[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-70 - 28 candidates

I am proposing cluster RECENT-70 for review and voting by the
Editorial Board.

Name: RECENT-70
Description: Candidates announced between 6/2/2001 and 7/10/2001
Size: 28

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0757
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0757
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml
Reference: BID:2874
Reference: URL:http://www.securityfocus.com/bid/2874

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC
card does not properly disable access when a password has not been set
for vtys, which allows remote attackers to obtain access via telnet.

Analysis
----------------
ED_PRI CAN-2001-0757 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0763
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html
Reference: CONECTIVA:CLA-2001:406
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406
Reference: DEBIAN:DSA-063
Reference: URL:http://www.debian.org/security/2001/dsa-063
Reference: SUSE:SA:2001:022
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow
remote attackers to execute arbitrary code via a long ident response,
which is not properly handled by the svc_logprint function.

Analysis
----------------
ED_PRI CAN-2001-0763 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0764
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0764
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: VULN-DEV:20010609 suid scotty / ntping overflow
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html
Reference: VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html
Reference: BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/192664
Reference: SUSE:SuSE-SA:2001:023
Reference: URL:http://www.suse.de/de/support/security/2001_023_scotty_txt.txt
Reference: XF:scotty-ntping-bo(6735)
Reference: URL:http://xforce.iss.net/static/6735.php
Reference: BID:2911
Reference: URL:http://www.securityfocus.com/bid/2911

Buffer overflow in ntping in scotty 2.1.0 allows local users to
execute arbitrary code via a long hostname as a command line argument.

Analysis
----------------
ED_PRI CAN-2001-0764 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0787
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: REDHAT:RHSA-2001:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-077.html

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships
in supplemental groups when lowering privileges, which could allow a
local user to elevate privileges.

Analysis
----------------
ED_PRI CAN-2001-0787 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0765
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html
Reference: CONFIRM:http://www.bisonftp.com/ServRev.htm
Reference: BID:2963
Reference: URL:http://www.securityfocus.com/bid/2963

BisonFTP V4R1 allows local users to access directories outside of
their home directory by uploading .bdl files, which can then be linked
to other directories.

Analysis
----------------
ED_PRI CAN-2001-0765 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT:
At http://www.bisonftp.com/ServRev.htm, the entry for July 2nd 2001
says "Fix to repair security problem, allowing a command line ftp
client to traverse outside of the home directory if the client uploads
their own *.bdl"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0733
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0733
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010621 bugtraq submission
Reference: URL:http://www.securityfocus.com/archive/1/192711
Reference: BID:2912
Reference: URL:http://www.securityfocus.com/bid/2912
Reference: XF:eperl-embedded-code-execution(6743)
Reference: URL:http://xforce.iss.net/static/6743.php

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier
allows a remote attacker to execute arbitrary code by modifying the
'sinclude' file to point to another file that contains a #include
directive that references a file that contains the code.

Analysis
----------------
ED_PRI CAN-2001-0733 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0735
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0735
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010621 cfingerd local vulnerability (possibly root)
Reference: URL:http://www.securityfocus.com/archive/1/192844
Reference: BUGTRAQ:20010711 Another exploit for cfingerd <= 1.4.3-8
Reference: URL:http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain
Reference: DEBIAN:DSA-066
Reference: URL:http://www.debian.org/security/2001/dsa-066
Reference: BID:2914
Reference: URL:http://www.securityfocus.com/bid/2914
Reference: XF:cfingerd-util-bo(6744)
Reference: URL:http://xforce.iss.net/static/6744.php

Buffer overflow in cfingerd 1.4.3 and earlier with the
ALLOW_LINE_PARSING option enabled allows local users to execute
arbitrary code via a long line in the .nofinger file.

Analysis
----------------
ED_PRI CAN-2001-0735 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION:
CD:SF-LOC says to separate problems of different types; thus this
problem should be separated from CAN-2001-0609, which is a format
string vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0743
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0743
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010602 O'Reilly WebBoard 4.10.30 JavaScript code execution problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0326.html
Reference: BID:2814
Reference: URL:http://www.securityfocus.com/bid/2814

Paging function in O'Reilly WebBoard Pager 4.10 allows remote
attackers to cause a denial of service via a message with an escaped '
character followed by JavaScript commands.

Analysis
----------------
ED_PRI CAN-2001-0743 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0745
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0745
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html

Netscape 4.7x allows remote attackers to obtain sensitive information
such as the user's login, mailbox location and installation path via
Javascript that accesses the mailbox: URL in the document.referrer
property.

Analysis
----------------
ED_PRI CAN-2001-0745 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0756
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010607 cgisecurity.com Advisory #5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html
Reference: BUGTRAQ:20010611 re: Advisory #5 Corrections.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99237435902211&w=2

CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in
VirtualCart) allows remote attackers to execute arbitrary code via the
template parameter.

Analysis
----------------
ED_PRI CAN-2001-0756 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0758
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: MISC:http://www.securiteam.com/windowsntfocus/5SP011P4KC.html

Directory traversal vulnerability in Shambala 4.5 allows remote
attackers to escape the FTP root directory via "CWD ..."  command.

Analysis
----------------
ED_PRI CAN-2001-0758 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0759
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0759
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010614 Buffer overflow in BestCrypt for Linux
Reference: URL:http://www.securityfocus.com/archive/1/191111
Reference: BID:2875
Reference: URL:http://www.securityfocus.com/bid/2875

Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows
local users to execute arbitrary code via a file or directory with a
long pathname, which is processed during an unmount.

Analysis
----------------
ED_PRI CAN-2001-0759 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT:
Discloser claimed acknowledgement but I cannot find it on jetico site.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0760
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0760
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010630 Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194449
Reference: BUGTRAQ:20010702 Re: Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194522
Reference: BID:2956
Reference: URL:http://www.securityfocus.com/bid/2956

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path
of the web root via a malformed request that does not provide the
session field.

Analysis
----------------
ED_PRI CAN-2001-0760 3
Vendor Acknowledgement:

The reply to the original Bugtraq post notes inability to replicate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0761
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0761
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010702 [SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194463
Reference: BID:2959
Reference: URL:http://www.securityfocus.com/bid/2959

Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager
1.2 allows remote attackers to execute arbitrary code via a long value
to a certain parameter.

Analysis
----------------
ED_PRI CAN-2001-0761 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0762
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010602 su-wrapper 1.1.1 Local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0057.html

Buffer overflow in su-wrapper 1.1.1 allows local users to execute
arbitrary code via a long first argument.

Analysis
----------------
ED_PRI CAN-2001-0762 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0766
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0766
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010610 Mac OS X - Apache & Case Insensitive Filesystems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html
Reference: BID:2852
Reference: URL:http://www.securityfocus.com/bid/2852

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows
remote attackers to bypass access restrictions via a URL that contains
some characters whose case is not matched by Apache's filters.

Analysis
----------------
ED_PRI CAN-2001-0766 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0773
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0773
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap
Reference: URL:http://www.securityfocus.com/archive/1/195644
Reference: BID:3001
Reference: URL:http://www.securityfocus.com/bid/3001

Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial
of service (crash) via a series of SYN or TCP connect requests.

Analysis
----------------
ED_PRI CAN-2001-0773 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0774
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0774
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010709 Tripwire temporary files
Reference: URL:http://www.securityfocus.com/archive/1/195617
Reference: BID:3003
Reference: URL:http://www.securityfocus.com/bid/3003

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to ovperwrite
arbitrary files and possible gain privileges via a symbolic link
attack on temporary files.

Analysis
----------------
ED_PRI CAN-2001-0774 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0775
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010710 xloadimage remote exploit - tstot.c
Reference: URL:http://www.securityfocus.com/archive/1/195823
Reference: DEBIAN:DSA-069
Reference: URL:http://www.debian.org/security/2001/dsa-069
Reference: SUSE:SA:2001:024
Reference: URL:http://www.suse.de/de/support/security/2001_024_xli_txt.txt
Reference: BID:3006
Reference: URL:http://www.securityfocus.com/bid/3006

Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux
allows remote attacker to execute arbitrary code via a FACES format
image containing a long (1) Firstname or (2) Lastname field.

Analysis
----------------
ED_PRI CAN-2001-0775 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0782
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0782
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: CF
Reference: BUGTRAQ:20010622 Symlinks symlinks...this time KTVision
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0302.html
Reference: XF:ktvision-symlink(6741)
Reference: URL:http://xforce.iss.net/static/6741.php

KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root
privileges via a symlink attack on a user configuration file.

Analysis
----------------
ED_PRI CAN-2001-0782 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0783
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0783
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010618 Cisco TFTPD 1.1 Vulerablity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html
Reference: BID:2886
Reference: URL:http://www.securityfocus.com/bid/2886

Cisco TFTP server 1.1 allows remote attackers to read arbitrary files
via a ..(dot dot) attack in the GET command.

Analysis
----------------
ED_PRI CAN-2001-0783 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0784
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010626 Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html
Reference: BID:2932
Reference: URL:http://www.securityfocus.com/bid/2932

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows
remote attackers to read arbitrary files via a modified .. (dot dot)
attack using encoded URL characters.

Analysis
----------------
ED_PRI CAN-2001-0784 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0785
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0785
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
Reference: BID:2883
Reference: URL:http://www.securityfocus.com/bid/2883

Directory traversal in Webpaging interface in Internet Software
Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows
remote attackers to read arbitrary files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2001-0785 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0786
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0786
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
Reference: BID:2882
Reference: URL:http://www.securityfocus.com/bid/2882

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2
stores user passwords in plaintext in the pUser.Dat file.

Analysis
----------------
ED_PRI CAN-2001-0786 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0788
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
Reference: BID:2881
Reference: URL:http://www.securityfocus.com/bid/2881

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2
allows remote attackers to obtain an absolute path for the server
directory by viewing the Location header.

Analysis
----------------
ED_PRI CAN-2001-0788 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0789
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0789
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010621 SECURITY.NNOV: KAV (AVP) for sendmail format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0274.html

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2
for Sendmail allows remote attacker to cause a denial of service or
possibly execute arbitrary code via a malformed mail message.

Analysis
----------------
ED_PRI CAN-2001-0789 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0794
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0794
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010621 A-FTP Anonymous FTP Server Remote DoS attack Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0280.html

Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers
to cause a denial of service via a long USER command.

Analysis
----------------
ED_PRI CAN-2001-0794 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0795
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0795
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010625 Perception LiteServe MS-DOS filename vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0328.html
Reference: BID:2926
Reference: URL:http://www.securityfocus.com/bid/2926

Perception LiteServe 1.25 allows remote attackers to obtain source
code of CGI scripts via URLs that contain MS-DOS conventions such as
(1) upper case letters or (2) 8.3 file names.

Analysis
----------------
ED_PRI CAN-2001-0795 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007