[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 66 very recent candidates



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve



Candidate	CVE Name
---------	----------
CAN-2000-0249	CVE-2000-0249
CAN-2000-0303	CVE-2000-0303
CAN-2000-0304	CVE-2000-0304
CAN-2000-0305	CVE-2000-0305
CAN-2000-0342	CVE-2000-0342
CAN-2000-0346	CVE-2000-0346
CAN-2000-0350	CVE-2000-0350
CAN-2000-0376	CVE-2000-0376
CAN-2000-0377	CVE-2000-0377
CAN-2000-0379	CVE-2000-0379
CAN-2000-0380	CVE-2000-0380
CAN-2000-0381	CVE-2000-0381
CAN-2000-0382	CVE-2000-0382
CAN-2000-0387	CVE-2000-0387
CAN-2000-0388	CVE-2000-0388
CAN-2000-0389	CVE-2000-0389
CAN-2000-0390	CVE-2000-0390
CAN-2000-0391	CVE-2000-0391
CAN-2000-0392	CVE-2000-0392
CAN-2000-0393	CVE-2000-0393
CAN-2000-0394	CVE-2000-0394
CAN-2000-0395	CVE-2000-0395
CAN-2000-0396	CVE-2000-0396
CAN-2000-0397	CVE-2000-0397
CAN-2000-0398	CVE-2000-0398
CAN-2000-0399	CVE-2000-0399
CAN-2000-0402	CVE-2000-0402
CAN-2000-0403	CVE-2000-0403
CAN-2000-0404	CVE-2000-0404
CAN-2000-0405	CVE-2000-0405
CAN-2000-0406	CVE-2000-0406
CAN-2000-0407	CVE-2000-0407
CAN-2000-0408	CVE-2000-0408
CAN-2000-0409	CVE-2000-0409
CAN-2000-0410	CVE-2000-0410
CAN-2000-0411	CVE-2000-0411
CAN-2000-0414	CVE-2000-0414
CAN-2000-0416	CVE-2000-0416
CAN-2000-0417	CVE-2000-0417
CAN-2000-0418	CVE-2000-0418
CAN-2000-0419	CVE-2000-0419
CAN-2000-0421	CVE-2000-0421
CAN-2000-0424	CVE-2000-0424
CAN-2000-0425	CVE-2000-0425
CAN-2000-0427	CVE-2000-0427
CAN-2000-0428	CVE-2000-0428
CAN-2000-0431	CVE-2000-0431
CAN-2000-0432	CVE-2000-0432
CAN-2000-0435	CVE-2000-0435
CAN-2000-0436	CVE-2000-0436
CAN-2000-0437	CVE-2000-0437
CAN-2000-0438	CVE-2000-0438
CAN-2000-0439	CVE-2000-0439
CAN-2000-0441	CVE-2000-0441
CAN-2000-0442	CVE-2000-0442
CAN-2000-0452	CVE-2000-0452
CAN-2000-0453	CVE-2000-0453
CAN-2000-0454	CVE-2000-0454
CAN-2000-0455	CVE-2000-0455
CAN-2000-0456	CVE-2000-0456
CAN-2000-0460	CVE-2000-0460
CAN-2000-0461	CVE-2000-0461
CAN-2000-0462	CVE-2000-0462
CAN-2000-0463	CVE-2000-0463
CAN-2000-0464	CVE-2000-0464
CAN-2000-0465	CVE-2000-0465


=================================
Candidate: CAN-2000-0249
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000425
Category: SF
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: XF:aix-frcactrl
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152

The AIX Fast Response Cache Accelerator (FRCA) allows local users to
modify arbitrary files via the configuration capability in the
frcactrl program.

Modifications:
  ADDREF BID:1152
  ADDREF IBM:ERS-OAR-E01-2000:075.1
  ADDREF XF:aix-frcactrl

INFERRED ACTION: CAN-2000-0249 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(3) Levy, Prosser, Frech
   NOOP(3) Christey, Cole, Ozancin

Comments:
 Christey> ADDREF BID:1152
   URL:http://www.securityfocus.com/bid/1152
 Levy> Reference: BID 1152
 Prosser> add source IBM ERS-OAR-E01-2000:075.1,
   http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/8525680F006
   B9445852568CE0055C78A/$file/oar075.txt
   Actually just a repeat of the X-Force Bulletin but provides vendor
   confirmation.
 Frech> XF:aix-frcactrl


=================================
Candidate: CAN-2000-0303
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000503
Category: SF
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: BID:1169
Reference: XF:quake3-auto-download

Quake3 Arena allows malicious server operators to read or modify
files on a client via a dot dot (..) attack.

Modifications:
  ADDREF BID:1169
  ADDREF XF:quake3-auto-download

INFERRED ACTION: CAN-2000-0303 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Levy, Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Levy> Reference: BID 1169
 Frech> XF:quake3-auto-download


=================================
Candidate: CAN-2000-0304
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-02
Proposed: 20000518
Assigned: 20000508
Category: SF
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905
Reference: BID:1191
Reference: XF:iis-authchangeurl-dos

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory
installed allows a remote attacker to cause a denial of service via a
malformed request to the inetinfo.exe program, aka the "Undelimited
.HTR Request" vulnerability.

Modifications:
  ADDREF BID:1191
  ADDREF XF:iis-authchangeurl-dos

INFERRED ACTION: CAN-2000-0304 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Cole, Wall
   MODIFY(2) Levy, Frech
   NOOP(2) Christey, Armstrong

Comments:
 Levy> Reference: BID 1191
 Christey> Say this is the "Undelimited .HTR Request" vulnerability,
   and change "servoce" to "service"
 Frech> XF:iis-ism-file-access
   In the description, please end the sentence with a period. :-)


=================================
Candidate: CAN-2000-0305
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000509
Category: SF
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: XF:ip-fragment-reassembly-dos

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal
Server systems allow a remote attacker to cause a denial of service by
sending a large number of identical fragmented IP packets, aka jolt2
or the "IP Fragment Reassembly" vulnerability.

INFERRED ACTION: CAN-2000-0305 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(7) LeBlanc, Wall, Cole, Frech, Levy, Stracener, Ozancin


=================================
Candidate: CAN-2000-0342
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: XF:eudora-warning-message

Eudora 4.x allows remote attackers to bypass the user warning for
executable attachments such as .exe, .com, and .bat by using a .lnk
file that refers to the attachment, aka "Stealth Attachment."

Modifications:
  ADDREF XF:eudora-warning-message
  DESC Add "Stealth Attachment" phrase

INFERRED ACTION: CAN-2000-0342 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Armstrong

Comments:
 Christey> Add "Stealth Attachment" phrase to description to support
   lookup, along with affected extensions (.exe, .com, .bat)
   ADDREF XF:eudora-warning-message
 Frech> XF:eudora-warning-message


=================================
Candidate: CAN-2000-0346
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162

AppleShare IP 6.1 and later allows a remote attacker to read
potentially sensitive information via an invalid range request to the
web server.

Modifications:
  ADDREF XF:macos-appleshare-invalid-range
  DESC Add period.

INFERRED ACTION: CAN-2000-0346 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Frech> XF:macos-appleshare-invalid-range
   End sentence with a period.


=================================
Candidate: CAN-2000-0350
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000516
Category: SF
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: BID:1216
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is
enabled, which allows a remote attacker to bypass the weak
authentication and post unencrypted events.

Modifications:
  ADDREF BID:1216
  ADDREF XF:netice-icecap-alert-execute
  ADDREF XF:netice-icecap-default

INFERRED ACTION: CAN-2000-0350 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Levy, Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Levy> Reference: BID 1216
 Frech> XF:netice-icecap-alert-execute
   XF:netice-icecap-default
   (I may already have voted on this one, but just in case.)


=================================
Candidate: CAN-2000-0376
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000606
Category: SF
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: BID:1324
Reference: XF:idrive-filo-bo

Buffer overflow in the HTTP proxy server for the i-drive Filo software
allows remote attackers to execute arbitrary commands via a long HTTP
GET request.

Modifications:
  ADDREF BID:1324
  ADDREF XF:idrive-filo-bo

INFERRED ACTION: CAN-2000-0376 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Levy
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:idrive-filo-bo
 Levy> Reference: BID 1324


=================================
Candidate: CAN-2000-0377
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000608
Category: SF
Reference: MS:MS00-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: XF:nt-registry-request-dos
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331

The Remote Registry server in Windows NT 4.0 allows local
authenticated users to cause a denial of service via a malformed
request, which causes the winlogon process to fail, aka the "Remote
Registry Access Authentication" vulnerability.

Modifications:
  ADDREF XF:nt-registry-request-dos
  ADDREF BID:1331
  ADDREF MSKB:Q264684

INFERRED ACTION: CAN-2000-0377 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Wall, Cole
   MODIFY(3) Frech, Levy, Stracener
   NOOP(1) Christey

Comments:
 Frech> XF:nt-registry-request-dos
 Levy> Reference: BID 1331
 Stracener> AddRef: MS: MSKB Q264684
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=264684
 Christey> ADDREF BID:1331
   URL:http://www.securityfocus.com/bid/1331


=================================
Candidate: CAN-2000-0379
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: XF:netopia-snmp-comm-strings

The Netopia R9100 router does not prevent authenticated users from
modifying SNMP tables, even if the administrator has configured it to
do so.

INFERRED ACTION: CAN-2000-0379 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0380
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: XF:cisco-ios-http-dos
Reference: BID:1154

The IOS HTTP service in Cisco routers and switches running IOS 11.1
through 12.1 allows remote attackers to cause a denial of service by
requesting a URL that contains a %% string.

Modifications:
  ADDREF BID:1154

INFERRED ACTION: CAN-2000-0380 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Frech
   MODIFY(1) Levy

Comments:
 Levy> Reference BID 1154


=================================
Candidate: CAN-2000-0381
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers
to view environmental variables and setup information by referencing a
non-existing database in the db parameter.

INFERRED ACTION: CAN-2000-0381 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Levy, Prosser, Stracener, Frech
   NOOP(2) Cole, Ozancin


=================================
Candidate: CAN-2000-0382
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

ColdFusion ClusterCATS appends stale query string arguments to a URL
during HTML redirection, which may provide sensitive information to
the redirected site.

INFERRED ACTION: CAN-2000-0382 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0387
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000712
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184
Reference: XF:golddig-overwrite-files

The makelev program in the golddig game from the FreeBSD ports
collection allows local users to overwrite arbitrary files.

Modifications:
  ADDREF XF:golddig-overwrite-files

INFERRED ACTION: CAN-2000-0387 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Ozancin, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Prosser

Comments:
 Frech> XF:golddig-overwrite-files


=================================
Candidate: CAN-2000-0388
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: XF:libmytinfo-bo

Buffer overflow in FreeBSD libmytinfo library allows local users to
execute commands via a long TERMCAP environmental variable.

INFERRED ACTION: CAN-2000-0388 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0389
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows
remote attackers to gain root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0389 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0390
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: XF:kerberos-krb425-conv-principal-bo

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows
remote attackers to gain root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0390 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Northcutt, Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0391
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain
root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025
  ADDREF XF:kerberos-krshd-bo

INFERRED ACTION: CAN-2000-0391 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Northcutt, Cole, Levy, Ozancin
   MODIFY(2) Frech, Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Frech> XF:kerberos-krshd-bo
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0392
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in ksu in Kerberos 5 allows local users to gain root
privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0392 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0393
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_50.txt
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206

The KDE kscd program does not drop privileges when executing a program
specified in a user's SHELL environmental variable, which allows the
user to gain privileges by specifying an alternate program to execute.

INFERRED ACTION: CAN-2000-0393 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0394
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225

NetProwler 3.0 allows remote attackers to cause a denial of service by
sending malformed IP packets that trigger NetProwler's
Man-in-the-Middle signature.

INFERRED ACTION: CAN-2000-0394 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0395
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of
service via a long HTTP request.

INFERRED ACTION: CAN-2000-0395 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0396
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: XF:carello-file-duplication

The add.exe program in the Carello shopping cart software allows
remote attackers to duplicate files on the server, which could allow
the attacker to read source code for web scripts such as .ASP files.

INFERRED ACTION: CAN-2000-0396 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0397
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203

The EMURL web-based email account software encodes predictable
identifiers in user session URLs, which allows a remote attacker to
access a user's email account.

INFERRED ACTION: CAN-2000-0397 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0398
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: XF:mailsite-get-overflow

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent
allows remote attackers to execute arbitrary commands via a long
query_string parameter in the HTTP GET request.

INFERRED ACTION: CAN-2000-0398 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0399
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250

Buffer overflow in MDaemon POP server allows remote attackers to cause
a denial of service via a long user name.

INFERRED ACTION: CAN-2000-0399 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0402
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog

The Mixed Mode authentication capability in Microsoft SQL Server 7.0
stores the System Administrator (sa) account in plaintext in a log
file which is readable by any user, aka the "SQL Server 7.0 Service
Pack Password" vulnerability.

Modifications:
  ADDREF XF:mssql-sa-pw-in-sqlsplog
  ADDREF MSKB:Q263968

INFERRED ACTION: CAN-2000-0402 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Wall, Cole, Levy, Stracener
   MODIFY(1) Frech

Comments:
 Frech> ADDREF XF:mssql-sa-pw-in-sqlsplog
 Stracener> AddRef: MS: MSKB Q263968
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263968


=================================
Candidate: CAN-2000-0403
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261

The CIFS Computer Browser service on Windows NT 4.0 allows a remote
attacker to cause a denial of service by sending a large number of
host announcement requests to the master browse tables, aka the
"HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.

Modifications:
  ADDREF MSKB:Q263307

INFERRED ACTION: CAN-2000-0403 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Wall, Cole, Frech, Levy, Stracener

Comments:
 Stracener> AddRef: MS: MSKB Q263307
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263307


=================================
Candidate: CAN-2000-0404
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: XF:win-browser-reset-frame

The CIFS Computer Browser service allows remote attackers to cause a
denial of service by sending a ResetBrowser frame to the Master
Browser, aka the "ResetBrowser Frame" vulnerability.

Modifications:
  ADDREF XF:win-browser-reset-frame
  ADDREF MSKB:Q262694

INFERRED ACTION: CAN-2000-0404 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Wall, Cole, Levy, Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:win-browser-reset-frame
 Stracener> AddRef: MS: MSKB Q262694
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262694


=================================
Candidate: CAN-2000-0405
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: XF:antisniff-dns-overflow

Buffer overflow in L0pht AntiSniff allows remote attackers to execute
arbitrary commands via a malformed DNS response packet.

INFERRED ACTION: CAN-2000-0405 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Cole, Frech, Levy, Stracener, Ozancin
   NOOP(2) LeBlanc, Wall


=================================
Candidate: CAN-2000-0406
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:netscape-invalid-ssl-sessions
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: REDHAT:RHSA-2000:028-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188

Netscape Communicator before version 4.73 and Navigator 4.07 do not
properly validate SSL certificates, which allows remote attackers to
steal information by redirecting traffic from a legitimate web server
to their own malicious server, aka the "Acros-Suencksen SSL"
vulnerability.

INFERRED ACTION: CAN-2000-0406 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(6) Wall, Cole, Frech, Levy, Stracener, Ozancin
   NOOP(1) LeBlanc


=================================
Candidate: CAN-2000-0407
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200

Buffer overflow in Solaris netpr program allows local users to execute
arbitrary commands via a long -p option.

INFERRED ACTION: CAN-2000-0407 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Northcutt, Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0408
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service
via a long, complex URL that appears to contain a large number of file
extensions, aka the "Malformed Extension Data in URL" vulnerability.

Modifications:
  DELREF XF:iis-malformed-information-extension
  ADDREF MSKB:Q260205

INFERRED ACTION: CAN-2000-0408 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Cole, Levy
   MODIFY(2) Frech, Stracener
   NOOP(1) Ozancin

Comments:
 Frech> DELREF: XF:iis-malformed-information-extension (obsolete; points to
   iis-url-extension-data-dos)
 Stracener> AddRef: MS:MSKB Q260205
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=260205


=================================
Candidate: CAN-2000-0409
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: XF:netscape-import-certificate-symlink

Netscape 4.73 and earlier follows symlinks when it imports a new
certificate, which allows local users to overwrite files of the user
importing the certificate.

INFERRED ACTION: CAN-2000-0409 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Levy, Ozancin, Stracener, Frech
   NOOP(2) Cole, Prosser


=================================
Candidate: CAN-2000-0410
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000712
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of
service by making repeated requests to a CFCACHE tagged cache file
that is not stored in memory.

Modifications:
  Change "Cold Fusion" typo to ColdFusion

INFERRED ACTION: CAN-2000-0410 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Frech
   MODIFY(1) Prosser
   NOOP(2) Cole, Ozancin

Comments:
 Prosser> add source Security BugWare
   http://161.53.42.3/~crv/security/bugs/NT/cf12.html
 Frech> In description, product name is ColdFusion (one word, uppercase F).


=================================
Candidate: CAN-2000-0411
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187

Matt Wright's FormMail CGI script allows remote attackers to obtain
environmental variables via the env_report parameter.

INFERRED ACTION: CAN-2000-0411 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0414
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows
local users to gain privileges via malformed input variables.

Modifications:
  DESC wording change

INFERRED ACTION: CAN-2000-0414 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Levy, Prosser, Stracener, Frech
   MODIFY(1) Ozancin
   NOOP(2) Cole, Christey

Comments:
 Ozancin> Change: "shutdown command in HP-UX 11.X and 10.X" to "shutdown command for
   HP-UX 11.X and 10.X"
 Prosser> comment:  another link for the HP Bulletins and Patches is
   the IT Resource Center @ http://itrc.hp.com
 Christey> Due to the difficulties in forming a URL that reliably
   points to an HP advisory for any user, alternate URL's that
   are easier to access may be provided.  Unlike other
   vendor advisory collections, HP's web site requires
   user registration and generates unique ID's for each
   session, which makes it impossible to bookmark and access
   for future reference.


=================================
Candidate: CAN-2000-0416
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196

NTMail 5.x allows network users to bypass the NTMail proxy
restrictions by redirecting their requests to NTMail's web
configuration server.

Modifications:
  ADDREF CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
  ADDREF XF:ntmail-bypass-proxy

INFERRED ACTION: CAN-2000-0416 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(5) LeBlanc, Wall, Cole, Christey, Ozancin

Comments:
 Stracener> FYI, here is the message referred to in the bugtraq post:
   http://www.gordano.com/support/archives/ntmail/2000-05/00001106.htm
 Christey> Actual confirmation is at:
   http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
 Frech> XF:ntmail-bypass-proxy


=================================
Candidate: CAN-2000-0417
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000712
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-router-dos
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219

The HTTP administration interface to the Cayman 3220-H DSL router
allows remote attackers to cause a denial of service via a long
username or password.

Modifications:
  ADDREF XF:cayman-router-dos

INFERRED ACTION: CAN-2000-0417 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Ozancin, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Prosser

Comments:
 Frech> XF:cayman-router-dos


=================================
Candidate: CAN-2000-0418
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240

The Cayman 3220-H DSL router allows remote attackers to cause a denial
of service via oversized ICMP echo (ping) requests.

INFERRED ACTION: CAN-2000-0418 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0419
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: XF:office-ua-control

The Office 2000 UA ActiveX Control is marked as "safe for scripting,"
which allows remote attackers to conduct unauthorized activities via
the "Show Me" function in Office Help, aka the "Office 2000 UA
Control" vulnerability.

Modifications:
  ADDREF MSKB:Q262767
  ADDREF XF:office-ua-control

INFERRED ACTION: CAN-2000-0419 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Levy, Ozancin
   MODIFY(2) Frech, Stracener
   NOOP(1) Cole

Comments:
 Frech> XF:office-ua-control
 Stracener> AddRef: MS:MSKB Q262767
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262767


=================================
Candidate: CAN-2000-0421
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199

The process_bug.cgi script in Bugzilla allows remote attackers to
execute arbitrary commands via shell metacharacters.

Modifications:
  DESC fix typo
  ADDREF XF:bugzilla-unchecked-system-call

INFERRED ACTION: CAN-2000-0421 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(2) Stracener, Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Stracener> "...shell metacharacters"
 Frech> XF:bugzilla-unchecked-system-call


=================================
Candidate: CAN-2000-0424
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: XF:http-cgi-burgyan-counter

The CGI counter 4.0.7 by George Burgyan allows remote attackers to
execute arbitrary commands via shell metacharacters.

Modifications:
  ADDREF XF:http-cgi-burgyan-counter
  CHANGEREF BUGTRAQ [add subject]

INFERRED ACTION: CAN-2000-0424 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-burgyan-counter


=================================
Candidate: CAN-2000-0425
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167

Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8
allows remote attackers to execute arbitrary commands.

INFERRED ACTION: CAN-2000-0425 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) Cole, Levy, Ozancin, Stracener, Frech
   MODIFY(1) Prosser

Comments:
 Prosser> add source:
   Lsoft Security Advisory 5,May 2000
   http://www.lsoft.com/news/Advisory0.asp


=================================
Candidate: CAN-2000-0427
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: unknown
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170

The Aladdin Knowledge Systems eToken device allows attackers with
physical access to the device to obtain sensitive information without
knowing the PIN of the owner by resetting the PIN in the EEPROM.

Modifications:
  DESC fix typo

INFERRED ACTION: CAN-2000-0427 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Frech
   MODIFY(1) Ozancin
   NOOP(2) Cole, Prosser

Comments:
 Ozancin> Change: "resetting the PIN the EEPROM" to "resetting the PIN in the EEPROM"


=================================
Candidate: CAN-2000-0428
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: XF:interscan-viruswall-bo

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and
earlier allows a remote attacker to execute arbitrary commands via a
long filename for a uuencoded attachment.

INFERRED ACTION: CAN-2000-0428 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0431
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522  Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: XF:cobalt-cgiwrap-bypass

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and
ownership for files that are uploaded via FrontPage, which allows
attackers to bypass cgiwrap and modify files.

INFERRED ACTION: CAN-2000-0431 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0432
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: XF:http-cgi-calendar-execute

The calender.pl and the calendar_admin.pl calendar scripts by Matt
Kruse allow remote attackers to execute arbitrary commands via shell
metacharacters.

Modifications:
  ADDREF XF:http-cgi-calendar-execute

INFERRED ACTION: CAN-2000-0432 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-calendar-execute


=================================
Candidate: CAN-2000-0435
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: XF:http-cgi-allmanage-account-access
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217

The allmanageup.pl file upload CGI script in the Allmanage Website
administration software 2.6 can be called directly by remote
attackers, which allows them to modify user accounts or web pages.

Modifications:
  ADDREF XF:http-cgi-allmanage-account-access

INFERRED ACTION: CAN-2000-0435 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-allmanage-account-access


=================================
Candidate: CAN-2000-0436
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: XF:offline-explorer-directory-traversal

MetaProducts Offline Explorer 1.2 and earlier allows remote attackers
to access arbitrary files via a .. (dot dot) attack.

Modifications:
  ADDREF XF:offline-explorer-directory-traversal

INFERRED ACTION: CAN-2000-0436 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Wall, Cole, Ozancin

Comments:
 Frech> XF:offline-explorer-directory-traversal


=================================
Candidate: CAN-2000-0437
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234

Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in
gauntlet and WebShield allows remote attackers to cause a denial of
service or execute arbitrary commands.

INFERRED ACTION: CAN-2000-0437 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0438
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239

Buffer overflow in fdmount on Linux systems allows local users in the
"floppy" group to execute arbitrary commands via a long mountpoint
parameter.

INFERRED ACTION: CAN-2000-0438 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Stracener
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0439
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: XF:ie-cookie-disclosure

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain
client cookies from another domain by including that domain name and
escaped characters in a URL, aka the "Unauthorized Cookie Access"
vulnerability.

INFERRED ACTION: CAN-2000-0439 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0441
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: XF:aix-local-filesystem

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write
access to files on locally or remotely mounted AIX filesystems.

Modifications:
  ADDREF XF:aix-local-filesystem

INFERRED ACTION: CAN-2000-0441 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:aix-local-filesystem


=================================
Candidate: CAN-2000-0442
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000712
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_51.txt
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: XF:qualcomm-qpopper-euidl

Qpopper 2.53 and earlier allows local users to gain privileges via a
formatting string in the From: header, which is processed by the euidl
command.

Modifications:
  ADDREF SUSE:20000608 pop <= 2000.3.4

INFERRED ACTION: CAN-2000-0442 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(3) Wall, Cole, Christey

Comments:
 Christey> ADDREF? SUSE:20000608 pop <= 2000.3.4
   URL:http://www.suse.de/de/support/security/suse_security_announce_51.txt


=================================
Candidate: CAN-2000-0452
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1
allows remote attackers to cause a denial of service via a long MAIL
FROM command.

INFERRED ACTION: CAN-2000-0452 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0453
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000712
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: CALDERA:CSSA-2000-012.0
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a
negative counter value in a malformed TCP packet that is sent to port
6000.

Modifications:
  ADDREF CALDERA:CSSA-2000-012.0

INFERRED ACTION: CAN-2000-0453 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Wall, Cole, Christey

Comments:
 Frech> XF:linux-xserver-dos
 Christey> ADDREF CALDERA:CSSA-2000-012.0 ??
   This advisory is vaguely worded, especially with respect to
   all the XFree86 problems, but it (a) credits Chris Evans,
   who authored BUGTRAQ:20000518 Nasty XFree Xserver DoS,
   (b) it was published on May 18, the same day of Chris'
   announcement, (c) the impact is the same, and (d) there
   is overlap between the affected XFree86 versions in the
   advisory and in Evans' post.


=================================
Candidate: CAN-2000-0454
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: XF:linux-cdrecord-execute

Buffer overflow in Linux cdrecord allows local users to gain
privileges via the dev parameter.

Modifications:
  ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord

INFERRED ACTION: CAN-2000-0454 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(3) Wall, Cole, Christey

Comments:
 Christey> ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html


=================================
Candidate: CAN-2000-0455
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: XF:xlock-bo-read-passwd

Buffer overflow in xlockmore xlock program version 4.16 and earlier
allows local users to read sensitive data from memory via a long -mode
option.

INFERRED ACTION: CAN-2000-0455 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0456
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: XF:bsd-syscall-cpu-dos

NetBSD 1.4.2 and earlier allows local users to cause a denial of
service by repeatedly running certain system calls in the kernel which
do not yield the CPU, aka "cpu-hog".

INFERRED ACTION: CAN-2000-0456 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Stracener
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0460
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: XF:kde-display-environment-overflow

Buffer overflow in KDE kdesud on Linux allows local uses to gain
privileges via a long DISPLAY environmental variable.

Modifications:
  ADDREF XF:kde-display-environment-overflow
  DESC remove Mandrake, include KDE

INFERRED ACTION: CAN-2000-0460 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Christey

Comments:
 Frech> XF:kde-display-environment-overflow
 Christey> Remove Mandrake - other Linuxes are affected too - and mention
   KDE.


=================================
Candidate: CAN-2000-0461
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: XF:bsd-semaphore-dos
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270

The undocumented semconfig system call in BSD freezes the state of
semaphores, which allows local users to cause a denial of service of
the semaphore system by using the semconfig call.

Modifications:
  ADDREF XF:bsd-semaphore-dos

INFERRED ACTION: CAN-2000-0461 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Cole, Levy, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Comments:
 Frech> XF:bsd-semaphore-dos


=================================
Candidate: CAN-2000-0462
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: XF:netbsd-ftpchroot-parsing

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot
and does not chroot the specified users, which allows those users to
access other files outside of their home directory.

Modifications:
  ADDREF XF:netbsd-ftpchroot-parsing

INFERRED ACTION: CAN-2000-0462 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:netbsd-ftpchroot-parsing


=================================
Candidate: CAN-2000-0463
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222

BeOS 5.0 allows remote attackers to cause a denial of service via
fragmented TCP packets.

INFERRED ACTION: CAN-2000-0463 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(4) LeBlanc, Wall, Cole, Ozancin


=================================
Candidate: CAN-2000-0464
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223

Internet Explorer 4.x and 5.x allows remote attackers to execute
arbitrary commands via a buffer overflow in the ActiveX parameter
parsing capability, aka the "Malformed Component Attribute"
vulnerability.

Modifications:
  ADDREF MSKB:Q261257

INFERRED ACTION: CAN-2000-0464 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(5) LeBlanc, Wall, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(1) Cole

Comments:
 Stracener> AddRef: MS: MSKB Q261257
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=261257


=================================
Candidate: CAN-2000-0465
Published:
Final-Decision: 20000712
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q251108
Reference: http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: XF:ie-frame-domain-verification

Internet Explorer 4.x and 5.x does properly verify the domain of a
frame within a browser window, which allows a remote attacker to read
client files via the frame, aka the "Frame Domain Verification"
vulnerability.

Modifications:
  ADDREF MSKB:Q251108
  ADDREF MSKB:Q255676

INFERRED ACTION: CAN-2000-0465 FINAL (Final Decision 20000712)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Frech, Levy
   MODIFY(1) Stracener
   NOOP(2) Cole, Ozancin

Comments:
 Stracener> AddRef:MS: MSKB Q251108
   AddRef: http://www.microsoft.com/technet/support/kb.asp?ID=251108
   AddRef:MS: MSKB Q255676
   AddRef:http://www.microsoft.com/technet/support/kb.asp?ID=255676

Page Last Updated or Reviewed: May 22, 2007