[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VOTE] MOREVOTES-2000-C: Candidates from 2000 needing 1 more vote



Each of the following 24 candidates needs just one more ACCEPT vote.
If you can help out, it is appreciated.

There are 4 other messages similar to this one, with different
candidates.  Feel free to pick one at random if you don't have the
time to vote on them all.

It is strongly preferred that you get your votes in by October 9.

Thanks,
- Steve




Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

KEY FOR INFERRED ACTIONS
------------------------

Inferred actions capture the voting status of a candidate.  They may
be used by the Editor to determine whether or not a candidate is added
to CVE.  Where there is disagreement, the Editor must resolve the
issue and achieve consensus, or make the final decision if consensus
cannot be reached.

- ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT
- ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement
- MOREVOTES = needs more votes
- ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING
- SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright
- SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's
- REVIEWING = at least one member is REVIEWING
- REJECT = at least one member REJECTed
- REVOTE = members should review their vote on this candidate

======================================================
Candidate: CAN-2000-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0576
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows
remote attackers to cause a denial of service via a malformed URL.

INFERRED ACTION: CAN-2000-0576 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, LeBlanc
   REVIEWING(1) Magdych

Comments:
 Frech> XF:oracle-web-listener-dos(4874)


VOTE:

======================================================
Candidate: CAN-2000-0578
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0578
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: BID:1412
Reference: URL:http://www.securityfocus.com/bid/1412

SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in
/tmp with predictable file names, which could allow local users to
insert malicious contents into these files as they are being compiled
by another user.

INFERRED ACTION: CAN-2000-0578 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, LeBlanc
   REVIEWING(1) Magdych

Comments:
 Frech> XF:sgi-mipspro-modify-files(5007)


VOTE:

======================================================
Candidate: CAN-2000-0579
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0579
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: BID:1413
Reference: URL:http://www.securityfocus.com/bid/1413

IRIX crontab creates temporary files with predictable file names and
with the umask of the user, which could allow local users to modify
another user's crontab file as it is being edited.

INFERRED ACTION: CAN-2000-0579 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, LeBlanc
   REVIEWING(1) Magdych

Comments:
 Frech> XF:irix-cron-modify-crontab(5008)


VOTE:

======================================================
Candidate: CAN-2000-0598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0598
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html
Reference: BID:1395
Reference: URL:http://www.securityfocus.com/bid/1395
Reference: XF:fortech-proxy-telnet-gateway
Reference: XF:proxyplus-telnet-gateway

Fortech Proxy+ allows remote attackers to bypass access restrictions
for to the administration service by redirecting their connections
through the telnet proxy.

INFERRED ACTION: CAN-2000-0598 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, LeBlanc
   REVIEWING(1) Magdych

Comments:
 Frech> DELREF XF:proxyplus-telnet-gateway


VOTE:

======================================================
Candidate: CAN-2000-0599
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0599
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html
Reference: XF:imesh-tcp-port-overflow
Reference: BID:1407
Reference: URL:http://www.securityfocus.com/bid/1407

Buffer overflow in iMesh 1.02 allows remote attackers to execute
arbitrary commands via a long string to the iMesh port.

INFERRED ACTION: CAN-2000-0599 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Frech, Levy
   NOOP(3) Wall, Cole, LeBlanc
   REVIEWING(1) Magdych


VOTE:

======================================================
Candidate: CAN-2000-0601
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0601
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net
Reference: XF:irc-leafchat-dos
Reference: BID:1396
Reference: URL:http://www.securityfocus.com/bid/1396

LeafChat 1.7 IRC client allows a remote IRC server to cause a denial
of service by rapidly sending a large amount of error messages.

INFERRED ACTION: CAN-2000-0601 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Frech, Levy
   NOOP(3) LeBlanc, Wall, Cole
   REVIEWING(1) Magdych


VOTE:

======================================================
Candidate: CAN-2000-0620
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0620
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409

libX11 X library allows remote attackers to cause a denial of service
via a resource mask of 0, which causes libX11 to go into an infinite
loop.

INFERRED ACTION: CAN-2000-0620 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole
   REVIEWING(1) Magdych

Comments:
 Frech> XF:libx11-infinite-loop-dos(4996)
   See also
   http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-22%26msg%3DPine.LNX.4.21.0006192251480.9945-100000@ferret.lmh.ox.ac.uk, specifically flaw #2.


VOTE:

======================================================
Candidate: CAN-2000-0626
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0626
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html
Reference: BID:1482
Reference: URL:http://www.securityfocus.com/bid/1482

Buffer overflow in Alibaba web server allows remote attackers to cause
a denial of service via a long GET request.

INFERRED ACTION: CAN-2000-0626 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Christey, Wall, Cole

Comments:
 Frech> XF:alibaba-get-dos(4934)
 Christey> This is in a relatively old Nessus plugin, though the exploit
   uses POST instead of GET.  This was probably discovered
   earlier than the references indicate.


VOTE:

======================================================
Candidate: CAN-2000-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0627
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486

BlackBoard CourseInfo 4.0 does not properly authenticate users, which
allows local users to modify CourseInfo database information and gain
privileges by directly calling the supporting CGI programs such as
user_update_passwd.pl and user_update_admin.pl.

INFERRED ACTION: CAN-2000-0627 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Christey, Wall, Cole

Comments:
 Frech> XF:blackboard-courseinfo-dbase-modification(4946)
 Christey> Vendor acknowledgement is at:
   BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
   URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com


VOTE:

======================================================
Candidate: CAN-2000-0634
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0634
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493

The web administration interface for CommuniGate Pro 3.2.5 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot)
attack.

INFERRED ACTION: CAN-2000-0634 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:communigate-pro-file-read(5105)


VOTE:

======================================================
Candidate: CAN-2000-0636
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0636
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
remote attackers to cause a denial of service via a malformed FTP
quote command.

INFERRED ACTION: CAN-2000-0636 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Cole
   REVIEWING(1) Wall

Comments:
 Frech> XF:hp-jetdirect-quote-dos(4947)


VOTE:

======================================================
Candidate: CAN-2000-0640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0640
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452

Guild FTPd allows remote attackers to determine the existence of files
outside the FTP root via a .. (dot dot) attack, which provides
different error messages depending on whether the file exists or not.

INFERRED ACTION: CAN-2000-0640 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:guild-ftpd-disclosure(4922)


VOTE:

======================================================
Candidate: CAN-2000-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0641
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453

Savant web server allows remote attackers to execute arbitrary
commands via a long GET request.

INFERRED ACTION: CAN-2000-0641 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:savant-get-bo(4901)


VOTE:

======================================================
Candidate: CAN-2000-0642
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0642
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497

The default configuration of WebActive HTTP Server 1.00 stores the web
access log active.log in the document root, which allows remote
attackers to view the logs by directly requesting the page.

INFERRED ACTION: CAN-2000-0642 MOREVOTES-1 (2 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Cole
   REVIEWING(1) Wall

Comments:
 Frech> XF:webactive-active-log(5184)


VOTE:

======================================================
Candidate: CAN-2000-0643
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0643
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
to cause a denial of service via a long URL.

INFERRED ACTION: CAN-2000-0643 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:webactive-long-get-dos(4949)


VOTE:

======================================================
Candidate: CAN-2000-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0644
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing a STAT command while the LIST command is still
executing.

INFERRED ACTION: CAN-2000-0644 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:wftpd-stat-dos(5003)


VOTE:

======================================================
Candidate: CAN-2000-0651
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0651
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440

The ClientTrust program in Novell BorderManager does not properly
verify the origin of authentication requests, which could allow remote
attackers to impersonate another user by replaying the authentication
requests and responses from port 3024 of the victim's machine.

INFERRED ACTION: CAN-2000-0651 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:novell-bordermanager-verification(5186)


VOTE:

======================================================
Candidate: CAN-2000-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0652
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500

IBM WebSphere allows remote attackers to read source code for
executable web files by directly calling the default InvokerServlet
using a URL which contains the "/servlet/file" string.

INFERRED ACTION: CAN-2000-0652 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Christey, Wall, Cole

Comments:
 Frech> F:websphere-showcode(5012)
 Christey> The discoverers claim that APAR PQ39857 fixes the problem,
   but it could not be found on:
   http://www-4.ibm.com/software/webservers/appserv/efix.html


VOTE:

======================================================
Candidate: CAN-2000-0661
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0661
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448

WircSrv IRC Server 5.07s allows remote attackers to cause a denial of
service via a long string to the server port.

INFERRED ACTION: CAN-2000-0661 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:wircsrv-character-flood-dos(4914)


VOTE:

======================================================
Candidate: CAN-2000-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0665
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478

AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
cause a denial of service via a long username.

INFERRED ACTION: CAN-2000-0665 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Christey, Wall, Cole

Comments:
 Frech> XF:gamsoft-telsrv-dos(4945)
 Christey> Change vendor name to "GAMSoft"
   ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
   http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html

   This is an additional impact of the same DoS described in the
   earlier NTBUGTRAQ post.


VOTE:

======================================================
Candidate: CAN-2000-0669
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0669
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467

Novell Netware 5.0 allows remote attackers to cause a denial of
service by flooding port 40193 with random data.

INFERRED ACTION: CAN-2000-0669 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:netware-port40193-dos(4932)
   In the description, correct spelling is NetWare.


VOTE:

======================================================
Candidate: CAN-2000-0674
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0674
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471

ftp.pl CGI program for Virtual Visions FTP browser allows remote
attackers to read directories outside of the document root via a
.. (dot dot) attack.

INFERRED ACTION: CAN-2000-0674 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:virtualvision-ftp-browser(5187)


VOTE:

======================================================
Candidate: CAN-2000-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0675
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
attackers to execute arbitrary commands via a long string.

INFERRED ACTION: CAN-2000-0675 MOREVOTES-1 (2 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:gatekeeper-long-string-bo(4948)


VOTE:

======================================================
Candidate: CAN-2000-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0677
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000921
Assigned: 20000823
Category: SF
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/

Buffer overflow in IBM Net.Data db2www CGI program allows remote
attackers to execute arbitrary commands via a long PATH_INFO
environmental variable.

INFERRED ACTION: CAN-2000-0677 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

Page Last Updated or Reviewed: May 22, 2007