================================================
Candidate: CAN-2001-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0077
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category:
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:clustmon-no-authentication(6123)
Reference: URL:http://xforce.iss.net/static/6123.php

The clustmon service in Sun Cluster 2.x does not require
authentication, which allows remote attackers to obtain sensitive
information such as system logs and cluster configurations.


Modifications:
  ADDREF XF:clustmon-no-authentication(6123)

INFERRED ACTION: CAN-2001-0077 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Dik
   MODIFY(1) Frech
   NOOP(3) Cole, Ziese, Wall

Voter Comments:
 Frech> XF:clustmon-no-authentication(6123)


======================================================
Candidate: CAN-2001-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0078
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:ha-nfs-symlink(6125)
Reference: URL:http://xforce.iss.net/static/6125.php

in.mond in Sun Cluster 2.x allows local users to read arbitrary files
via a symlink attack on the status file of a host running HA-NFS.


Modifications:
  ADDREF XF:ha-nfs-symlink(6125)

INFERRED ACTION: CAN-2001-0078 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Dik
   MODIFY(1) Frech
   NOOP(3) Cole, Ziese, Wall

Voter Comments:
 Frech> XF:ha-nfs-symlink(6125)


======================================================
Candidate: CAN-2001-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0095
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
Reference: SUNBUG:4392144
Reference: XF:solaris-catman-symlink(5788)
Reference: URL:http://xforce.iss.net/static/5788.php

catman in Solaris 2.7 and 2.8 allows local users to overwrite
arbitrary files via a symlink attack on the sman_PID temporary file.


Modifications:
  ADDREF SUNBUG:4392144
  CHANGEREF [normalize] XF:solaris-catman-symlink(5788)

INFERRED ACTION: CAN-2001-0095 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Baker, Frech, Dik
   NOOP(3) Cole, Ziese, Wall

Voter Comments:
 Dik> Sun bug 4392144


======================================================
Candidate: CAN-2001-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0108
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://www.securityfocus.com/archive/1/156202
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: XF:php-htaccess-unauth-access(5940)
Reference: URL:http://xforce.iss.net/static/5940.php
Reference: BID:2206
Reference: URL:http://www.securityfocus.com/bid/2206

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass
.htaccess access restrictions via a malformed HTTP request on an
unrestricted page that causes PHP to use those access controls on the
next page that is requested.


Modifications:
  ADDREF MANDRAKE:MDKSA-2001:013
  ADDREF CONECTIVA:CLA-2001:373
  ADDREF DEBIAN:DSA-020
  ADDREF XF:php-htaccess-unauth-access(5940)

INFERRED ACTION: CAN-2001-0108 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Oliver
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> ADDREF MANDRAKE:MDKSA-2001:013
   http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
   Note that a second PHP problem is described here, but I don't
   think it's been given a CAN yet.
   CONECTIVA:CLA-2001:373
   DEBIAN:DSA-020
   http://www.debian.org/security/2001/dsa-020
   XF:php-htaccess-unauth-access
   http://xforce.iss.net/static/5940.php
 Frech> XF:php-htaccess-unauth-access(5940)
 Oliver> Multiple vendor acknowledgement


======================================================
Candidate: CAN-2001-0121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0121
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html
Reference: XF:storagesoft-imagecast-dos(5901)
Reference: URL:http://xforce.iss.net/static/5901.php
Reference: BID:2174
Reference: URL:http://www.securityfocus.com/bid/2174

ImageCast Control Center 4.1.0 allows remote attackers to cause a
denial of service (resource exhaustion or system crash) via a long
string to port 12002.


Modifications:
  ADDREF XF:storagesoft-imagecast-dos(5901)

INFERRED ACTION: CAN-2001-0121 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Baker, Oliver
   MODIFY(1) Frech
   NOOP(4) Wall, Cole, Magdych, Christey

Voter Comments:
 Frech> XF:storagesoft-imagecast-dos(5901)
 Christey> XF:storagesoft-imagecast-dos
   URL:http://xforce.iss.net/static/5901.php
 Baker> An email to Storagesoft technical support resulted in an answer,
   confirming the existance of the vulnerability, and that it has not
   yet been patched, and it is unknown if the newer version 4.5, due for
   release will address it either.

   Subject:  ImageCast IC3 v 4.1 [Incident:main 010420-0020]
   Date:     Fri, 20 Apr 2001 15:42:55 -0600 (Mountain Daylight Time)
   From:     support@storagesoft.com
   To:       bakerd@mitre.org
   Recently you requested personal assistance from our on-line
   support center. Below is a summary of your request and our
   response.

   If we do not hear from you within 3 business days we will
   assume your issue has been resolved.

   Thank you for allowing us to be of service to you.
   -------------------------------------------------------------

   Summary:  ImageCast IC3 v 4.1
   Suggested Solution:
   At 04/20/2001 03:38 PM we wrote -
   Has this been fixed in release 4.2?
   No, the 4.2 control console is very similiar(in code) to 4.1.
   We are currently releasing 4.5 version - this is re-written code. It
   is available for evaluation on our downloads section, heres a link:
   http://www.storagesoft.com/support/updates.asp

   This (Security Issue) has not been tested however on 4.5.

   Keith J.
   STorageSoft technical Services

   Incident Details:
   Reference #:  010420-0020
   Product (R):  ImageCast
   Sub-Product:  Control Center
   Category (R):  General
   Contact:  bakerd@mitre.org
   Date Created:  04/20/2001 10:15 AM
   Last Updated:  04/20/2001 03:42 PM
   Elapsed Time:  5 Hours, 27 Minutes
   Status:  Unresolved
   Description: ImageCast IC3 is subject to a denial of service. By sending
   unusually long strings to the ICCC service listening on port 12002, the
   program will consume all available CPU usage refusing any new connections.
   Additionally, sending multiple packets containing long strings to port
   8081 will cause the ICCC service (ICCC.exe) to crash completely. A
   restart of the application is required in order to gain normal functionality.
   Has this been fixed in release 4.2?  I have reviewed the change notes
   on your site at :
   http://www.storagesoft.com/support/docs/currentversion/ReleaseNotes.htm
   but it does not mention the fix for these problems.  Can you either
   confirm that this has been repaired or tell me when the problem will be repaired
   in a released version of the product?


======================================================
Candidate: CAN-2001-0136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0136
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service
Reference: URL:http://www.securityfocus.com/archive/1/152206
Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: XF:proftpd-size-memory-leak
Reference: URL:http://xforce.iss.net/static/5801.php

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a
denial of service via a series of USER commands, and possibly SIZE
commands if the server has been improperly installed.


Modifications:
  ADDREF MANDRAKE:MDKSA-2001:021
  ADDREF DEBIAN:DSA-029
  ADDREF CONECTIVA:CLA-2001:380
  ADDREF BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel

INFERRED ACTION: CAN-2001-0136 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Baker, Magdych, Frech
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> ADDREF MANDRAKE:MDKSA-2001:021
   ADDREF DEBIAN:DSA-029
   ADDREF CONECTIVA:CLA-2001:380
 Christey> BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
   URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html


======================================================
Candidate: CAN-2001-0155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0155
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010216
Category: SF
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html

Format string vulnerability in VShell SSH gateway 1.0.1 and earlier
allows remote attackers to execute arbitrary commands via a user name
that contains format string specifiers.


Modifications:
  ADDREF CONFIRM:http://www.vandyke.com/products/vshell/security102.html
  DESC Change "long user name," which implies an overflow.

INFERRED ACTION: CAN-2001-0155 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Lawler, Baker
   MODIFY(1) Frech
   NOOP(2) Cole, Ziese

Voter Comments:
 Frech> XF:vshell-username-bo(6146)
   CONFIRM:http://www.vandyke.com/products/vshell/security102.html


======================================================
Candidate: CAN-2001-0164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0164
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010307
Category: SF
Reference: ATSTAKE:A030701-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt
Reference: XF:netscape-directory-server-bo(6233)
Reference: URL:http://xforce.iss.net/static/6233.php

Buffer overflow in Netscape Directory Server 4.12 and earlier allows
remote attackers to cause a denial of service or execute arbitrary
commands via a malformed recipient field.


Modifications:
  ADDREF XF:netscape-directory-server-bo(6233)

INFERRED ACTION: CAN-2001-0164 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Lawler, Baker, Cole, Ziese
   MODIFY(1) Frech

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:netscape-directory-server-bo(6233)


======================================================
Candidate: CAN-2001-0174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0174
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html
Reference: XF:virusbuster-mua-bo(6034)
Reference: URL:http://xforce.iss.net/static/6034.php

Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a large "To" address.


Modifications:
  CHANGEREF [normalize] XF:virusbuster-mua-bo(6034)

INFERRED ACTION: CAN-2001-0174 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Baker, Frech
   NOOP(1) Ziese

Voter Comments:
 Lawler> Upgrade to 8.01 or later.


======================================================
Candidate: CAN-2001-0175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0175
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2273
Reference: URL:http://www.securityfocus.com/bid/2273
Reference: XF:netscape-fasttrack-cache-dos(5985)
Reference: URL:http://xforce.iss.net/static/5985.php

The caching module in Netscape Fasttrack Server 4.1 allows remote
attackers to cause a denial of service (resource exhaustion) by
requesting a large number of non-existent URLs.


Modifications:
  DESC Fix typo: "URL's" should be "URLs"
  CHANGEREF [normalize] XF:netscape-fasttrack-cache-dos(5985)

INFERRED ACTION: CAN-2001-0175 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Baker, Frech
   NOOP(1) Ziese

Voter Comments:
 Frech> In description, consider changing possessive "URL's" to plural
   "URLs".


======================================================
Candidate: CAN-2001-0176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0176
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
Reference: BID:2125
Reference: URL:http://www.securityfocus.com/bid/2125
Reference: XF:sonata-command-execute(5787)
Reference: URL:http://xforce.iss.net/static/5787.php

The setuid doroot program in Voyant Sonata 3.x executes arbitrary
command line arguments, which allows local users to gain root
privileges.


Modifications:
  ADDREF XF:sonata-command-execute(5787)

INFERRED ACTION: CAN-2001-0176 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Lawler, Baker
   MODIFY(1) Frech
   NOOP(1) Ziese

Voter Comments:
 Lawler> This doroot command appears to be a "feature" to the vendor.
 Frech> XF:sonata-command-execute(5787)


======================================================
Candidate: CAN-2001-0182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0182
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
Reference: XF:fw1-limited-license-dos
Reference: URL:http://xforce.iss.net/static/5966.php
Reference: BID:2238
Reference: URL:http://www.securityfocus.com/bid/2238

FireWall-1 4.1 with a limited-IP license allows remote attackers to
cause a denial of service by sending a large number of spoofed IP
packets with various source addresses to the inside interface, which
floods the console with warning messages and consumes CPU resources.


Modifications:
  DESC Fix typo

INFERRED ACTION: CAN-2001-0182 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Baker, Frech
   NOOP(1) Ziese

Voter Comments:
 Lawler> Checkpoint is fixing this in the next service release.  A work
   around is available.
 Frech> In description, product name is FireWall-1.


======================================================
Candidate: CAN-2001-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0189
Final-Decision: 20010918
Interim-Decision: 20010911
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
Reference: BID:2268
Reference: URL:http://www.securityfocus.com/bid/2268
Reference: XF:localweb2k-directory-traversal
Reference: URL:http://xforce.iss.net/static/5982.php

Directory traversal vulnerability in LocalWEB2000 HTTP server allows
remote attackers to read arbitrary commands via a .. (dot dot) attack
in an HTTP GET request.

INFERRED ACTION: CAN-2001-0189 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Baker, Frech
   NOOP(1) Ziese

Voter Comments:
 Lawler> Will be fixed in a future release.


======================================================
Candidate: CAN-2001-0203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0203
Final-Decision: 20010918
Interim-Decision: 20010911
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
Reference: BID:2284
Reference: URL:http://www.securityfocus.com/bid/2284
Reference: XF:watchguard-firebox-obtain-passphrase
Reference: URL:http://xforce.iss.net/static/5979.php

Watchguard Firebox II firewall allows users with read-only access to
gain read-write access, and administrative privileges, by accessing a
file that contains hashed passphrases, and using the hashes during
authentication.

INFERRED ACTION: CAN-2001-0203 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Frech, Oliver
   NOOP(1) Ziese

Voter Comments:
 Oliver> Vendor acknowledged and commented in hotfix


======================================================
Candidate: CAN-2001-0207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0207
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 Buffer overflow in bing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0333.html
Reference: XF:linux-bing-bo
Reference: URL:http://xforce.iss.net/static/6036.php
Reference: BID:2279
Reference: URL:http://www.securityfocus.com/bid/2279

Buffer overflow in bing allows remote attackers to execute arbitrary
commands via a long hostname, which is copied to a small buffer after
a reverse DNS lookup using the gethostbyaddr function.


Modifications:
  DESC Fix typo: "toe xecute"

INFERRED ACTION: CAN-2001-0207 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Frech, Oliver
   NOOP(2) Lawler, Ziese

Voter Comments:
 Frech> In description, normalize spelling of "toe xecute"


======================================================
Candidate: CAN-2001-0215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0215
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html
Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
Reference: XF:roads-search-view-files(6097)
Reference: URL:http://xforce.iss.net/static/6097.php
Reference: BID:2371
Reference: URL:http://www.securityfocus.com/bid/2371

ROADS search.pl program allows remote attackers to read arbitrary
files by specifying the file name in the form parameter and
terminating the filename with a null byte.


Modifications:
  ADDREF XF:roads-search-view-files(6097)
  ADDREF CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html

INFERRED ACTION: CAN-2001-0215 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Lawler, Baker
   MODIFY(1) Frech
   NOOP(3) Cole, Christey, Ziese

Voter Comments:
 Frech> XF:roads-search-view-files(6097)
   CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
 Christey> CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html


======================================================
Candidate: CAN-2001-0235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0235
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-024
Reference: URL:http://www.debian.org/security/2001/dsa-024
Reference: FREEBSD:FreeBSD-SA-01:09
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
Reference: XF:crontab-read-files(6225)

Vulnerability in crontab allows local users to read crontab files of
other users by replacing the temporary file that is being edited while
crontab is running.


Modifications:
  ADDREF XF:crontab-read-files(6225)

INFERRED ACTION: CAN-2001-0235 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Lawler, Baker, Ziese
   MODIFY(1) Frech

Voter Comments:
 Lawler> Recommend maintaining reference to CVE-2000-0972
 Frech> XF:crontab-read-files(6225)


======================================================
Candidate: CAN-2001-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0237
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2
Reference: MS:MS01-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp
Reference: CIAC:L-079
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml
Reference: XF:win2k-kerberos-dos(6506)
Reference: URL:http://xforce.iss.net/static/6506.php
Reference: BID:2707
Reference: URL:http://www.securityfocus.com/bid/2707

Memory leak in Microsoft 2000 domain controller allows remote
attackers to cause a denial of service by repeatedly connecting to the
Kerberos service and then disconnecting without sending any data.


Modifications:
  ADDREF XF:win2k-kerberos-dos(6506)
  ADDREF CIAC:L-079
  ADDREF BID:2707

INFERRED ACTION: CAN-2001-0237 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Balinsky> Although Microsoft does not specify that the memory leak is in the LSA subsystem, the behavior they describe is identical to that in the Bugtraq post.
 Frech> XF:win2k-kerberos-dos(6506)
 Christey> BID:2707
   URL:http://www.securityfocus.com/bid/2707


======================================================
Candidate: CAN-2001-0238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0238
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-022.asp
Reference: CIAC:L-074
Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml
Reference: XF:ms-dacipp-webdav-access(6405)
Reference: URL:http://xforce.iss.net/static/6405.php

Microsoft Data Access Component Internet Publishing Provider
8.103.2519.0 and earlier allows remote attackers to bypass Security
Zone restrictions via WebDAV requests.


Modifications:
  ADDREF XF:ms-dacipp-webdav-access(6405)
  ADDREF CIAC:L-074

INFERRED ACTION: CAN-2001-0238 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Wall, Renaud, Baker, Cole, Williams, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ms-dacipp-webdav-access(6405)


======================================================
Candidate: CAN-2001-0239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0239
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/176912
Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/179986
Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/177160
Reference: MS:MS01-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-021.asp
Reference: CIAC:L-073
Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml
Reference: BID:2600
Reference: URL:http://www.securityfocus.com/bid/2600
Reference: XF:isa-web-proxy-dos(6383)
Reference: URL:http://xforce.iss.net/static/6383.php

Microsoft Internet Security and Acceleration (ISA) Server 2000 Web
Proxy allows remote attackers to cause a denial of service via a long
web request with a specific type.


Modifications:
  DESC Remove "possibly execute arbitrary commands"
  ADDREF XF:isa-web-proxy-dos(6383)
  ADDREF CIAC:L-073

INFERRED ACTION: CAN-2001-0239 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Wall, Renaud, Baker, Cole, Ziese
   MODIFY(2) Williams, Frech

Voter Comments:
 Frech> XF:isa-web-proxy-dos(6383)
 Williams> get rid of "execute arbitrary commands" part of description.  preliminary analyis initially suggested that an exploitable overflow may have been present.  subsequent source code analysis by Microsoft indicated that only a heap overflow is present, and therefore that this vulnerability is not exploitable beyond DoS.


======================================================
Candidate: CAN-2001-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0240
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp
Reference: XF:word-rtf-macro-execution(6571)
Reference: URL:http://xforce.iss.net/static/6571.php
Reference: BID:2753
Reference: URL:http://www.securityfocus.com/bid/2753

Microsoft Word before Word 2002 allows attackers to automatically
execute macros without warning the user via a Rich Text Format (RTF)
document that links to a template with the embedded macro.


Modifications:
  ADDREF XF:word-rtf-macro-execution(6571)
  ADDREF BID:2753

INFERRED ACTION: CAN-2001-0240 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech
   NOOP(2) Renaud, Christey

Voter Comments:
 Frech> XF:word-rtf-macro-execution(6571)
 Christey> BID:2753
   URL:http://www.securityfocus.com/bid/2753


======================================================
Candidate: CAN-2001-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Reference: MS:MS01-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Reference: CERT:CA-2001-10
Reference: URL:http://www.cert.org/advisories/CA-2001-10.html
Reference: BID:2674
Reference: URL:http://www.securityfocus.com/bid/2674
Reference: XF:iis-isapi-printer-bo(6485)
Reference: URL:http://xforce.iss.net/static/6485.php

Buffer overflow in Internet Printing ISAPI extension in Windows 2000
allows remote attackers to gain root privileges via a long print
request that is passed to the extension through IIS 5.0.


Modifications:
  ADDREF XF:iis-isapi-printer-bo(6485)
  ADDREF CERT:CA-2001-10

INFERRED ACTION: CAN-2001-0241 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech

Voter Comments:
 Balinsky> The advisory authors reference the vendor acknowledgement, and agree with its accuracy.
 Frech> XF:iis-isapi-printer-bo(6485)


======================================================
Candidate: CAN-2001-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0243
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp
Reference: XF:mediaplayer-html-shortcut(6584)
Reference: URL:http://xforce.iss.net/static/6584.php
Reference: BID:2765
Reference: URL:http://www.securityfocus.com/bid/2765

Windows Media Player 7 and earlier stores Internet shortcuts in a
user's Temporary Files folder with a fixed filename instead of in the
Internet Explorer cache, which causes the HTML in those shortcuts to
run in the Local Computer Zone instead of the Internet Zone, which
allows remote attackers to read certain files.


Modifications:
  ADDREF XF:mediaplayer-html-shortcut(6584)
  ADDREF BID:2765

INFERRED ACTION: CAN-2001-0243 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech
   NOOP(2) Renaud, Christey

Voter Comments:
 Frech> XF:mediaplayer-html-shortcut(6584)
 Christey> BID:2765
   URL:http://www.securityfocus.com/bid/2765


======================================================
Candidate: CAN-2001-0244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0244
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: BID:2709
Reference: URL:http://www.securityfocus.com/bid/2709
Reference: XF:winnt-indexserver-search-bo(6517)
Reference: URL:http://xforce.iss.net/static/6517.php

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers
to execute arbitrary commands via a long search parameter.


Modifications:
  ADDREF XF:winnt-indexserver-search-bo(6517)
  ADDREF BID:2709

INFERRED ACTION: CAN-2001-0244 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:winnt-indexserver-search-bo(6517)


======================================================
Candidate: CAN-2001-0245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0245
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: XF:win-indexserver-view-files(6518)
Reference: URL:http://xforce.iss.net/static/6518.php

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in
Windows 2000, allows remote attackers to read server-side include
files via a malformed search request, aka a new variant of the
"Malformed Hit-Highlighting" vulnerability.


Modifications:
  ADDREF XF:win-indexserver-view-files(6518)

INFERRED ACTION: CAN-2001-0245 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win-indexserver-view-files(6518)


======================================================
Candidate: CAN-2001-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0330
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010427
Category: SF
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2671
Reference: URL:http://www.securityfocus.com/bid/2671
Reference: XF:bugzilla-gobalpl-gain-information(6489)
Reference: URL:http://xforce.iss.net/static/6489.php

Bugzilla 2.10 allows remote attackers to access sensitive information,
including the database username and password, via an HTTP request for
the globals.pl file, which is normally returned by the web server
without being executed.


Modifications:
  ADDREF XF:bugzilla-gobalpl-gain-information(6489)

INFERRED ACTION: CAN-2001-0330 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Renaud, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Wall, Oliver

Voter Comments:
 Frech> XF:bugzilla-gobalpl-gain-information(6489)


======================================================
Candidate: CAN-2001-0331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010508
Category: SF
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure	
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: SGI:20010501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P
Reference: XF:irix-espd-bo(6502)
Reference: URL:http://xforce.iss.net/static/6502.php

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in
IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary
commands.


Modifications:
  ADDREF XF:irix-espd-bo(6502)

INFERRED ACTION: CAN-2001-0331 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Renaud, Baker, Cole, Magdych, Williams
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:irix-espd-bo(6502)


======================================================
Candidate: CAN-2001-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: CERT:CA-2001-12
Reference: URL:http://www.cert.org/advisories/CA-2001-12.html
Reference: XF:iis-url-decoding(6534)
Reference: URL:http://xforce.iss.net/static/6534.php
Reference: BID:2708
Reference: URL:http://www.securityfocus.com/bid/2708

Directory traversal vulnerability in IIS 5.0 and earlier allows remote
attackers to execute arbitrary commands by encoding .. (dot dot) and
"\" characters twice.


Modifications:
  ADDREF XF:iis-url-decoding(6534)
  ADDREF BID:2708
  ADDREF CERT:CA-2001-12

INFERRED ACTION: CAN-2001-0333 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:iis-url-decoding(6534)
 Christey> BID:2708
   URL:http://www.securityfocus.com/bid/2708


======================================================
Candidate: CAN-2001-0334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0334
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-wildcard-dos(6535)
Reference: URL:http://xforce.iss.net/static/6535.php

FTP service in IIS 5.0 and earlier allows remote attackers to cause a
denial of service via a wildcard sequence that generates a long string
when it is expanded.


Modifications:
  ADDREF XF:iis-ftp-wildcard-dos(6535)

INFERRED ACTION: CAN-2001-0334 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-ftp-wildcard-dos(6535)


======================================================
Candidate: CAN-2001-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0335
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-domain-authentication(6545)
Reference: URL:http://xforce.iss.net/static/6545.php
Reference: BID:2719
Reference: URL:http://www.securityfocus.com/bid/2719

FTP service in IIS 5.0 and earlier allows remote attackers to
enumerate Guest accounts in trusted domains by preceding the username
with a special sequence of characters.


Modifications:
  ADDREF XF:iis-ftp-domain-authentication(6545)

INFERRED ACTION: CAN-2001-0335 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:iis-ftp-domain-authentication(6545)
 Christey> BID:2719
   URL:http://www.securityfocus.com/bid/2719


======================================================
Candidate: CAN-2001-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0336
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-crosssitescripting-patch-dos(6858)
Reference: URL:http://xforce.iss.net/static/6858.php

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an
error which allows attackers to cause a denial of service via a
malformed request.


Modifications:
  ADDREF XF:iis-crosssitescripting-patch-dos(6858)

INFERRED ACTION: CAN-2001-0336 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Wall, Renaud, Baker, Cole, Williams
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-crosssitescripting-patch-dos(6858)


======================================================
Candidate: CAN-2001-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0338
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-crl-certificate-spoofing(6555)
Reference: URL:http://xforce.iss.net/static/6555.php
Reference: BID:2735
Reference: URL:http://www.securityfocus.com/bid/2735

Internet Explorer 5.5 and earlier does not properly validate digital
certificates when Certificate Revocation List (CRL) checking is
enabled, which could allow remote attackers to spoof trusted web
sites, aka the "Server certificate validation vulnerability."


Modifications:
  ADDREF XF:ie-crl-certificate-spoofing(6555)
  ADDREF BID:2735
  ADDREF CIAC:L-087

INFERRED ACTION: CAN-2001-0338 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Wall, Baker, Balinsky, Cole, Williams
   MODIFY(1) Frech
   NOOP(2) Ziese, Renaud

Voter Comments:
 Frech> XF:ie-crl-certificate-spoofing(6555)


======================================================
Candidate: CAN-2001-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0339
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-html-url-spoofing(6556)
Reference: URL:http://xforce.iss.net/static/6556.php
Reference: BID:2737
Reference: URL:http://www.securityfocus.com/bid/2737

Internet Explorer 5.5 and earlier allows remote attackers to display a
URL in the address bar that is different than the URL that is actually
being displayed, which could be used in web site spoofing attacks, aka
the "Web page spoofing vulnerability."


Modifications:
  ADDREF XF:ie-html-url-spoofing(6556)
  ADDREF BID:2737
  ADDREF CIAC:L-087

INFERRED ACTION: CAN-2001-0339 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Wall, Baker, Balinsky, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Renaud, Cole

Voter Comments:
 Frech> XF:ie-html-url-spoofing(6556)


======================================================
Candidate: CAN-2001-0340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0340
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010510
Category: SF
Reference: MS:MS01-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp
Reference: CIAC:L-091
Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml
Reference: XF:exchange-owa-script-execution(6652)
Reference: URL:http://xforce.iss.net/static/6652.php

An interaction between the Outlook Web Access (OWA) service in
Microsoft Exchange 2000 Server and Internet Explorer allows attackers
to execute malicious script code against a user's mailbox via a
message attachment that contains HTML code, which is executed
automatically.


Modifications:
  ADDREF XF:exchange-owa-script-execution(6652)
  ADDREF CIAC:L-091

INFERRED ACTION: CAN-2001-0340 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(7) Ziese, Prosser, Stracener, Wall, Balinsky, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:exchange-owa-script-execution(6652)
 Prosser> MS01-030


======================================================
Candidate: CAN-2001-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0341
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010911-01
Proposed: 20010829
Assigned: 20010510
Category: SF
Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2
Reference: MS:MS01-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
Reference: BID:2906
Reference: URL:http://www.securityfocus.com/bid/2906
Reference: XF:frontpage-ext-rad-bo(6730)
Reference: URL:http://xforce.iss.net/static/6730.php

Buffer overflow in Microsoft Visual Studio RAD Support sub-component
of FrontPage Server Extensions allows remote attackers to execute
arbitrary commands via a long registration request (URL) to
fp30reg.dll.


Modifications:
  ADDREF XF:frontpage-ext-rad-bo(6730)

INFERRED ACTION: CAN-2001-0341 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Bishop, Ziese, Wall, Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Armstrong

Voter Comments:
 Frech> XF:frontpage-ext-rad-bo(6730)


======================================================
Candidate: CAN-2001-0344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0344
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp
Reference: CIAC:L-095
Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml
Reference: XF:mssql-cached-connection-access(6684)
Reference: URL:http://xforce.iss.net/static/6684.php

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using
Mixed Mode allows local database users to gain privileges by reusing a
cached connection of the sa administrator account.


Modifications:
  ADDREF XF:mssql-cached-connection-access(6684)
  ADDREF CIAC:L-095

INFERRED ACTION: CAN-2001-0344 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mssql-cached-connection-access(6684)


======================================================
Candidate: CAN-2001-0345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0345
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: BID:2843
Reference: URL:http://www.securityfocus.com/bid/2843
Reference: XF:win2k-telnet-idle-sessions-dos(6667)
Reference: URL:http://xforce.iss.net/static/6667.php

Microsoft Windows 2000 telnet service allows attackers to prevent idle
Telnet sessions from timing out, causing a denial of service by
creating a large number of idle sessions.


Modifications:
  ADDREF XF:win2k-telnet-idle-sessions-dos(6667)
  ADDREF BID:2843

INFERRED ACTION: CAN-2001-0345 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-telnet-idle-sessions-dos(6667)


======================================================
Candidate: CAN-2001-0346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0346
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010911-01
Proposed: 20010829
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: XF:win2k-telnet-handle-leak-dos(6668)
Reference: URL:http://xforce.iss.net/static/6668.php

Handle leak in Microsoft Windows 2000 telnet service allows attackers
to cause a denial of service by starting a large number of sessions
and terminating them.


Modifications:
  ADDREF XF:win2k-telnet-handle-leak-dos(6668)

INFERRED ACTION: CAN-2001-0346 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Bishop, Ziese, Wall, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-telnet-handle-leak-dos(6668)


======================================================
Candidate: CAN-2001-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0347
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: BID:2847
Reference: URL:http://www.securityfocus.com/bid/2847
Reference: XF:win2k-telnet-domain-authentication(6665)
Reference: URL:http://xforce.iss.net/static/6665.php

Information disclosure vulnerability in Microsoft Windows 2000 telnet
service allows remote attackers to determine the existence of user
accounts such as Guest, or log in to the server without specifying the
domain name, via a malformed userid.


Modifications:
  ADDREF XF:win2k-telnet-domain-authentication(6665)
  DESC Added details.

INFERRED ACTION: CAN-2001-0347 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Ziese, Stracener, Wall, Foat, Cole
   MODIFY(2) Balinsky, Frech

Voter Comments:
 Balinsky> Instead of "determine Guest accounts" say "access accounts, such as Guest, for which they know the password"
 Frech> XF:win2k-telnet-domain-authentication(6665)


======================================================
Candidate: CAN-2001-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0348
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: XF:win2k-telnet-username-dos(6666)
Reference: URL:http://xforce.iss.net/static/6666.php

Microsoft Windows 2000 telnet service allows attackers to cause a
denial of service (crash) via a long logon command that contains a
backspace.


Modifications:
  ADDREF XF:win2k-telnet-username-dos(6666)
  ADDREF BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
  ADDREF CIAC:L-092

INFERRED ACTION: CAN-2001-0348 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-telnet-username-dos(6666)


======================================================
Candidate: CAN-2001-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0351
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: XF:win2k-telnet-system-call-dos(6669)
Reference: URL:http://xforce.iss.net/static/6669.php
Reference: BID:2846
Reference: URL:http://www.securityfocus.com/bid/2846

Microsoft Windows 2000 telnet service allows a local user to make a
certain system call that allows the user to terminate a Telnet session
and cause a denial of service.


Modifications:
  ADDREF XF:win2k-telnet-system-call-dos(6669)
  ADDREF BID:2846
  ADDREF CIAC:L-092

INFERRED ACTION: CAN-2001-0351 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-telnet-system-call-dos(6669)


======================================================
Candidate: CAN-2001-0353
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0353
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010523
Category: SF
Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
Reference: URL:http://xforce.iss.net/alerts/advise80.php
Reference: SUN:00206
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206
Reference: CERT:CA-2001-15
Reference: URL:http://www.cert.org/advisories/CA-2001-15.html
Reference: XF:solaris-lpd-bo(6718)
Reference: URL:http://xforce.iss.net/static/6718.php
Reference: BID:2894
Reference: URL:http://www.securityfocus.com/bid/2894

Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and
earlier allows local and remote attackers to gain root privileges via
a "transfer job" routine.


Modifications:
  ADDREF XF:solaris-lpd-bo(6718)
  ADDREF BID:2894
  ADDREF CERT:CA-2001-15
  ADDREF SUN:00206

INFERRED ACTION: CAN-2001-0353 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Stracener, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Christey

Voter Comments:
 Frech> XF:solaris-lpd-bo(6718)
 Christey> BID:2894
   http://www.securityfocus.com/bid/2894
 Christey> CERT:CA-2001-15
   URL:http://www.cert.org/advisories/CA-2001-15.html
   SUN:00206


======================================================
Candidate: CAN-2001-0361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0361
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2
Reference: CIAC:L-047
Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml
Reference: FREEBSD:FreeBSD-SA-01:24
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
Reference: DEBIAN:DSA-027
Reference: URL:http://www.debian.org/security/2001/dsa-027
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: URL:http://www.cisc.com/warp/public/707/SSH-multiple-pub.html
Reference: SUSE:SuSE-SA:2001:04
Reference: URL:http://www.suse.de/de/support/security/adv004_ssh.txt
Reference: XF:ssh-session-key-recovery(6082)
Reference: URL:http://xforce.iss.net/static/6082.php
Reference: BID:2344
Reference: URL:http://www.securityfocus.com/bid/2344

Implementations of SSH version 1.5, including (1) OpenSSH up to
version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in
certain configurations, allow a remote attacker to decrypt and/or
alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.


Modifications:
  DESC Shortened (slightly)
  ADDREF XF:ssh-session-key-recovery(6082)
  CHANGEREF [fix] BUGTRAQ
  ADDREF DEBIAN:DSA-027
  ADDREF CIAC:L-047
  ADDREF FREEBSD:FreeBSD-SA-01:24
  ADDREF CISCO:20010627 Multiple SSH Vulnerabilities
  ADDREF SUSE:SuSE-SA:2001:04

INFERRED ACTION: CAN-2001-0361 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Cole, Oliver
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ssh-session-key-recovery(6082)


======================================================
Candidate: CAN-2001-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0368
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
Reference: URL:http://www.securityfocus.com/archive/1/180644
Reference: BID:2672
Reference: URL:http://www.securityfocus.com/bid/2672
Reference: XF:bearshare-dot-download-files(6481)
Reference: URL:http://xforce.iss.net/static/6481.php

Directory traversal vulnerability in BearShare 2.2.2 and earlier
allows a remote attacker to read certain files via a URL containing a
series of . characters, a variation of the .. (dot dot) attack.


Modifications:
  ADDREF XF:bearshare-dot-download-files(6481)

INFERRED ACTION: CAN-2001-0368 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Renaud, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Wall, Oliver

Voter Comments:
 Frech> XF:bearshare-dot-download-files(6481)


======================================================
Candidate: CAN-2001-0377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0377
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
Reference: XF:inframail-post-dos(6297)
Reference: URL:http://xforce.iss.net/static/6297.php

Infradig Inframail prior to 3.98a allows a remote attacker to create a
denial of service via a malformed POST request which includes a space
followed by a large string.


Modifications:
  CHANGEREF [normalize] XF:inframail-post-dos(6297)

INFERRED ACTION: CAN-2001-0377 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0378
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
Reference: XF:bsd-readline-permissions(6586)
Reference: URL:http://xforce.iss.net/static/6586.php

readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history
files with insecure permissions, which allows a local attacker to
recover potentially sensitive information via readline history files.


Modifications:
  DELREF BUGTRAQ
  ADDREF XF:bsd-readline-permissions(6586)

INFERRED ACTION: CAN-2001-0378 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Ziese, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Oliver

Voter Comments:
 Frech> XF:bsd-readline-permissions(6586)
   BUGTRAQ reference is actually from OpenBSD-Security mailing
   list.


======================================================
Candidate: CAN-2001-0379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0379
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0103-147
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html
Reference: XF:hp-newgrp-additional-privileges(6282)
Reference: URL:http://xforce.iss.net/static/6282.php

Vulnerability in the newgrp program included with HP9000 servers
running HP-UX 11.11 allows a local attacker to obtain higher access
rights.


Modifications:
  ADDREF XF:hp-newgrp-additional-privileges(6282)

INFERRED ACTION: CAN-2001-0379 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:hp-newgrp-additional-privileges(6282)


======================================================
Candidate: CAN-2001-0383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0383
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010401 Php-nuke exploit...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes
Reference: XF:php-nuke-url-redirect(6342)
Reference: URL:http://xforce.iss.net/static/6342.php
Reference: BID:2544
Reference: URL:http://www.securityfocus.com/bid/2544

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to
modify banner ad URLs by directly calling the Change operation, which
does not require authentication.


Modifications:
  DESC fix typo: "URL's"
  ADDREF XF:php-nuke-url-redirect(6342)
  ADDREF BID:2544

INFERRED ACTION: CAN-2001-0383 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:php-nuke-url-redirect(6342)
   In description, URL's should be URLs (it is not possessive).
 Christey> I'll "own up" to the URL's typo (pun intended).


======================================================
Candidate: CAN-2001-0387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0387
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010412 HylaFAX vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/175963
Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html
Reference: FREEBSD:FreeBSD-SA-01:34
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html
Reference: SUSE:SuSE-SA:2001:15
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html
Reference: MANDRAKE:MDKSA-2001:041
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3
Reference: BID:2574
Reference: URL:http://www.securityfocus.com/bid/2574
Reference: XF:hylafax-hfaxd-format-string(6377)
Reference: URL:http://xforce.iss.net/static/6377.php

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows
local users to gain privileges via the -q command line argument.


Modifications:
  ADDREF XF:hylafax-hfaxd-format-string(6377)

INFERRED ACTION: CAN-2001-0387 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Ziese, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(2) Wall, Renaud

Voter Comments:
 Frech> XF:hylafax-hfaxd-format-string(6377)


======================================================
Candidate: CAN-2001-0388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0388
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:28
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
Reference: MANDRAKE:MDKSA-2001:034
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
Reference: SUSE:SuSE-SA:2001:07
Reference: URL:http://www.suse.de/de/support/security/2001_007_nkitserv.txt
Reference: XF:timed-remote-dos(6228)
Reference: URL:http://xforce.iss.net/static/6228.php

time server daemon timed allows remote attackers to cause a denial of
service via malformed packets.


Modifications:
  CHANGEREF [normalize] XF:timed-remote-dos(6228)

INFERRED ACTION: CAN-2001-0388 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Ziese, Baker, Cole, Frech, Oliver
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0402
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2
Reference: FREEBSD:FreeBSD-SA-01:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html
Reference: XF:ipfilter-access-ports(6331)
Reference: URL:http://xforce.iss.net/static/6331.php

IPFilter 3.4.16 and earlier does not include sufficient session
information in its cache, which allows remote attackers to bypass
access restrictions by sending fragmented packets to a restricted port
after sending unfragmented packets to an unrestricted port.


Modifications:
  ADDREF XF:ipfilter-access-ports(6331)

INFERRED ACTION: CAN-2001-0402 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ipfilter-access-ports(6331)


======================================================
Candidate: CAN-2001-0405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0405
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
Reference: REDHAT:RHSA-2001:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html
Reference: MANDRAKE:MDKSA-2001:071
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
Reference: BID:2602
Reference: URL:http://www.securityfocus.com/bid/2602
Reference: XF:linux-netfilter-iptables(6390)
Reference: URL:http://xforce.iss.net/static/6390.php

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote
attackers to bypass access restrictions for an FTP server via a PORT
command that lists an arbitrary IP address and port number, which is
added to the RELATED table and allowed by the firewall.


Modifications:
  ADDREF XF:linux-netfilter-iptables(6390)
  ADDREF MANDRAKE:MDKSA-2001:071

INFERRED ACTION: CAN-2001-0405 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Ziese, Prosser, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-netfilter-iptables(6390)
 Prosser> http://www.linux-mandrake.com/en/security/mdk-updates.php3?dis=8.0

   Additional reference:  http://www.tempest.com.br/advisories/01-2001.html


======================================================
Candidate: CAN-2001-0408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0408
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:035
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
Reference: REDHAT:RHSA-2001:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: BUGTRAQ:20010329 Immunix OS Security update for vim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2
Reference: BID:2510
Reference: URL:http://www.securityfocus.com/bid/2510
Reference: XF:vim-elevate-privileges(6259)
Reference: URL:http://xforce.iss.net/static/6259.php

vim (aka gvim) processes VIM control codes that are embedded in a
file, which could allow attackers to execute arbitrary commands when
another user opens a file containing malicious VIM control codes.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0408 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0409
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: XF:vim-tmp-symlink(6628)
Reference: URL:http://xforce.iss.net/static/6628.php

vim (aka gvim) allows local users to modify files being edited by
other users via a symlink attack on the backup and swap files, when
the victim is editing the file in a world writable directory.


Modifications:
  ADDREF XF:vim-tmp-symlink(6628)
  DESC fix typo

INFERRED ACTION: CAN-2001-0409 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:vim-tmp-symlink(6628)
   In description, writeable should be writable.


======================================================
Candidate: CAN-2001-0412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0412
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml
Reference: BID:2559
Reference: URL:http://www.securityfocus.com/bid/2559
Reference: XF:cisco-css-elevate-privileges(6322)
Reference: URL:http://xforce.iss.net/static/6322.php

Cisco Content Services (CSS) switch products 11800 and earlier, aka
Arrowpoint, allows local users to gain privileges by entering debug
mode.


Modifications:
  ADDREF XF:cisco-css-elevate-privileges(6322)
  ADDREF BID:2559

INFERRED ACTION: CAN-2001-0412 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-css-elevate-privileges(6322)


======================================================
Candidate: CAN-2001-0413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0413
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2
Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2
Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
Reference: BUGTRAQ:20010409 BINTEC X1200
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2
Reference: XF:bintec-x4000-nmap-dos(6323)
Reference: URL:http://xforce.iss.net/static/6323.php

BinTec X4000 Access router, and possibly other versions, allows remote
attackers to cause a denial of service via a SYN port scan, which
causes the router to hang.


Modifications:
  ADDREF XF:bintec-x4000-nmap-dos(6323)

INFERRED ACTION: CAN-2001-0413 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bintec-x4000-nmap-dos(6323)


======================================================
Candidate: CAN-2001-0414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0414
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2
Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2
Reference: REDHAT:RHSA-2001:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html
Reference: CALDERA:CSSA-2001-013
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
Reference: MANDRAKE:MDKSA-2001:036
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
Reference: DEBIAN:DSA-045
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2
Reference: NETBSD:NetBSD-SA2001-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
Reference: SUSE:SuSE-SA:2001:10
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
Reference: CONECTIVA:CLA-2001:392
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
Reference: FREEBSD:FreeBSD-SA-01:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
Reference: SCO:SSE073
Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr
Reference: SCO:SSE074
Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr
Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2
Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2
Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2
Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2
Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
Reference: BID:2540
Reference: URL:http://www.securityfocus.com/bid/2540
Reference: XF:ntpd-remote-bo(6321)
Reference: URL:http://xforce.iss.net/static/6321.php

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and
xntp3) allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a long readvar argument.


Modifications:
  ADDREF XF:ntpd-remote-bo(6321)

INFERRED ACTION: CAN-2001-0414 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Ziese, Baker, Bollinger, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ntpd-remote-bo(6321)


======================================================
Candidate: CAN-2001-0427
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0427
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Reference: XF:cisco-vpn-telnet-dos(6298)
Reference: URL:http://xforce.iss.net/static/6298.php

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote
attackers to cause a denial of service via a flood of invalid login
requests to (1) the SSL service, or (2) the telnet service, which do
not properly disconnect the user after several failed login attempts.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0427 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0428
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0428
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
Reference: BID:2573
Reference: URL:http://www.securityfocus.com/bid/2573
Reference: XF:cisco-vpn-ip-dos(6360)
Reference: URL:http://xforce.iss.net/static/6360.php

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote
attackers to cause a denial of service via an IP packet with an
invalid IP option.


Modifications:
  ADDREF XF:cisco-vpn-ip-dos(6360)

INFERRED ACTION: CAN-2001-0428 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-vpn-ip-dos(6360)


======================================================
Candidate: CAN-2001-0429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0429
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
Reference: CIAC:L-072
Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml
Reference: BID:2604
Reference: URL:http://www.securityfocus.com/bid/2604
Reference: XF:cisco-catalyst-8021x-dos(6379)
Reference: URL:http://xforce.iss.net/static/6379.php

Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an
802.1x frame on a Spanning Tree Protocol (STP) blocked port, which
causes a network storm and a denial of service.


Modifications:
  ADDREF XF:cisco-catalyst-8021x-dos(6379)
  ADDREF CIAC:L-072

INFERRED ACTION: CAN-2001-0429 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-catalyst-8021x-dos(6379)


======================================================
Candidate: CAN-2001-0430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0430
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-046
Reference: URL:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html
Reference: XF:exuberant-ctags-symlink(6388)
Reference: URL:http://xforce.iss.net/static/6388.php

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates
temporary files.


Modifications:
  ADDREF XF:exuberant-ctags-symlink(6388)
  DESC slight rewording

INFERRED ACTION: CAN-2001-0430 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:exuberant-ctags-symlink(6388)
   In description, a more proper grammar would be "insecurely
   creates temporary files."


======================================================
Candidate: CAN-2001-0434
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0434
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: COMPAQ:SSRT0716
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml
Reference: XF:compaq-activex-dos(6355)
Reference: URL:http://xforce.iss.net/static/6355.php

The LogDataListToFile ActiveX function used in (1) Knowledge Center
and (2) Back web components of Compaq Presario computers allows remote
attackers to modify arbitrary files and cause a denial of service.


Modifications:
  ADDREF XF:compaq-activex-dos(6355)

INFERRED ACTION: CAN-2001-0434 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:compaq-activex-dos(6355)


======================================================
Candidate: CAN-2001-0439
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0439
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: XF:licq-url-execute-commands(6261)
Reference: URL:http://xforce.iss.net/static/6261.php

licq before 1.0.3 allows remote attackers to execute arbitrary
commands via shell metacharacters in a URL.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0439 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0440
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: XF:licq-logging-bo(6645)
Reference: URL:http://xforce.iss.net/static/6645.php

Buffer overflow in logging functions of licq before 1.0.3 allows
remote attackers to cause a denial of service, and possibly execute
arbitrary commands.


Modifications:
  ADDREF XF:licq-logging-bo(6645)
  ADDREF REDHAT:RHSA-2001:022

INFERRED ACTION: CAN-2001-0440 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:licq-logging-bo(6645)


======================================================
Candidate: CAN-2001-0455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0455
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
Reference: XF:cisco-aironet-web-access(6200)
Reference: URL:http://xforce.iss.net/static/6200.php

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly
disable access to the web interface, which allows remote attackers to
modify its configuration.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0455 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(2) Oliver, Wall


======================================================
Candidate: CAN-2001-0456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0456
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: DEBIAN:DSA-032
Reference: URL:http://www.debian.org/security/2001/dsa-032
Reference: XF:proftpd-postinst-root(6208)
Reference: URL:http://xforce.iss.net/static/6208.php

postinst installation script for Proftpd in Debian 2.2 does not
properly change the "run as uid/gid root" configuration when the user
enables anonymous access, which causes the server to run at a higher
privilege than intended.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0456 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0457
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category:
Reference: DEBIAN:DSA-035
Reference: URL:http://www.debian.org/security/2001/dsa-035
Reference: XF:man2html-remote-dos(6211)
Reference: URL:http://xforce.iss.net/static/6211.php

man2html before 1.5-22 allows remote attackers to cause a denial of
service (memory exhaustion).


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0457 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0462
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for perl webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
Reference: XF:perl-webserver-directory-traversal(6451)
Reference: URL:http://xforce.iss.net/static/6451.php
Reference: BID:2648
Reference: URL:http://www.securityfocus.com/bid/2648

Directory traversal vulnerability in Perl web server 0.3 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot) in
the URL.


Modifications:
  ADDREF XF:perl-webserver-directory-traversal(6451)

INFERRED ACTION: CAN-2001-0462 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Cole, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Wall, Balinsky

Voter Comments:
 Frech> XF:perl-webserver-directory-traversal(6451)


======================================================
Candidate: CAN-2001-0465
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0465
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010405
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2
Reference: CONFIRM:http://www.turbotax.com/atr/update/
Reference: XF:turbotax-save-passwords(6622)
Reference: URL:http://xforce.iss.net/static/6622.php

TurboTax saves passwords in a temporary file when a user imports
investment tax information from a financial institution, which could
allow local users to obtain sensitive information.


Modifications:
  ADDREF XF:turbotax-save-passwords(6622)

INFERRED ACTION: CAN-2001-0465 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:turbotax-save-passwords(6622)


======================================================
Candidate: CAN-2001-0467
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0467
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server
Reference: URL:http://www.securityfocus.com/archive/1/178935
Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
Reference: BID:2643
Reference: URL:http://www.securityfocus.com/bid/2643
Reference: XF:viking-dot-directory-traversal(6450)
Reference: URL:http://xforce.iss.net/static/6450.php

Directory traversal vulnerability in RobTex Viking Web server before
1.07-381 allows remote attackers to read arbitrary files via a \...
(modified dot dot) in an HTTP URL request.


Modifications:
  ADDREF CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
  ADDREF XF:viking-dot-directory-traversal(6450)

INFERRED ACTION: CAN-2001-0467 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Baker, Balinsky, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Wall, Cole

Voter Comments:
 Balinsky> http://www.robtex.com/files/viking/beta/chglog.txt
   Beta change logs acknowledge the exploit (and its author).
 Frech> XF:viking-dot-directory-traversal(6450)
   CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
   (specifically: "-382	\...\-exploit fix  (thanks to Joe Testa
   http://hogs.rit.edu/~joet )")


======================================================
Candidate: CAN-2001-0469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0469
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:29
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
Reference: BID:2473
Reference: URL:http://www.securityfocus.com/bid/2473
Reference: XF:rwhod-remote-dos(6229)
Reference: URL:http://xforce.iss.net/static/6229.php

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other
operating systems, allows remote attackers to cause a denial of
service via malformed packets with a short length.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0469 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(2) Oliver, Wall


======================================================
Candidate: CAN-2001-0473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0473
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001-031
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
Reference: REDHAT:RHSA-2001:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html
Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2
Reference: CONECTIVA:CLA-2001:385
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
Reference: XF:mutt-imap-format-string(6235)
Reference: URL:http://xforce.iss.net/static/6235.php

Format string vulnerability in Mutt before 1.2.5 allows a remote
malicious IMAP server to execute arbitrary commands.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0473 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0474
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:029
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
Reference: XF:mesa-utahglx-symlink(6231)
Reference: URL:http://xforce.iss.net/static/6231.php

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local
users to overwrite arbitrary files via a symlink attack on the
/tmp/glxmemory file.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0474 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Ziese, Baker, Cole
   NOOP(2) Oliver, Wall


======================================================
Candidate: CAN-2001-0475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0475
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Reference: BID:2474
Reference: URL:http://www.securityfocus.com/bid/2474
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Reference: XF:vbulletin-php-elevate-privileges(6237)
Reference: URL:http://xforce.iss.net/static/6237.php

index.php in Jelsoft vBulletin does not properly initialize a PHP
variable that is used to store template information, which allows
remote attackers to execute arbitrary PHP code via special characters
in the templatecache parameter.


Modifications:
  CHANGEREF [normalize] XF

INFERRED ACTION: CAN-2001-0475 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Frech, Oliver, Ziese, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0481
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:043
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3
Reference: XF:linux-rpmdrake-temp-file(6494)
Reference: URL:http://xforce.iss.net/static/6494.php

Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure
temporary file handling.


Modifications:
  ADDREF XF:linux-rpmdrake-temp-file(6494)

INFERRED ACTION: CAN-2001-0481 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(5) Ziese, Renaud, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-rpmdrake-temp-file(6494)


======================================================
Candidate: CAN-2001-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0482
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0485.html
Reference: XF:pitbull-lx-modify-kernel(6623)
Reference: URL:http://xforce.iss.net/static/6623.php

Configuration error in Argus PitBull LX allows root users to bypass
specified access control restrictions and cause a denial of service or
execute arbitrary commands by modifying kernel variables such as
MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to
sysctl.


Modifications:
  ADDREF XF:pitbull-lx-modify-kernel(6623)

INFERRED ACTION: CAN-2001-0482 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(2) Ziese, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:pitbull-lx-modify-kernel(6623)


======================================================
Candidate: CAN-2001-0486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0486
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: VULN-DEV:20010402 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html
Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2
Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html
Reference: BID:2623
Reference: URL:http://www.securityfocus.com/bid/2623
Reference: XF:bordermanager-vpn-syn-dos(6429)
Reference: URL:http://xforce.iss.net/static/6429.php

Remote attackers can cause a denial of service in Novell BorderManager
3.6 and earlier by sending TCP SYN flood to port 353.


Modifications:
  ADDREF XF:bordermanager-vpn-syn-dos(6429)

INFERRED ACTION: CAN-2001-0486 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(3) Ziese, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bordermanager-vpn-syn-dos(6429)


======================================================
Candidate: CAN-2001-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0488
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0104-149
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0018.html
Reference: BID:2646
Reference: URL:http://www.securityfocus.com/bid/2646
Reference: XF:hp-pcltotiff-insecure-permissions(6447)
Reference: URL:http://xforce.iss.net/static/6447.php

pcltotiff in HP-UX 10.x has unnecessary set group id permissions,
which allows local users to cause a denial of service.


Modifications:
  ADDREF XF:hp-pcltotiff-insecure-permissions(6447)

INFERRED ACTION: CAN-2001-0488 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Ziese, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(3) Wall, Renaud, Balinsky

Voter Comments:
 Balinsky> Ziese already voted for Cisco, but the bugtraq link is a vendor acknowledgement.
 Frech> XF:hp-pcltotiff-insecure-permissions(6447)


======================================================
Candidate: CAN-2001-0489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0489
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: VULN-DEV:20010417 gftp exploitable?
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
Reference: REDHAT:RHSA-2001:053
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
Reference: MANDRAKE:MDKSA-2001-044
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0509.html
Reference: DEBIAN:DSA-057
Reference: URL:http://www.debian.org/security/2001/dsa-057
Reference: BID:2657
Reference: URL:http://www.securityfocus.com/bid/2657
Reference: XF:gftp-format-string(6478)
Reference: URL:http://xforce.iss.net/static/6478.php

Format string vulnerability in gftp prior to 2.0.8 allows remote
malicious FTP servers to execute arbitrary commands.


Modifications:
  ADDREF XF:gftp-format-string(6478)
  ADDREF DEBIAN:DSA-057
  ADDREF BID:2657
  ADDREF VULN-DEV:20010417 gftp exploitable?

INFERRED ACTION: CAN-2001-0489 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Ziese, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(3) Wall, Renaud, Christey

Voter Comments:
 Christey> Add VULN-DEV reference?
   http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
 Frech> XF:gftp-format-string(6478)


======================================================
Candidate: CAN-2001-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0494
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html
Reference: XF:ipswitch-imail-smtp-bo(6445)
Reference: URL:http://xforce.iss.net/static/6445.php

Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior
versions allows remote attackers to execute arbitrary code via a long
From: header.


Modifications:
  ADDREF XF:ipswitch-imail-smtp-bo(6445)

INFERRED ACTION: CAN-2001-0494 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Oliver, Renaud, Baker, Williams
   MODIFY(1) Frech
   NOOP(3) Ziese, Wall, Cole

Voter Comments:
 Oliver> Identified in news section of vendor's home page.
 Frech> XF:ipswitch-imail-smtp-bo(6445)


======================================================
Candidate: CAN-2001-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0495
Final-Decision: 20010918
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
Reference: BID:2660
Reference: URL:http://www.securityfocus.com/bid/2660
Reference: XF:webxq-dot-directory-traversal(6466)
Reference: URL:http://xforce.iss.net/static/6466.php

Directory traversal in DataWizard WebXQ server 1.204 allows remote
attackers to view files outside of the web root via a .. (dot dot)
attack.


Modifications:
  ADDREF XF:webxq-dot-directory-traversal(6466)

INFERRED ACTION: CAN-2001-0495 FINAL (Final Decision 20010918)

Current Votes:
   ACCEPT(4) Ziese, Baker, Cole, Williams
   MODIFY(1) Frech
   NOOP(2) Wall, Renaud

Voter Comments:
 Frech> XF:webxq-dot-directory-traversal(6466)

Page Last Updated or Reviewed: May 22, 2007