[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-73 - 24 candidates

I am proposing cluster RECENT-73 for review and voting by the
Editorial Board.

Name: RECENT-73
Description: Candidates announced between 9/1/2001 and 10/31/2001
Size: 24

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0663
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010815
Category: SF
Reference: MS:MS01-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-052.asp

Terminal Server in Windows NT and Windows 2000 allows remote
attackers to cause a denial of service via a sequence of invalid
Remote Data Protocol (RDP) packets.

Analysis
----------------
ED_PRI CAN-2001-0663 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0671
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0671
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010828
Category: SF
Reference: CERT:CA-2001-30
Reference: URL:http://www.cert.org/advisories/CA-2001-30.html
Reference: AIXAPAR:IY23037
Reference: AIXAPAR:IY23041
Reference: CERT-VN:VU#466239
Reference: URL:http://www.kb.cert.org/vuls/id/466239
Reference: CERT-VN:VU#388183
Reference: URL:http://www.kb.cert.org/vuls/id/388183
Reference: CERT-VN:VU#722143
Reference: URL:http://www.kb.cert.org/vuls/id/722143

Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost
in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root
privileges.

Analysis
----------------
ED_PRI CAN-2001-0671 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0716
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010926
Category: SF
Reference: ISS:20011016 Citrix MetaFrame Remote Denial of Service Vulnerability
Reference: URL:http://xforce.iss.net/alerts/advise99.php

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service
Pack 1 and earlier, allows remote attackers to cause a denial of
service (crash) via a large number of incomplete connections to the
server.

Analysis
----------------
ED_PRI CAN-2001-0716 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0720
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: MS:MS01-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-053.asp

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote
attackers to execute arbitrary commands by causing a BinHex or
MacBinary file type to be downloaded, which causes the files to be
executed if automatic decoding is enabled.

Analysis
----------------
ED_PRI CAN-2001-0720 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0796
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0796
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011023
Category: SF
Reference: SGI:20011001-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=8990

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and
FreeBSD 3.0, allows remote attackers to cause a denial of service via
a malformed IGMP multicast packet with a small response delay.

Analysis
----------------
ED_PRI CAN-2001-0796 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0834
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
Reference: BUGTRAQ:20011007 Re: Bug found in ht://Dig htsearch CGI
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2
Reference: CONECTIVA:CLA-2001:429
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
Reference: SUSE:SuSE-SA:2001:035
Reference: URL:http://www.suse.com/de/support/security/2001_035_htdig_txt.txt
Reference: DEBIAN:DSA-080
Reference: URL:http://www.debian.org/security/2001/dsa-080

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows
remote attackers to use the -c option to specify an alternate
configuration file, which could be used to (1) cause a denial of
service (CPU consumption) by specifying a large file such as
/dev/zero, or (2) read arbitrary files by uploading an alternate
configuration file that specifies the target file.

Analysis
----------------
ED_PRI CAN-2001-0834 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0835
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0835
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011024 Cross-site Scripting Flaw in webalizer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100394630702875&w=2
Reference: CONFIRM:http://www.mrunix.net/webalizer/news.html
Reference: SUSE:SuSE-SA:2001:040
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
Reference: REDHAT:RHSA-2001:141
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-141.html
Reference: ENGARDE:ESA-20011101-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1677.html
Reference: BID:3473
Reference: URL:http://www.securityfocus.com/bid/3473

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly
other versions, allows remote attackers to inject arbitrary HTML tags
by specifying them in (1) search keywords embedded in HTTP referrer
information, or (2) host names that are retrieved via a reverse DNS
lookup.

Analysis
----------------
ED_PRI CAN-2001-0835 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0843
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0843
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010921 squid DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100109679010256&w=2
Reference: REDHAT:RHSA-2001:113
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-113.html
Reference: SUSE:SuSE-SA:2001:037
Reference: URL:http://www.suse.de/de/support/security/2001_037_squid_txt.txt

Squid proxy server 2.4 and earlier allows remote attackers to cause a
denial of service (crash) via a mkdir-only FTP PUT request.

Analysis
----------------
ED_PRI CAN-2001-0843 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0845
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0845
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category:
Reference: COMPAQ:SSRT0738
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0738.shtml

Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2
through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain
access to unauthorized resources.

Analysis
----------------
ED_PRI CAN-2001-0845 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011113
Category: SF
Reference: BUGTRAQ:20010918 OpenSSH: sftp & bypassing keypair auth restrictions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html

OpenSSH before 2.9.9, when running sftp using sftp-server and using
restricted keypairs, allows remote authenticated users to bypass
authorized_keys2 command= restrictions using sftp commands.

Analysis
----------------
ED_PRI CAN-2001-0816 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0832
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0832
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf

Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users
to overwrite arbitrary files, possibly via a symlink attack or
incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory
or (2) an alternate directory as specified in the ORACLE_HOME
environmental variable, aka the "Oracle File Overwrite Security
Vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0832 2
Vendor Acknowledgement: yes advisory

The advisory is vague as to the cause of the problem, but the URL
includes "oracle_race.pdf" which indicates a race condition, and the
issue is exploitable by local users, and the fix is to change
directory permissions.  This, combined with other clues in the
advisory, makes it seem like a symlink problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0833
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0833
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: CF
Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local
users to execute arbitrary code via a long ORACLE_HOME environment
variable, aka the "Oracle Trace Collection Security Vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0833 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0836
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category:
Reference: BUGTRAQ:20011018 def-2001-30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100342151132277&w=2
Reference: BUGTRAQ:20011024 Oracle9iAS Web Cache Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395487007578&w=2

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote
attackers to execute arbitrary code via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2001-0836 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0830
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011023 Remote DoS in 6tunnel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386451702966&w=2
Reference: CONFIRM:ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz

6tunnel 0.08 and earlier does not properly close sockets that were
initiated by a client, which allows remote attackers to cause a denial
of service (resource exhaustion) by repeatedly connecting to and
disconnecting from the server.

Analysis
----------------
ED_PRI CAN-2001-0830 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT:
In the CHANGELOG forr 6tunnel-0.08, dated 2000-12-12, the author
states "fixed dos condition thanks to awayzzz," who is the poster.
For 0.09, dated 2001-10-18, the author credits awayzzz for "fixing the
fix."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0831
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0831
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: unknown
Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/OLS817alert.pdf

Vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when
audit functionality, SET_LABEL, or SQL*Predicate is being used, allows
local users to gain additional access.

Analysis
----------------
ED_PRI CAN-2001-0831 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0837
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2

DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable
locations in the installation directory, which allows local users to
read the information in (1) temp.html, (2) the log folder, and (3) the
PhoneBook folder.

Analysis
----------------
ED_PRI CAN-2001-0837 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0838
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0838
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011025 RWhoisd remote format string vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100402652724815&w=2

Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows
remote attackers execute arbitrary code via format string specifiers
in the -soa command.

Analysis
----------------
ED_PRI CAN-2001-0838 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0839
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0839
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category:
Reference: BUGTRAQ:20011025 Weak authentication in iBill's Password Management CGI
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100404371423927&w=2

ibillpm.pl in iBill password management system generates weak
passwords based on a client's MASTER_ACCOUNT, which allows remote
attackers to modify account information in the .htpasswd file via
brute force password guessing.

Analysis
----------------
ED_PRI CAN-2001-0839 3
Vendor Acknowledgement: unknown
Content Decisions: EX-ONLINE-SVC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0840
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0840
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: COMPAQ:SSRT0766
Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory.html

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows
remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

Analysis
----------------
ED_PRI CAN-2001-0840 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0841
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0841
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011030 Ikonboard Cookie filter vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100446445208739&w=2

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and
earlier allows remote attackers to overwrite files and gain privileges
via .. (dot dot) sequences in the amembernamecookie cookie.

Analysis
----------------
ED_PRI CAN-2001-0841 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

ABSTRACTION:
LB5000 and Ikonboard both exhibit the same problem, are offered by the
same vendor, and clearly use the same source code.  CD:SF-CODEBASE
might suggest combining these.  But if the programs are distributed
separately, then maybe they should be SPLIT.  However, since the
vendor's site is in Chinese, it is difficult to determine whether
these products are combined or not.  In the face of this uncertainty,
these issues will be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0842
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0842
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011030 LB5000 Cookie filter vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100446455809273&w=2

Directory traversal vulnerability in Search.cgi in LB5000 LB5000II
1029 and earlier allows remote attackers to overwrite files and gain
privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Analysis
----------------
ED_PRI CAN-2001-0842 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

ABSTRACTION:
LB5000 and Ikonboard both exhibit the same problem, are offered by the
same vendor, and clearly use the same source code.  CD:SF-CODEBASE
might suggest combining these.  But if the programs are distributed
separately, then maybe they should be SPLIT.  However, since the
vendor's site is in Chinese, it is difficult to determine whether
these products are combined or not.  In the face of this uncertainty,
these issues will be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0844
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0844
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011030 cgi vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100446263601021&w=2

Vulnerability in (1) Book of guests and (2) Post it! allows remote
attackers to execute arbitrary code via shell metacharacters in the
email parameter.

Analysis
----------------
ED_PRI CAN-2001-0844 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

It is not clear from the post whether these are 2 separate programs or
one.  The vendor URL, as reported by the discloser, does not work.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0846
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100448721830960&w=2

Lotus Domino 5.x allows remote attackers to read files or execute
arbitrary code by requesting the ReplicaID of the Web Administrator
template file (webadmin.ntf).

Analysis
----------------
ED_PRI CAN-2001-0846 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0847
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011031 Lotus Domino Default Navigator Protection By-pass (#NISR29102001B)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100448726831108&w=2

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive
information by accessing the default navigator $defaultNav via (1) URL
encoding the request, or (2) directly requesting the ReplicaID.

Analysis
----------------
ED_PRI CAN-2001-0847 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007