[FINAL] ACCEPT 53 candidates from various clusters

To: cve-editorial-board-list@lists.mitre.org
Subject: [FINAL] ACCEPT 53 candidates from various clusters
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Tue, 21 Mar 2000 23:40:38 -0500 (EST)
Delivery-Date: Tue Mar 21 23:48:54 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in CVE version 20000322.
Voting details and comments are provided at the end of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0189	CVE-1999-0189
CAN-1999-0390	CVE-1999-0390
CAN-1999-0678	CVE-1999-0678
CAN-1999-0727	CVE-1999-0727
CAN-1999-0733	CVE-1999-0733
CAN-1999-0740	CVE-1999-0740
CAN-1999-0746	CVE-1999-0746
CAN-1999-0778	CVE-1999-0778
CAN-1999-0783	CVE-1999-0783
CAN-1999-0785	CVE-1999-0785
CAN-1999-0786	CVE-1999-0786
CAN-1999-0789	CVE-1999-0789
CAN-1999-0796	CVE-1999-0796
CAN-1999-0797	CVE-1999-0797
CAN-1999-0806	CVE-1999-0806
CAN-1999-0890	CVE-1999-0890
CAN-1999-0893	CVE-1999-0893
CAN-1999-0896	CVE-1999-0896
CAN-1999-0908	CVE-1999-0908
CAN-1999-0916	CVE-1999-0916
CAN-1999-0920	CVE-1999-0920
CAN-1999-0931	CVE-1999-0931
CAN-1999-0964	CVE-1999-0964
CAN-1999-0966	CVE-1999-0966
CAN-1999-0996	CVE-1999-0996
CAN-1999-0998	CVE-1999-0998
CAN-1999-1000	CVE-1999-1000
CAN-2000-0003	CVE-2000-0003
CAN-2000-0022	CVE-2000-0022
CAN-2000-0023	CVE-2000-0023
CAN-2000-0025	CVE-2000-0025
CAN-2000-0026	CVE-2000-0026
CAN-2000-0029	CVE-2000-0029
CAN-2000-0031	CVE-2000-0031
CAN-2000-0036	CVE-2000-0036
CAN-2000-0037	CVE-2000-0037
CAN-2000-0039	CVE-2000-0039
CAN-2000-0040	CVE-2000-0040
CAN-2000-0041	CVE-2000-0041
CAN-2000-0088	CVE-2000-0088
CAN-2000-0089	CVE-2000-0089
CAN-2000-0097	CVE-2000-0097
CAN-2000-0098	CVE-2000-0098
CAN-2000-0121	CVE-2000-0121
CAN-2000-0139	CVE-2000-0139
CAN-2000-0145	CVE-2000-0145
CAN-2000-0148	CVE-2000-0148
CAN-2000-0149	CVE-2000-0149
CAN-2000-0150	CVE-2000-0150
CAN-2000-0152	CVE-2000-0152
CAN-2000-0156	CVE-2000-0156
CAN-2000-0161	CVE-2000-0161
CAN-2000-0162	CVE-2000-0162



=================================
Candidate: CAN-1999-0189
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19990607
Category: SF
Reference: NAI:NAI-15
Reference: SUN:00142
Reference: XF:rpc-32771

Solaris rpcbind listens on a high numbered UDP port, which may not be
filtered since the standard port number is 111.

Modifications:
  ADDREF XF:rpc-32771
  ADDREF NAI:NAI-15

INFERRED ACTION: CAN-1999-0189 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:rpc-32771


=================================
Candidate: CAN-1999-0390
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000204-01
Proposed: 19991222
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
Reference: CALDERA:CSSA-1999-006.1
Reference: BID:187

Buffer overflow in Dosemu Slang library in Linux.

Modifications:
  ADDREF CALDERA:CSSA-1999-006.1

INFERRED ACTION: CAN-1999-0390 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0678
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: CF
Reference: XF:apache-debian-usrdoc
Reference: BUGTRAQ:19990405 An issue with Apache on Debian
Reference: BID:318

A default configuration of Apache on Debian Linux sets the ServerRoot
to /usr/doc, which allows remote users to read documentation files
for the entire server.

Modifications:
  ADDREF BID:318

INFERRED ACTION: CAN-1999-0678 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0727
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
Reference: XF:openbsd-ipsec-cleartext

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent
unencrypted.

Modifications:
  ADDREF OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
  ADDREF XF:openbsd-ipsec-cleartext

INFERRED ACTION: CAN-1999-0727 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: OPENBSD:19990608  Packets that should have been handled by
 Stracener> IPsec maybe transmitted as cleartext. PF_KEY SA expirations may leak
 Stracener> kernel resources.
 Frech> XF:openbsd-ipsec-cleartext
 Frech> ADDREF OPENBSD:OpenBSD Security Advisory, August 6, 1999, "Packets that
 Frech> should have been handled by IPsec may be transmitted as cleartexrt" at
 Frech> http://www.openbsd.com/errata25.html#ipsec_in_use


=================================
Candidate: CAN-1999-0733
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows
Reference: XF:vmware-bo

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME
environmental variable.

Modifications:
  DELREF XF:linux-vmware-buffer-overflows
  ADDREF XF:vmware-bo

INFERRED ACTION: CAN-1999-0733 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:vmware-bo
 Frech> DELREF XF:linux-vmware-buffer-overflows


=================================
Candidate: CAN-1999-0740
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:594
Reference: XF:linux-telnetd-term
Reference: CALDERA:CSSA-1999:022
Reference: REDHAT:RHSA1999029_01

Remote attackers can cause a denial of service on Linux in.telnetd
telnet daemon through a malformed TERM environmental variable.

INFERRED ACTION: CAN-1999-0740 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0746
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: CF
Reference: BUGTRAQ:19990814 DOS against SuSE's identd
Reference: SUSE:19990824 Security hole in netcfg
Reference: BID:587
Reference: XF:suse-identd-dos

A default configuration of in.identd in SuSE Linux waits 120 seconds
between requests, allowing a remote attacker to conduct a denial of
service.

Modifications:
  ADDREF SUSE:19990824 Security hole in netcfg

INFERRED ACTION: CAN-1999-0746 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Christey> ADDREF SUSE:19990824 Security hole in netcfg


=================================
Candidate: CAN-1999-0778
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: KSRT:011
Reference: XF:accelx-display-bo

Buffer overflow in Xi Graphics Accelerated-X server allows local
users to gain root access via a long display or query parameter.

Modifications:
  CHANGEREF XF:accelx-bo XF:accelx-display-bo

INFERRED ACTION: CAN-1999-0778 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:accelx-display-bo


=================================
Candidate: CAN-1999-0783
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FreeBSD:FreeBSD-SA-98:05
Reference: CIAC:I-057
Reference: XF:freebsd-nfs-link-dos

FreeBSD allows local users to conduct a denial of service by creating
a hard link from a device special file to a file on an NFS file
system.

Modifications:
  ADDREF XF:freebsd-nfs-link-dos

INFERRED ACTION: CAN-1999-0783 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:freebsd-nfs-link-dos


=================================
Candidate: CAN-1999-0785
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-pathrun
Reference: BID:254

The INN inndstart program allows local users to gain root privileges
via the "pathrun" parameter in the inn.conf file.

Modifications:
  ADDREF SUSE:19990518 Security hole in INN
  ADDREF BID:254

INFERRED ACTION: CAN-1999-0785 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Christey> BID:255 and BID:254 have a good explanation for why this is
 Christey> different than CAN-1999-0754
 Christey>
 Christey> ADDREF SUSE:19990518 Security hole in INN
 Christey> Also see http://www.redhat.com/corp/support/errata/inn99_05_22.html


=================================
Candidate: CAN-1999-0786
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6
Reference: BID:659

The dynamic linker in Solaris allows a local user to create arbitrary
files via the LD_PROFILE environmental variable and a symlink attack.

INFERRED ACTION: CAN-1999-0786 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0789
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-02
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
Reference: IBM:ERS-SVA-E01-1999:004.1
Reference: CIAC:J-072
Reference: XF:aix-ftpd-bo
Reference: BID:679

Buffer overflow in AIX ftpd in the libc library.

Modifications:
  CHANGEREF BUGTRAQ [add date]
  ADDREF CIAC:J-072
  CHANGEREF IBM:ERS-SVA-E01-1 IBM:ERS-SVA-E01-1999:004.1
  ADDREF BID:679
  ADDREF XF:aix-ftpd-bo

INFERRED ACTION: CAN-1999-0789 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: CIAC: J-072
 Prosser> ref should read ERS-SVA-E01-1999:004.1
 Prosser> add reference  BID 679
 Frech> XF:aix-ftpd-bo
 Frech> On BUGTRAQ reference, add 19990927 as date
 Frech> On IBM reference, correctly cite as ERS-SVA-E01-1999:004.1


=================================
Candidate: CAN-1999-0796
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: FREEBSD:SA-98.03
Reference: XF:freebsd-ttcp-spoof

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing
attacks.

Modifications:
  ADDREF XF:freebsd-ttcp-spoof

INFERRED ACTION: CAN-1999-0796 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:freebsd-ttcp-spoof


=================================
Candidate: CAN-1999-0797
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.
Reference: CIAC:I-070
Reference: XF:sun-nis-nisplus

NIS finger allows an attacker to conduct a denial of service via a
large number of finger requests, resulting in a large number of NIS
queries.

Modifications:
  ADDREF XF:sun-nis-nisplus
  ADDREF ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.

INFERRED ACTION: CAN-1999-0797 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:sun-nis-nisplus


=================================
Candidate: CAN-1999-0806
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits
Reference: XF:cde-dtprintinfo

Buffer overflow in Solaris dtprintinfo program.

Modifications:
  ADDREF BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits

INFERRED ACTION: CAN-1999-0806 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: BUGTRAQ:19990510:Solaris2.6,2.7 dtprintinfo exploits
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Posted by UNYUN of Shadow Penguin Security; Darren J
 Christey> Moffat claims it is Sun Bug# 4139394.


=================================
Candidate: CAN-1999-0890
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities
Reference: XF:ihtml-merchant-file-access

iHTML Merchant allows remote attackers to obtain sensitive information
or execute commands via a code parsing error.

Modifications:
  ADDREF XF:ihtml-merchant-file-access

INFERRED ACTION: CAN-1999-0890 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> ADDREF XF:ihtml-merchant-file-access


=================================
Candidate: CAN-1999-0893
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow
Reference: XF:sco-openserver-userosa-script

userOsa in SCO OpenServer allows local users to corrupt files via a
symlink attack.

Modifications:
  ADDREF XF:sco-openserver-userosa-script

INFERRED ACTION: CAN-1999-0893 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:sco-openserver-userosa-script


=================================
Candidate: CAN-1999-0896
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
Reference: MISC:http://service.real.com/help/faq/servg260.html
Reference: XF:realserver-g2-pw-bo
Reference: BID:767

Buffer overflow in RealNetworks RealServer administration utility
allows remote attackers to execute arbitrary commands via a long
username and password.

Modifications:
  ADDREF XF:realserver-g2-pw-bo
  ADDREF MISC:http://service.real.com/help/faq/servg260.html

INFERRED ACTION: CAN-1999-0896 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> ADDREF XF:realserver-g2-pw-bo
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0908
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990921 solaris DoS
Reference: BID:655
Reference: XF:sun-tcp-mutex-enter-dos

Denial of service in Solaris TCP streams driver via a malicious
connection that causes the server to panic as a result of recursive
calls to mutex_enter.

Modifications:
  ADDREF XF:sun-tcp-mutex-enter-dos

INFERRED ACTION: CAN-1999-0908 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> sun-tcp-mutex-enter-dos


=================================
Candidate: CAN-1999-0916
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software

WebTrends software stores account names and passwords in a file which
does not have restricted access permissions.

INFERRED ACTION: CAN-1999-0916 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:webtrends-bad-perms


=================================
Candidate: CAN-1999-0920
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d
Reference: XF:pop2-fold-bo

Buffer overflow in the pop-2d POP daemon in the IMAP package allows
remote attackers to gain privileges via the FOLD command.

Modifications:
  ADDREF XF:pop2-fold-bo

INFERRED ACTION: CAN-1999-0920 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> ADDREF XF:pop2-fold-bo


=================================
Candidate: CAN-1999-0931
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:734
Reference: XF:mediahouse-stats-login-bo

Buffer overflow in Mediahouse Statistics Server allows remote
attackers to execute commands.

Modifications:
  ADDREF XF:mediahouse-stats-login-bo

INFERRED ACTION: CAN-1999-0931 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> ADDREF XF:mediahouse-stats-login-bo


=================================
Candidate: CAN-1999-0964
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: FREEBSD:FreeBSD-SA-97:01
Reference: XF:freebsd-setlocale-bo

Buffer overflow in FreeBSD setlocale in the libc module.

Modifications:
  ADDREF XF:freebsd-setlocale-bo

INFERRED ACTION: CAN-1999-0964 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:freebsd-setlocale-bo


=================================
Candidate: CAN-1999-0966
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: L0PHT:19970127 Solaris libc - getopt(3)

Buffer overflow in Solaris getopt in libc allows local users to gain
root privileges via a long argv[0].

INFERRED ACTION: CAN-1999-0966 MOREVOTES-3 (0 accept, 0 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-1999-0996
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: EEYE:AD19991215
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: XF:infoseek-ultraseek-bo

Buffer overflow in Infoseek Ultraseek search engine allows remote
attackers to execute commands via a long GET request.

Modifications:
  ADDREF XF:infoseek-ultraseek-bo

INFERRED ACTION: CAN-1999-0996 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:infoseek-ultraseek-bo


=================================
Candidate: CAN-1999-0998
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-replace

Cisco Cache Engine allows an attacker to replace content in the cache.

Modifications:
  ADDREF XF:cisco-cache-engine-replace

INFERRED ACTION: CAN-1999-0998 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Cole> This vulnerability exists in PPP CHAP authentication.  Also the BID is 693.
 Cole> If I have the right vulnerability.  The description is not that clear.
 Frech> XF:cisco-cache-engine-replace


=================================
Candidate: CAN-1999-1000
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: XF:cisco-cache-engine-performance

The web administration interface for Cisco Cache Engine allows remote
attackers to view performance statistics.

Modifications:
  ADDREF XF:cisco-cache-engine-performance

INFERRED ACTION: CAN-1999-1000 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Frech> XF:cisco-cache-engine-performance


=================================
Candidate: CAN-2000-0003
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
Reference: BUGTRAQ:20000127 New SCO patches...

Buffer overflow in UnixWare rtpm program allows local users to gain
privileges via a long environmental variable.

Modifications:
  ADDREF BUGTRAQ:20000127 New SCO patches...

INFERRED ACTION: CAN-2000-0003 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:

Comments:
 Christey> ADDREF BUGTRAQ:20000127 New SCO patches...


=================================
Candidate: CAN-2000-0022
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack

Lotus Domino HTTP server does not properly disable anonymous access
for the cgi-bin directory.

INFERRED ACTION: CAN-2000-0022 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0023
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack

Buffer overflow in Lotus Domino HTTP server allows remote attackers to
cause a denial of service via a long URL.

INFERRED ACTION: CAN-2000-0023 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0025
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-058
Reference: MSKB:Q238606

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code
for ASP files if the file is in a virtual directory whose name
includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the
"Virtual Directory Naming" vulnerability.

Modifications:
  ADDREF MSKB:Q238606

INFERRED ACTION: CAN-2000-0025 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Stracener> Add Ref: MSKB:Q238606


=================================
Candidate: CAN-2000-0026
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000120-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers
to gain root access via a long username/password authorization
string.

Modifications:
  ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available.

INFERRED ACTION: CAN-2000-0026 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0029
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000120-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: BID:901

UnixWare pis and mkpis commands allow local users to gain privileges
via a symlink attack.

Modifications:
  ADDREF BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.

INFERRED ACTION: CAN-2000-0029 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0031
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Reference: REDHAT:RHSA-1999:052-04

The initscripts package in Red Hat Linux allows local users to gain
privileges via a symlink attack.

INFERRED ACTION: CAN-2000-0031 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0036
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-060
Reference: MSKB:Q249082

Outlook Express 5 for Macintosh downloads attachments to HTML mail
without prompting the user, aka the "HTML Mail Attachment"
vulnerability.

INFERRED ACTION: CAN-2000-0036 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0037
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000207-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991228 majordomo local exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: BID:903

Majordomo wrapper allows local users to gain privileges by specifying
an alternate configuration file.

Modifications:
  ADDREF BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
  ADDREF BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities

INFERRED ACTION: CAN-2000-0037 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0039
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000121-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 AltaVista
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: BID:896

AltaVista search engine allows remote attackers to read files above
the document root via a .. (dot dot) in the query.cgi CGI program.

INFERRED ACTION: CAN-2000-0039 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0040
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)

glFtpD allows local users to gain privileges via metacharacters in the
SITE ZIPCHK command.

INFERRED ACTION: CAN-2000-0040 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0041
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections
Reference: BID:890

Macintosh systems generate large ICMP datagrams in response to
malformed datagrams, allowing them to be used as amplifiers in a flood
attack.

INFERRED ACTION: CAN-2000-0041 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0088
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: MS:MS00-002
Reference: XF:office-malformed-convert
Reference: BID:946

Buffer overflow in the conversion utilities for Japanese, Korean and
Chinese Word 5 documents allows an attacker to execute commands, aka
the "Malformed Conversion Data" vulnerability.

INFERRED ACTION: CAN-2000-0088 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0089
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified: 20000313-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: MSKB:Q249108
Reference: BID:947
Reference: XF:nt-rdisk-enum-file

The rdisk utility in Microsoft Terminal Server Edition and Windows NT
4.0 stores registry hive information in a temporary file with
permissions that allow local users to read it, aka the "RDISK Registry
Enumeration File" vulnerability.

Modifications:
  DESC Add Win NT 4.0

INFERRED ACTION: CAN-2000-0089 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:

Comments:
 Wall> Add Windows NT 4.0 server and workstation as well.  It works on these platforms
 Wall> as well.


=================================
Candidate: CAN-2000-0097
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Reference: MS:MS00-006
Reference: BID:950
Reference: XF:http-indexserver-dirtrans

The WebHits ISAPI filter in Microsoft Index Server allows remote
attackers to read arbitrary files, aka the "Malformed Hit-Highlighting
Argument" vulnerability.

INFERRED ACTION: CAN-2000-0097 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0098
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: MS:MS00-006

Microsoft Index Server allows remote attackers to determine the real
path for a web directory via a request to an Internet Data Query file
that does not exist.

INFERRED ACTION: CAN-2000-0098 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0121
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000
Reference: MS:MS00-007
Reference: MSKB:Q248399
Reference: BID:963

The Recycle Bin utility in Windows NT and Windows 2000 allows local
users to read or modify files by creating a subdirectory with the
victim's SID in the recycler directory, aka the "Recycle Bin
Creation" vulnerability.

INFERRED ACTION: CAN-2000-0121 MOREVOTES-2 (0 accept, 2 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0139
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:982

Internet Anywhere POP3 Mail Server allows local users to cause a
denial of service via a malformed RETR command.

INFERRED ACTION: CAN-2000-0139 MOREVOTES-3 (0 accept, 0 ack, 0 review)

Current Votes:

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP.
 Blake> In his Bugtraq post, Nobuo claims to have discussed it with the vendor and
 Blake> that they said they were working on a fix.  That's good enough for me.


=================================
Candidate: CAN-2000-0145
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: CF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0038.html
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0

The libguile.so library file used by gnucash in Debian Linux is
installed with world-writable permissions.

INFERRED ACTION: CAN-2000-0145 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0148
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released
Reference: BID:975

MySQL 3.22 allows remote attackers to bypass password authentication
and access a database via a short check string.

INFERRED ACTION: CAN-2000-0148 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0149
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: BID:977

Zeus web server allows remote attackers to view the source code for
CGI programs via a null character (%00) at the end of a URL.

INFERRED ACTION: CAN-2000-0149 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0150
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: BID:979

Firewall-1 allows remote attackers to bypass port access restrictions
on an FTP server by forcing it to send malicious packets which
Firewall-1 misinterprets as a valid 227 response to a client's PASV
attempt.

INFERRED ACTION: CAN-2000-0150 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0152
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.

Remote attackers can cause a denial of service in Novell BorderManager
3.5 by pressing the enter key in a telnet connection to port 2000.

INFERRED ACTION: CAN-2000-0152 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0156
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-009

Internet Explorer 4.x and 5.x allow a remote web server to access
files on the client that are outside of its security domain, aka the
"Image Source Redirect" vulnerability.

INFERRED ACTION: CAN-2000-0156 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0161
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-010
Reference: BID:994

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not
validate an identification number, which allows remote attackers to
execute SQL commands.

INFERRED ACTION: CAN-2000-0161 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:


=================================
Candidate: CAN-2000-0162
Published:
Final-Decision: 20000322
Interim-Decision: 20000315
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-011

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x
allows a remote attacker to read files via a malicious Java applet
that escapes the Java sandbox, aka the "VM File Reading"
vulnerability.

INFERRED ACTION: CAN-2000-0162 MOREVOTES-2 (0 accept, 1 ack, 0 review)

Current Votes:
Prev by Date: [PROPOSAL] Cluster RECENT-13 - 19 candidates
Next by Date: [CVEPRI] CVE version 20000322 to be released
Prev by thread: [PROPOSAL] Cluster RECENT-13 - 19 candidates
Next by thread: [CVEPRI] CVE version 20000322 to be released
Index(es):
- Date
- Thread