[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-76 - 40 candidates



I am proposing cluster RECENT-76 for review and voting by the
Editorial Board.

Name: RECENT-76
Description: Candidates announced between 8/1/2001 and 8/31/2001
Size: 40

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0969
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
Reference: XF:ipfw-me-unauthorized-access(7002)
Reference: URL:http://xforce.iss.net/static/7002.php
Reference: BID:3206
Reference: URL:http://www.securityfocus.com/bid/3206

ipfw in FreeBSD does not properly handle the use of "me" in its rules
when point to point interfaces are used, which causes ipfw to allow
connections from arbitrary remote hosts.

Analysis
----------------
ED_PRI CAN-2001-0969 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0976
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0976
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: HP:HPSBUX0108-165
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and
earlier, as used by HP-UX Workload Manager (WLM), allows local users
to gain root privileges via modified libraries or environment
variables.

Analysis
----------------
ED_PRI CAN-2001-0976 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0981
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: HP:HPSBUX0108-164
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix
password sync" option enabled calls the passwd program without
specifying the username of the user making the request, which could
cause the server to change the password of a different user.

Analysis
----------------
ED_PRI CAN-2001-0981 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99892644616749&w=2
Reference: REDHAT:RHSA-2001:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html
Reference: BID:3241
Reference: URL:http://www.securityfocus.com/bid/3241

The default configuration of the DVI print filter (dvips) in Red Hat
Linux 7.0 and earlier does not run dvips in secure mode when dvips is
executed by lpd, which could allow remote attackers to gain privileges
by printing a DVI file that contains malicious commands.

Analysis
----------------
ED_PRI CAN-2001-1002 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog
Reference: DEBIAN:DSA-074
Reference: URL:http://www.debian.org/security/2001/dsa-074
Reference: CONECTIVA:CLA-2001:411
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411
Reference: SUSE:SuSE-SA:2001:032
Reference: URL:http://www.suse.de/de/support/security/2001_032_wmaker_txt.txt
Reference: MANDRAKE:MDKSA-2001:074
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3
Reference: BID:3177
Reference: URL:http://www.securityfocus.com/bid/3177

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows
remote attackers to execute arbitrary code via a long window title.

Analysis
----------------
ED_PRI CAN-2001-1027 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CALDERA:CSSA-2001-SCO.12
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local
users to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1062 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CALDERA:CSSA-2001-SCO.14
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt
Reference: BID:3244
Reference: URL:http://www.securityfocus.com/bid/3244
Reference: XF:unixware-openunix-uidadmin-bo(7036)
Reference: URL:http://xforce.iss.net/static/7036.php

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7
allows local users to gain root privileges via a long -S (scheme)
command line argument.

Analysis
----------------
ED_PRI CAN-2001-1063 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0965
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html
Reference: CONFIRM:http://www.glftpd.org/
Reference: BID:3201
Reference: URL:http://www.securityfocus.com/bid/3201

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU
consumption) via a LIST command with an argument that contains a large
number of * (asterisk) characters.

Analysis
----------------
ED_PRI CAN-2001-0965 2
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: in a statement dated August 17, 2001, the glFTPD web
site says "Upgrade to 1.24 glftpd if using 1.23. The glFTPD v1.23
contains a very(x2) simple D.O.S. which affects the "LIST" Command."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0973
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010822 BSCW symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html
Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers
to read or modify arbitrary files by uploading and extracting a tar
file with a symlink into the data-bag space.

Analysis
----------------
ED_PRI CAN-2001-0973 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0995
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/210349
Reference: MISC:http://www.phprojekt.com/ChangeLog
Reference: BID:3239
Reference: URL:http://www.securityfocus.com/bid/3239
Reference: XF:phprojekt-id-modify(7035)
Reference: URL:http://xforce.iss.net/static/7035.php

PHProjekt before 2.4a allows remote attackers to perform actions as
other PHProjekt users by modifying the ID number in an HTTP request to
PHProjekt CGI programs.

Analysis
----------------
ED_PRI CAN-2001-0995 2
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The original Bugtraq announcement was posted by one
of the developers.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99677282117387&w=2
Reference: BUGTRAQ:20011024 Oracle File Overwrite Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395579811880&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
Reference: BID:3135
Reference: URL:http://www.securityfocus.com/bid/3135

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to
overwrite arbitrary files via a symlink attack on an Oracle log trace
(.trc) file that is created in an alternate home directory identified
by the ORACLE_HOME environment variable.

Analysis
----------------
ED_PRI CAN-2001-1041 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect?
Reference: URL:http://www.securityfocus.com/archive/1/203955
Reference: BID:3176
Reference: URL:http://www.securityfocus.com/bid/3176

Apache with mod_rewrite enabled on most UNIX systems allows remote
attackers to bypass RewriteRules by inserting extra / (slash)
characters into the requested path, which causes the regular
expression in the RewriteRule to fail

Analysis
----------------
ED_PRI CAN-2001-1072 2
Vendor Acknowledgement: yes via-email

ABSTRACTION: This problem is similar to CAN-2000-0913, but different.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0943
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010801 Oracle 8.1.5 dbnsmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/201020
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
Reference: BID:3129
Reference: URL:http://www.securityfocus.com/bid/3129

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the
PATH environment variable to find and execute the (1) chown or (2)
chgrp commands, which allows local users to execute arbitrary code by
modifying the PATH to point to Trojan Horse programs.

Analysis
----------------
ED_PRI CAN-2001-0943 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting between problems of
different types, so the 3 issues described in the Oracle advisory are
being split.  It could be argued that the CHOWN/CHGRP and ORACLE_HOME
problems are of the same type (trusting a user-supplied search path),
but they occur in different versions, so CD:SF-LOC is clear on
splitting between them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0966
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010818 [Real Security] Advisory for Nudester 1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0232.html
Reference: BID:3202
Reference: URL:http://www.securityfocus.com/bid/3202

Directory traversal vulnerability in Nudester 1.10 and earlier allows
remote attackers to read or write arbitrary files via a .. (dot dot)
in the CD (CWD) command.

Analysis
----------------
ED_PRI CAN-2001-0966 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0967
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
Reference: BID:3204
Reference: URL:http://www.securityfocus.com/bid/3204

Knox Arkeia server 4.2, and possibly other versions, uses a constant
salt when encrypting passwords using the crypt() function, which makes
it easier for an attacker to conduct brute force password guessing.

Analysis
----------------
ED_PRI CAN-2001-0967 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0968
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
Reference: BID:3203
Reference: URL:http://www.securityfocus.com/bid/3203

Knox Arkeia server 4.2, and possibly other versions, installs its root
user with a null password by default, which allows local and remote
users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0968 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0970
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010820 tdforum 1.2 Messageboard
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99832137410609&w=2
Reference: BID:3207
Reference: URL:http://www.securityfocus.com/bid/3207

Cross-site scripting vulnerability in TDForum 1.2 CGI script
(tdforum12.cgi) allows remote attackers to execute arbitrary script on
other clients via a forum message that contains the script.

Analysis
----------------
ED_PRI CAN-2001-0970 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0971
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010820 ACI 4D WebServer Directory traversal.
Reference: URL:http://www.securityfocus.com/archive/1/206102
Reference: BID:3209
Reference: URL:http://www.securityfocus.com/bid/3209

Directory traversal vulnerability in ACI 4d webserver allows remote
attackers to read arbitrary files via a .. (dot dot) or drive letter
(e.g., C:) in an HTTP request.

Analysis
----------------
ED_PRI CAN-2001-0971 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0972
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010820 security problem in surf-net ASP Discussion Forum < 2.30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99834088223352&w=2
Reference: BID:3210
Reference: URL:http://www.securityfocus.com/bid/3210

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on
the UserID, which allows remote attackers to gain administrative
privileges by calculating the value of the admin cookie (UserID 1),
i.e. "0888888."

Analysis
----------------
ED_PRI CAN-2001-0972 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0983
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010823 Re: Respondus v1.1.2 stores passwords using weak encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99861651923668&w=2
Reference: MISC:http://www.eve-software.com/security/ueditpw.html

UltraEdit uses weak encryption to record FTP passwords in the
uedit32.ini file, which allows local users who can read the file to
decrypt the passwords and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-0983 3
Vendor Acknowledgement:
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010823 Respondus v1.1.2 stores passwords using weak encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99859557930285&w=2

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames
and passwords, which allows local users who can read the WEBCT.SVR
file to decrypt the passwords and gain additional privileges.

Analysis
----------------
ED_PRI CAN-2001-1003 3
Vendor Acknowledgement:
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1004
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010830 gnut gnutella client html injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0415.html
Reference: MISC:http://www.gnutelliums.com/linux_unix/gnut/ChangeLog.txt

Cross-site scripting (CSS) vulnerability in gnut Gnutella client
before 0.4.27 allows remote attackers to execute arbitrary script on
other clients by sharing a file whose name contains the script tags.

Analysis
----------------
ED_PRI CAN-2001-1004 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the discloser claims that the vendor fixed the
problem, but the ChangeLog does not appear to contain any info.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1005
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067
Reference: BID:3231
Reference: URL:http://www.securityfocus.com/bid/3231

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak
encryption to store the user password in a registry key, which allows
attackers who have access to the registry key to decrypt the password
and gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1005 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1006
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067
Reference: BID:3232
Reference: URL:http://www.securityfocus.com/bid/3232

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not
encrypt sensitive files and relies solely on its password feature to
restrict access, which allows an attacker to read the files using a
different application.

Analysis
----------------
ED_PRI CAN-2001-1006 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a
small keyspace for device keys and does not impose a delay when an
incorrect key is entered, which allows attackers to more quickly guess
the key via a brute force attack.

Analysis
----------------
ED_PRI CAN-2001-1007 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html
Reference: BID:3245
Reference: URL:http://www.securityfocus.com/bid/3245

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the
certificate is expired, which could allow remote attackers to conduct
unauthorized activities via an applet that has been signed by an
expired certificate.

Analysis
----------------
ED_PRI CAN-2001-1008 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010809 Fetchmail security advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html
Reference: ENGARDE:ESA-20010816-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1555.html
Reference: REDHAT:RHSA-2001:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html
Reference: MANDRAKE:MDKSA-2001:072
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3
Reference: DEBIAN:DSA-071
Reference: URL:http://www.debian.org/security/2001/dsa-071
Reference: CONECTIVA:CLA-2001:419
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419
Reference: BID:3164
Reference: URL:http://www.securityfocus.com/bid/3164
Reference: BID:3166
Reference: URL:http://www.securityfocus.com/bid/3166

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious
(1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory
and possibly gain privileges via a negative index number as part of a
response to a LIST request.

Analysis
----------------
ED_PRI CAN-2001-1009 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: VULNWATCH:20010803 [VulnWatch] 3 phpnuke bugs (2 possibly lead to admin privs)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
Reference: BID:3149
Reference: URL:http://www.securityfocus.com/bid/3149

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL
operations by modifying the "prefix" variable when calling any scripts
that do not already define the prefix variable (e.g., by including
mainfile.php), such as article.php.

Analysis
----------------
ED_PRI CAN-2001-1025 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
Reference: URL:http://www.securityfocus.com/archive/1/200991
Reference: XF:locate-command-execution(6932)
Reference: URL:http://xforce.iss.net/static/6932.php
Reference: BID:3127
Reference: URL:http://www.securityfocus.com/bid/3127

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local
users to gain privileges via an old formatted filename database
(locatedb) that contains an entry with an out-of-range offset, which
causes locate to write to arbitrary process memory.

Analysis
----------------
ED_PRI CAN-2001-1036 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010801 HP Jetdirect passwords don't sync
Reference: URL:http://www.securityfocus.com/archive/1/201160
Reference: BID:3132
Reference: URL:http://www.securityfocus.com/bid/3132

The JetAdmin web interface for HP JetDirect does not set a password
for the telnet interface when the admin password is changed, which
allows remote attackers to gain access to the printer.

Analysis
----------------
ED_PRI CAN-2001-1039 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010802 Re: HP Jetdirect passwords don't sync
Reference: URL:http://www.securityfocus.com/archive/1/201224
Reference: BID:3132
Reference: URL:http://www.securityfocus.com/bid/3132

HP LaserJet, and possibly other JetDirect devices, resets the admin
password when the device is turned off, which could allow remote
attackers to access the device without the password.

Analysis
----------------
ED_PRI CAN-2001-1040 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: AIXAPAR:IY22255
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0003.html

Vulnerability in lsmcode in unknown versions of AIX, possibly related
to a usage error.

Analysis
----------------
ED_PRI CAN-2001-1061 3
Vendor Acknowledgement: yes
Content Decisions: VAGUE

CD:VAGUE states that if a vendor releases a vague report of a security
problem, that even though there is insufficient detail, the problem
should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
Reference: BID:3236
Reference: URL:http://www.securityfocus.com/bid/3236
Reference: XF:cisco-cbos-telnet-dos(7025)
Reference: URL:http://xforce.iss.net/static/7025.php
Reference: XF:cisco-cbos-http-dos(7026)
Reference: URL:http://xforce.iss.net/static/7026.php

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows
remote attackers to cause a denial of service via multiple connections
to the router on the (1) HTTP or (2) telnet service, which causes the
router to become unresponsive and stop forwarding packets.

Analysis
----------------
ED_PRI CAN-2001-1064 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
Reference: XF:cisco-cbos-web-config(7027)
Reference: URL:http://xforce.iss.net/static/7027.php

Web-based configuration utility in Cisco 600 series routers running
CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based
configuration services are disabled, which could leave the router open
to attack.

Analysis
----------------
ED_PRI CAN-2001-1065 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2

ns6install installation script for Netscape 6.01 on Solaris allows
local users to overwrite files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-1066 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html
Reference: BUGTRAQ:20010906 AOLserver exploit code
Reference: URL:http://www.securityfocus.com/archive/1/213041
Reference: BID:3230
Reference: URL:http://www.securityfocus.com/bid/3230
Reference: XF:aolserver-long-password-dos(7030)
Reference: URL:http://xforce.iss.net/static/7030.php

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a
denial of service, and possibly execute arbitrary code, via an HTTP
request with a long Authorization header.

Analysis
----------------
ED_PRI CAN-2001-1067 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010825 qpopper and pam.d
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html
Reference: XF:qpopper-pam-auth-error(7047)
Reference: URL:http://xforce.iss.net/static/7047.php
Reference: BID:3242
Reference: URL:http://www.securityfocus.com/bid/3242

qpopper 4.01 with PAM based authentication on Red Hat systems
generates different error messages when an invalid username is
provided instead of a valid name, which allows remote attackers to
determine valid usernames on the system.

Analysis
----------------
ED_PRI CAN-2001-1068 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2
Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
Reference: BID:3225
Reference: URL:http://www.securityfocus.com/bid/3225
Reference: XF:adobe-acrobat-insecure-permissions(7024)
Reference: URL:http://xforce.iss.net/static/7024.php

libCoolType library as used in Adobe Acrobat (acroread) on Linux
creates the AdobeFnt.lst file with world-writable permissions, which
allows local users to modify the file and possibly modify acroread's
behavior.

Analysis
----------------
ED_PRI CAN-2001-1069 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010821 Bug in MAS90 Accounting Platform remote access?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0312.html
Reference: XF:mas-telnet-connect-dos(7020)
Reference: URL:http://xforce.iss.net/static/7020.php
Reference: BID:3221
Reference: URL:http://www.securityfocus.com/bid/3221

Sage Software MAS 200 allows remote attackers to cause a denial of
service by connecting to port 10000 and entering a series of control
characters.

Analysis
----------------
ED_PRI CAN-2001-1070 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010815 webridge application suite gives up too much error information on Internal Server Error
Reference: URL:http://www.securityfocus.com/archive/1/204725
Reference: XF:webridge-px-reveal-information(6993)
Reference: URL:http://xforce.iss.net/static/6993.php
Reference: BID:3182
Reference: URL:http://www.securityfocus.com/bid/3182

Webridge PX Application Suite allows remote attackers to obtain
sensitive information via a malformed request that generates a server
error message, which includes full pathname or internal IP address
information in the variables (1) APPL_PHYSICAL_PATH, (2)
PATH_TRANSLATED, and (3) LOCAL_ADDR.

Analysis
----------------
ED_PRI CAN-2001-1073 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007