[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 68 recent candidates from RECENT-23 to RECENT-27



I have made a Final Decision to ACCEPT the following candidates from
the RECENT-23 through RECENT-27 clusters.  These candidates are now
assigned CVE names as noted below.  The resulting CVE entries will be
published in the near future in a new version of CVE.  Voting details
and comments are provided at the end of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-2000-0466	CVE-2000-0466
CAN-2000-0469	CVE-2000-0469
CAN-2000-0471	CVE-2000-0471
CAN-2000-0472	CVE-2000-0472
CAN-2000-0475	CVE-2000-0475
CAN-2000-0477	CVE-2000-0477
CAN-2000-0478	CVE-2000-0478
CAN-2000-0482	CVE-2000-0482
CAN-2000-0483	CVE-2000-0483
CAN-2000-0484	CVE-2000-0484
CAN-2000-0485	CVE-2000-0485
CAN-2000-0494	CVE-2000-0494
CAN-2000-0497	CVE-2000-0497
CAN-2000-0499	CVE-2000-0499
CAN-2000-0500	CVE-2000-0500
CAN-2000-0501	CVE-2000-0501
CAN-2000-0506	CVE-2000-0506
CAN-2000-0508	CVE-2000-0508
CAN-2000-0510	CVE-2000-0510
CAN-2000-0511	CVE-2000-0511
CAN-2000-0512	CVE-2000-0512
CAN-2000-0513	CVE-2000-0513
CAN-2000-0514	CVE-2000-0514
CAN-2000-0515	CVE-2000-0515
CAN-2000-0516	CVE-2000-0516
CAN-2000-0522	CVE-2000-0522
CAN-2000-0525	CVE-2000-0525
CAN-2000-0528	CVE-2000-0528
CAN-2000-0529	CVE-2000-0529
CAN-2000-0532	CVE-2000-0532
CAN-2000-0533	CVE-2000-0533
CAN-2000-0534	CVE-2000-0534
CAN-2000-0538	CVE-2000-0538
CAN-2000-0539	CVE-2000-0539
CAN-2000-0540	CVE-2000-0540
CAN-2000-0548	CVE-2000-0548
CAN-2000-0549	CVE-2000-0549
CAN-2000-0550	CVE-2000-0550
CAN-2000-0552	CVE-2000-0552
CAN-2000-0555	CVE-2000-0555
CAN-2000-0558	CVE-2000-0558
CAN-2000-0561	CVE-2000-0561
CAN-2000-0566	CVE-2000-0566
CAN-2000-0567	CVE-2000-0567
CAN-2000-0571	CVE-2000-0571
CAN-2000-0579	CVE-2000-0579
CAN-2000-0582	CVE-2000-0582
CAN-2000-0583	CVE-2000-0583
CAN-2000-0584	CVE-2000-0584
CAN-2000-0585	CVE-2000-0585
CAN-2000-0586	CVE-2000-0586
CAN-2000-0587	CVE-2000-0587
CAN-2000-0588	CVE-2000-0588
CAN-2000-0591	CVE-2000-0591
CAN-2000-0594	CVE-2000-0594
CAN-2000-0595	CVE-2000-0595
CAN-2000-0596	CVE-2000-0596
CAN-2000-0597	CVE-2000-0597
CAN-2000-0598	CVE-2000-0598
CAN-2000-0599	CVE-2000-0599
CAN-2000-0601	CVE-2000-0601
CAN-2000-0602	CVE-2000-0602
CAN-2000-0603	CVE-2000-0603
CAN-2000-0604	CVE-2000-0604
CAN-2000-0610	CVE-2000-0610
CAN-2000-0611	CVE-2000-0611
CAN-2000-0613	CVE-2000-0613
CAN-2000-0616	CVE-2000-0616


======================================================
Candidate: CAN-2000-0466
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0466
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000620
Category: SF
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: XF:aix-cdmount-insecure-call
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384

AIX cdmount allows local users to gain root privileges via shell
metacharacters.


Modifications:
  ADDREF XF:aix-cdmount-insecure-call

INFERRED ACTION: CAN-2000-0466 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:aix-cdmount-insecure-call
 Frech> XF:aix-cdmount-insecure-call(4724)


======================================================
Candidate: CAN-2000-0469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0469
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347
Reference: XF:webbanner-input-validation-exe

Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.


Modifications:
  ADDREF XF:webbanner-input-validation-exe

INFERRED ACTION: CAN-2000-0469 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:webbanner-input-validation-exe
 Frech> XF:webbanner-input-validation-exe(4696)


======================================================
Candidate: CAN-2000-0471
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0471
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: SUNBUG:4339366
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348
Reference: XF:sol-ufsrestore-bo
Reference: URL:http://xforce.iss.net/static/4711.php

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local
users to gain root privileges via a long pathname.


Modifications:
  ADDREF XF:sol-ufsrestore-bo
  ADDREF SUNBUG:4339366

INFERRED ACTION: CAN-2000-0471 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Ozancin, Dik, Cole
   MODIFY(1) Frech
   NOOP(1) Christey
   REVIEWING(1) Armstrong

Voter Comments:
 Christey> XF:sol-ufsrestore-bo
 Frech> XF:sol-ufsrestore-bo(4711)
 Dik> sun bug: 4339366


======================================================
Candidate: CAN-2000-0472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0472
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: BUGTRAQ:20000707 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316
Reference: XF:innd-cancel-overflow
Reference: URL:http://xforce.iss.net/static/4615.php

Buffer overflow in innd 2.2.2 allows remote attackers to execute
arbitrary commands via a cancel request containing a long message ID.


Modifications:
  ADDREF BUGTRAQ:20000607 inn update
  ADDREF BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
  ADDREF BUGTRAQ:20000722 MDKSA-2000:023 inn update
  ADDREF XF:innd-cancel-overflow

INFERRED ACTION: CAN-2000-0472 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> Add Mandrake confirmation from:
   http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
 Christey> http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
 Christey> ADDREF BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
   http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
   ADDREF BUGTRAQ:20000722 MDKSA-2000:023 inn update
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
 Frech> XF:innd-cancel-overflow(4615)


======================================================
Candidate: CAN-2000-0475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0475
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350
Reference: XF:win2k-desktop-separation
Reference: URL:http://xforce.iss.net/static/4714.php

Windows 2000 allows a local user process to access another user's
desktop within the same windows station, aka the "Desktop Separation"
vulnerability.


Modifications:
  ADDREF XF:win2k-desktop-separation

INFERRED ACTION: CAN-2000-0475 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF XF:win2k-desktop-separation
 Frech> XF:win2k-desktop-separation(4714)


======================================================
Candidate: CAN-2000-0477
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0477
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0316.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-zip-bo
Reference: URL:http://xforce.iss.net/static/4710.php

Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows
remote attackers to cause a denial of service via a .zip file that
contains long file names.


Modifications:
  ADDREF XF:antivirus-nav-zip-bo

INFERRED ACTION: CAN-2000-0477 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Prosser
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:antivirus-nav-zip-bo
 Frech> XF:antivirus-nav-zip-bo(4710)
 Prosser> This problem along with CAN-2000-0478 was verified by the NAVMSE team in the same message, ref Bugtraq message, Wed Jun 28 2000 09:31:49 Subj:  Re: Vulnerabilities in Norton Antivirus for Exchange with fix coded in NAVMSE 2.1.


======================================================
Candidate: CAN-2000-0478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0478
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: XF:antivirus-nav-fail-open
Reference: URL:http://xforce.iss.net/static/4709.php

In some cases, Norton Antivirus for Exchange (NavExchange) enters a
"fail-open" state which allows viruses to pass through the server.


Modifications:
  ADDREF XF:antivirus-nav-fail-open

INFERRED ACTION: CAN-2000-0478 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Prosser
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:antivirus-nav-fail-open
 Frech> XF:antivirus-nav-fail-open(4709)
 Prosser> This was verified by the NAVMSE team, ref Bugtraq message, Wed Jun 28 2000 09:31:49 Subj:  Re: Vulnerabilities in Norton Antivirus for Exchange with fix coded in NAVMSE 2.1.


======================================================
Candidate: CAN-2000-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0482
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312
Reference: XF:fw1-packet-fragment-dos
Reference: URL:http://xforce.iss.net/static/4609.php

Check Point Firewall-1 allows remote attackers to cause a denial of
service by sending a large number of malformed fragmented IP packets.


Modifications:
  DESC [correct spelling for FireWall-1]
  ADDREF CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
  ADDREF XF:fw1-packet-fragment-dos

INFERRED ACTION: CAN-2000-0482 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:fw1-packet-fragment-dos(4609)
   Check Point's product in question is spelled FireWall-1.
 Christey> It looks like this is confirmed by Check Point in:
   http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation


======================================================
Candidate: CAN-2000-0483
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0483
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: REDHAT:RHSA-2000:038-01
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2350
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354
Reference: XF:zope-dtml-remote-modify
Reference: URL:http://xforce.iss.net/static/4716.php

The DocumentTemplate package in Zope 2.2 and earlier allows a remote
attacker to modify DTMLDocuments or DTMLMethods without authorization.


Modifications:
  ADDREF XF:zope-dtml-remote-modify
  ADDREF BUGTRAQ:20000728 MDKSA-2000:026 Zope update
  ADDREF FREEBSD:FreeBSD-SA-00:38
  DESC [add version info]

INFERRED ACTION: CAN-2000-0483 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:zope-dtml-remote-modify
 Frech> XF:zope-dtml-remote-modify(4716)
 Christey> ADDREF BUGTRAQ:20000728 MDKSA-2000:026 Zope update
   http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
   ADDREF FREEBSD:FreeBSD-SA-00:38
   URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
   Add affected versions, too.


======================================================
Candidate: CAN-2000-0484
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0484
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355
Reference: XF:small-http-get-overflow-dos
Reference: URL:http://xforce.iss.net/static/4692.php

Buffer overflow in Small HTTP Server allows remote attackers to cause
a denial of service via a long GET request.


Modifications:
  ADDREF XF:small-http-get-overflow-dos

INFERRED ACTION: CAN-2000-0484 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, Ozancin, Christey

Voter Comments:
 Christey> XF:small-http-get-overflow-dos
 Frech> XF:small-http-get-overflow-dos(4692)
 Wall> Confirmed by UssrLabs for version 1.212 of Small HTTP Server.


======================================================
Candidate: CAN-2000-0485
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0485
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Reference: URL:http://www.securityfocus.com/archive/1/62771
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292
Reference: XF:mssql-dts-reveal-passwords
Reference: URL:http://xforce.iss.net/static/4582.php

Microsoft SQL Server allows local users to obtain database passwords
via the Data Transformation Service (DTS) package Properties dialog,
aka the "DTS Password" vulnerability.


Modifications:
  ADDREF XF:mssql-dts-reveal-passwords

INFERRED ACTION: CAN-2000-0485 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> mssql-dts-reveal-passwords(4582)
 Christey> ADDREF http://www.securityfocus.com/templates/archive.pike?list=1&msg=002201bfca52$9ce75ac0$78779dd0@adscorp.com
 Christey> There are 2 different dialogs which allow you to get to the
   database passwords; one is captured in CAN-2000-0485, and the
   other in CAN-2000-0485.  CD:SF-LOC suggests keeping these
   split.


======================================================
Candidate: CAN-2000-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0494
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356
Reference: XF:veritas-volume-manager

Veritas Volume Manager creates a world writable .server_pids file,
which allows local users to add arbitrary commands into the file,
which is then executed by the vmsa_server script.


Modifications:
  ADDREF XF:veritas-volume-manager
  ADDREF CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm

INFERRED ACTION: CAN-2000-0494 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Armstrong, Ozancin, Christey, Cole

Voter Comments:
 Frech> XF:veritas-volume-manager(5009)
 Christey> CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
   This is dated September 1, 2000 and has TechNote ID 230053.

   Confirmation text is:
   VERITAS has uncovered a security issue ...
   Since the umask at boot time for Solaris versions prior to 2.8 is
   000, the permissions for files such as /var/opt/vmsa/logs/.server_pids
   are set to 666. This allows any user to enter commands in this file,
   and these commands will be executed when vmsa_server is stopped by an
   administrator.  System security is compromised as a result.


======================================================
Candidate: CAN-2000-0497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0497
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:websphere-jsp-source-read

IBM WebSphere server 3.0.2 allows a remote attacker to view source
code of a JSP program by requesting a URL which provides the JSP
extension in upper case.


Modifications:
  ADDREF XF:websphere-jsp-source-read

INFERRED ACTION: CAN-2000-0497 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Ozancin, Christey

Voter Comments:
 Christey> XF:websphere-jsp-source-read
 Frech> XF:websphere-jsp-source-read(4697)


======================================================
Candidate: CAN-2000-0499
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0499
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:weblogic-jsp-source-read
Reference: URL:http://xforce.iss.net/static/4694.php

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a
remote attacker to view source code of a JSP program by requesting a
URL which provides the JSP extension in upper case.


Modifications:
  ADDREF XF:weblogic-jsp-source-read
  ADDREF CONFIRM:http://developer.bea.com/alerts/security_000612.html
  DESC change to identify as configuration problem, add versions

INFERRED ACTION: CAN-2000-0499 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Ozancin, Christey

Voter Comments:
 Frech> XF:weblogic-jsp-source-read(4694)
   In description, change to: "by requesting a URL that ..."
 Christey> CONFIRM:http://developer.bea.com/alerts/security_000612.html
 Christey> Change description to reflect that this is a default
   configuration problem.
   CONFIRM:http://developer.bea.com/alerts/security_000612.html


======================================================
Candidate: CAN-2000-0500
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0500
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378
Reference: XF:weblogic-file-source-read
Reference: URL:http://xforce.iss.net/static/4775.php

The default configuration of BEA WebLogic 5.1.0 allows a remote
attacker to view source code of programs by requesting a URL beginning
with /file/, which causes the default servlet to display the file
without further processing.


Modifications:
  ADDREF CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
  ADDREF XF:weblogic-file-source-read

INFERRED ACTION: CAN-2000-0500 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
 Frech> XF:weblogic-file-source-read(4775)
 Christey> Change description to reflect that this is a default
   configuration problem.
   CONFIRM:http://developer.bea.com/alerts/security_000621.html


======================================================
Candidate: CAN-2000-0501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0501
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366
Reference: XF:mdaemon-pass-dos
Reference: URL:http://xforce.iss.net/static/4745.php

Race condition in MDaemon 2.8.5.0 POP server allows local users to
cause a denial of service by entering a UIDL command and quickly
exiting the server.


Modifications:
  ADDREF XF:mdaemon-pass-dos

INFERRED ACTION: CAN-2000-0501 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Armstrong, Levy, Wall, Cole
   MODIFY(1) Frech
   NOOP(2) Ozancin, Christey

Voter Comments:
 Christey> XF:mdaemon-pass-dos
 Frech> XF:mdaemon-pass-dos(4745)
 Wall> Vendor agrees and has put out a patch.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0506
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: REDHAT:RHSA-2000:037-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037-05.html
Reference: TURBO:TLSA2000013-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html
Reference: SGI:20000802-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: XF:linux-kernel-capabilities

The "capabilities" feature in Linux before 2.2.16 allows local users
to cause a denial of service or gain privileges by setting the
capabilities to prevent a setuid program from dropping privileges, aka
the "Linux kernel setuid/setcap vulnerability."


Modifications:
  ADDREF REDHAT:RHSA-2000:037-05
  ADDREF XF:linux-kernel-capabilities
  ADDREF SGI:20000802-01-P

INFERRED ACTION: CAN-2000-0506 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF REDHAT:RHSA-2000:037-05
   URL:http://www.redhat.com/support/errata/RHSA-2000-037-05.html
 Frech> XF:linux-kernel-capabilities(4650)
 Christey> ADDREF SGI:20000802-01-P
   ftp://sgigate.sgi.com/security/20000802-01-P


======================================================
Candidate: CAN-2000-0508
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0508
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372
Reference: XF:linux-lockd-remote-dos
Reference: URL:http://xforce.iss.net/static/5050.php

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to
cause a denial of service via a malformed request.


Modifications:
  ADDREF XF:linux-lockd-remote-dos

INFERRED ACTION: CAN-2000-0508 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:linux-lockd-remote-dos(5050)


======================================================
Candidate: CAN-2000-0510
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0510
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-malformed-ipp
Reference: URL:http://xforce.iss.net/static/4846.php

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a malformed IPP request.


Modifications:
  ADDREF XF:debian-cups-malformed-ipp

INFERRED ACTION: CAN-2000-0510 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:debian-cups-malformed-ipp
 Frech> XF:debian-cups-posts(4846)


======================================================
Candidate: CAN-2000-0511
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0511
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a CGI POST request.


Modifications:
  ADDREF XF:debian-cups-posts

INFERRED ACTION: CAN-2000-0511 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:debian-cups-posts(4846)


======================================================
Candidate: CAN-2000-0512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0512
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

CUPS (Common Unix Printing System) 1.04 and earlier does not properly
delete request files, which allows a remote attacker to cause a denial
of service.


Modifications:
  ADDREF XF:debian-cups-posts

INFERRED ACTION: CAN-2000-0512 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:debian-cups-posts(4846)


======================================================
Candidate: CAN-2000-0513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0513
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: XF:debian-cups-posts
Reference: URL:http://xforce.iss.net/static/4846.php

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service by authenticating with a user
name that does not exist or does not have a shadow password.


Modifications:
  ADDREF XF:debian-cups-posts

INFERRED ACTION: CAN-2000-0513 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:debian-cups-posts(4846)


======================================================
Candidate: CAN-2000-0514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0514
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374
Reference: XF:kerberos-gssftpd-dos
Reference: URL:http://xforce.iss.net/static/4734.php

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict
access to some FTP commands, which allows remote attackers to cause a
denial of service, and local users to gain root privileges.


Modifications:
  ADDREF XF:kerberos-gssftpd-dos(4734)

INFERRED ACTION: CAN-2000-0514 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:kerberos-gssftpd-dos
 Frech> XF:kerberos-gssftpd-dos(4734)


======================================================
Candidate: CAN-2000-0515
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0515
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327
Reference: XF:hpux-snmp-daemon
Reference: URL:http://xforce.iss.net/static/4643.php

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX
11.0 is world writable, which allows local users to modify SNMP
configuration or gain privileges.


Modifications:
  ADDREF XF:hpux-snmp-daemon

INFERRED ACTION: CAN-2000-0515 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:hpux-snmp-daemon(4643)


======================================================
Candidate: CAN-2000-0516
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0516
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329
Reference: XF:shiva-plaintext-ldap-password
Reference: URL:http://xforce.iss.net/static/4612.php

When configured to store configuration information in an LDAP
directory, Shiva Access Manager 5.0.0 stores the root DN
(Distinguished Name) name and password in cleartext in a file that is
world readable, which allows local users to compromise the LDAP
server.


Modifications:
  ADDREF XF:shiva-plaintext-ldap-password

INFERRED ACTION: CAN-2000-0516 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:shiva-plaintext-ldap-password(4612)


======================================================
Candidate: CAN-2000-0522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0522
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332
Reference: XF:aceserver-udp-packet-dos
Reference: URL:http://xforce.iss.net/static/5053.php

RSA ACE/Server allows remote attackers to cause a denial of service by
flooding the server's authentication request port with UDP packets,
which causes the server to crash.


Modifications:
  ADDREF CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
  ADDREF BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
  ADDREF XF:aceserver-udp-packet-dos

INFERRED ACTION: CAN-2000-0522 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
   ADDREF http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
 Frech> XF:aceserver-udp-packet-dos(5053)


======================================================
Candidate: CAN-2000-0525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0525
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334
Reference: XF:openssh-uselogin-remote-exec
Reference: URL:http://xforce.iss.net/static/4646.php

OpenSSH does not properly drop privileges when the UseLogin option is
enabled, which allows local users to execute arbitrary commands by
providing the command to the ssh daemon.


Modifications:
  ADDREF XF:openssh-uselogin-remote-exec

INFERRED ACTION: CAN-2000-0525 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> XF:openssh-uselogin-remote-exec
   http://archives.neohapsis.com/archives/freebsd/2000-07/0040.html
 Frech> XF:openssh-uselogin-remote-exec(4646)


======================================================
Candidate: CAN-2000-0528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0528
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364
Reference: XF:nettools-pki-unauthenticated-access
Reference: URL:http://xforce.iss.net/static/4743.php

Net Tools PKI Server does not properly restrict access to remote
attackers when the XUDA template files do not contain absolute
pathnames for other files.


Modifications:
  ADDREF XF:nettools-pki-unauthenticated-access

INFERRED ACTION: CAN-2000-0528 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:nettools-pki-unauthenticated-access
 Frech> XF:nettools-pki-unauthenticated-access(4743)


======================================================
Candidate: CAN-2000-0529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0529
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363
Reference: XF:nettools-pki-http-bo
Reference: URL:http://xforce.iss.net/static/4744.php

Net Tools PKI Server allows remote attackers to cause a denial of
service via a long HTTP request.


Modifications:
  ADDREF XF:nettools-pki-http-bo

INFERRED ACTION: CAN-2000-0529 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:nettools-pki-http-bo
 Frech> XF:nettools-pki-http-bo(4744)


======================================================
Candidate: CAN-2000-0532
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0532
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323
Reference: XF:freebsd-ssh-ports
Reference: URL:http://xforce.iss.net/static/4638.php

A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port
722 as well as port 22, which might allow remote attackers to access
SSH through port 722 even if port 22 is otherwise filtered.


Modifications:
  ADDREF XF:freebsd-ssh-ports

INFERRED ACTION: CAN-2000-0532 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:freebsd-ssh-ports(4638)


======================================================
Candidate: CAN-2000-0533
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0533
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379
Reference: XF:irix-workshop-cvconnect-overwrite
Reference: URL:http://xforce.iss.net/static/4725.php

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to
overwrite arbitrary files.


Modifications:
  ADDREF irix-workshop-cvconnect-overwrite(4725)

INFERRED ACTION: CAN-2000-0533 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:irix-workshop-cvconnect-overwrite
 Frech> XF:irix-workshop-cvconnect-overwrite(4725)


======================================================
Candidate: CAN-2000-0534
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0534
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325
Reference: XF:apsfilter-elevate-privileges
Reference: URL:http://xforce.iss.net/static/4617.php

The apsfilter software in the FreeBSD ports package does not properly
read user filter configurations, which allows local users to execute
commands as the lpd user.


Modifications:
  ADDREF XF:apsfilter-elevate-privileges

INFERRED ACTION: CAN-2000-0534 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin

Voter Comments:
 Frech> XF:apsfilter-elevate-privileges(4617)


======================================================
Candidate: CAN-2000-0538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0538
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314
Reference: XF:coldfusion-parse-dos
Reference: URL:http://xforce.iss.net/static/4611.php

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows
remote attackers to cause a denial of service via a long login
password.


Modifications:
  ADDREF XF:coldfusion-parse-dos

INFERRED ACTION: CAN-2000-0538 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Wall, Ozancin
   MODIFY(1) Frech
   NOOP(1) LeBlanc

Voter Comments:
 Frech> XF:coldfusion-parse-dos(4611)


======================================================
Candidate: CAN-2000-0539
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0539
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php

Servlet examples in Allaire JRun 2.3.x allow remote attackers to
obtain sensitive information, e.g. listing HttpSession ID's via the
SessionServlet servlet.


Modifications:
  ADDREF XF:jrun-read-sample-files

INFERRED ACTION: CAN-2000-0539 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:jrun-read-sample-files(4774)


======================================================
Candidate: CAN-2000-0540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0540
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: XF:jrun-read-sample-files
Reference: URL:http://xforce.iss.net/static/4774.php

JSP sample files in Allaire JRun 2.3.x allow remote attackers to
access arbitrary files (e.g. via viewsource.jsp) or obtain
configuration information.


Modifications:
  ADDREF XF:jrun-read-sample-files

INFERRED ACTION: CAN-2000-0540 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:jrun-read-sample-files(4774)


======================================================
Candidate: CAN-2000-0548
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0548
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-emsg-bo

Buffer overflow in Kerberos 4 KDC program allows remote attackers to
cause a denial of service via the e_msg variable in the kerb_err_reply
function.


Modifications:
  ADDREF XF:kerberos-emsg-bo
  DELREF BID:1338

INFERRED ACTION: CAN-2000-0548 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF XF:kerberos-emsg-bo
 Frech> XF:kerberos-emsg-bo(4658)
   Shouldn't BID:1338 (Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination
   Vulnerability) be assigned to CAN-2000-0549?
 Christey> Andre's right, BID:1338 should be assigned to CAN-2000-0549.
   So which BID should this one get?


======================================================
Candidate: CAN-2000-0549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0549
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml

Kerberos 4 KDC program does not properly check for null termination of
AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause
a denial of service via a malformed request.

INFERRED ACTION: CAN-2000-0549 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Ozancin
   MODIFY(2) Levy, Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF BID:1464
   URL:http://www.securityfocus.com/bid/1464
 Frech> XF:kerberos-authmsgkdcrequests(4659)
 CHANGE> [Levy changed vote from REVIEWING to MODIFY]
 Levy> Remove reference to BID 1464. Add reference to BID 1338.


======================================================
Candidate: CAN-2000-0550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0550
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: XF:kerberos-free-memory
Reference: BID:1465
Reference: URL:http://www.securityfocus.com/bid/1465

Kerberos 4 KDC program improperly frees memory twice (aka
"double-free"), which allows remote attackers to cause a denial of
service.


Modifications:
  ADDREF XF:kerberos-free-memory
  ADDREF BID:1465

INFERRED ACTION: CAN-2000-0550 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> XF:kerberos-free-memory
 Christey> ADDREF BID:1465
   URL:http://www.securityfocus.com/bid/1465
 Frech> XF:kerberos-free-memory(4660)
 CHANGE> [Levy changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0552
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307
Reference: XF:icq-temp-link
Reference: URL:http://xforce.iss.net/static/4607.php

ICQwebmail client for ICQ 2000A creates a world readable temporary
file during login and does not delete it, which allows local users to
obtain sensitive information.


Modifications:
  ADDREF XF:icq-temp-link

INFERRED ACTION: CAN-2000-0552 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:icq-temp-link(4607)


======================================================
Candidate: CAN-2000-0555
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0555
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320
Reference: XF:ceilidh-post-dos
Reference: URL:http://xforce.iss.net/static/4622.php

Ceilidh allows remote attackers to cause a denial of service via a
large number of POST requests.


Modifications:
  ADDREF XF:ceilidh-post-dos

INFERRED ACTION: CAN-2000-0555 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Christey> ADDREF XF:ceilidh-post-dos
 Frech> XF:ceilidh-post-dos(4622)


======================================================
Candidate: CAN-2000-0558
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0558
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html
Reference: BID:1317
Reference: URL:http://www.securityfocus.com/bid/1317

Buffer overflow in HP Openview Network Node Manager 6.1 allows remote
attackers to execute arbitrary commands via the Alarm service
(OVALARMSRV) on port 2345.

INFERRED ACTION: CAN-2000-0558 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:hp-openview-nnm-bo(4619)
 Christey> HP:HPSBUX0008-119 describes a vulnerability in NMM 6.1,
   but its sparse comments imply that the problem is related
   to web passwords, but there's no mention of that in the
   original Bugtraq post for this candidate.
 Christey> ADDREF HP:HPSBUX0009-122
   URL:http://www.securityfocus.com/templates/advisory.html?id=2675
   The advisory is pretty clearly related to this vulnerability.
   So, which one is HP:HPSBUX0008-119 addressing?


======================================================
Candidate: CAN-2000-0561
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0561
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
Reference: BID:1365
Reference: URL:http://www.securityfocus.com/bid/1365
Reference: XF:webbbs-get-request-overflow
Reference: URL:http://xforce.iss.net/static/4742.php

Buffer overflow in WebBBS 1.15 allows remote attackers to execute
arbitrary commands via a long HTTP GET request.


Modifications:
  ADDREF XF:webbbs-get-request-overflow

INFERRED ACTION: CAN-2000-0561 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, Ozancin, Christey

Voter Comments:
 Christey> XF:webbbs-get-request-overflow
 Frech> XF:webbbs-get-request-overflow(4742)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0566
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0566
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000712
Category: SF
Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis
Reference: REDHAT:RHSA-2000:041-02
Reference: BID:1434
Reference: CALDERA:CSSA-2000-021.0
Reference: BUGTRAQ:20000707 [Security Announce] man update
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html
Reference: XF:linux-man-makewhatis-tmp
Reference: URL:http://xforce.iss.net/static/4900.php

makewhatis in Linux man package allows local users to overwrite files
via a symlink attack.


Modifications:
  ADDREF XF:linux-man-makewhatis-tmp
  ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN

INFERRED ACTION: CAN-2000-0566 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Magdych, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> XF:linux-man-makewhatis-tmp(4900)
 Christey> ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html


======================================================
Candidate: CAN-2000-0567
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0567
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: MS:MS00-043
Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients
Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients
Reference: BID:1481
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481
Reference: XF:outlook-date-overflow
Reference: URL:http://xforce.iss.net/static/4953.php

Buffer overflow in Microsoft Outlook and Outlook Express allows remote
attackers to execute arbitrary commands via a long Date field in an
email header, aka the "Malformed E-mail Header" vulnerability.


Modifications:
  ADDREF XF:outlook-date-overflow

INFERRED ACTION: CAN-2000-0567 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Magdych, Cole
   MODIFY(2) LeBlanc, Frech

Voter Comments:
 LeBlanc> Need to add recent MS bulletin as reference
 Frech> XF:outlook-date-overflow(4953)


======================================================
Candidate: CAN-2000-0571
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0571
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com
Reference: BID:1423
Reference: URL:http://www.securityfocus.com/bid/1423
Reference: XF:localweb-get-bo
Reference: URL:http://xforce.iss.net/static/4896.php

LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial
of service via a long GET request.


Modifications:
  ADDREF XF:localweb-get-bo

INFERRED ACTION: CAN-2000-0571 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Magdych, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:localweb-get-bo(4896)


======================================================
Candidate: CAN-2000-0579
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0579
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: BID:1413
Reference: URL:http://www.securityfocus.com/bid/1413
Reference: XF:irix-cron-modify-crontab

IRIX crontab creates temporary files with predictable file names and
with the umask of the user, which could allow local users to modify
another user's crontab file as it is being edited.


Modifications:
  ADDREF XF:irix-cron-modify-crontab

INFERRED ACTION: CAN-2000-0579 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Blake, Ozancin, Cole
   MODIFY(1) Frech
   NOOP(3) Armstrong, Wall, LeBlanc
   REVIEWING(1) Magdych

Voter Comments:
 Frech> XF:irix-cron-modify-crontab(5008)
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-2000-0582
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0582
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
Reference: XF:fw1-resource-overload-dos
Reference: BID:1416
Reference: URL:http://www.securityfocus.com/bid/1416

Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a
denial of service by sending a stream of invalid commands (such as
binary zeros) to the SMTP Security Server proxy.


Modifications:
  ADDREF CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
  DESC Mention "invalid commands" instead of just binary zeros.

INFERRED ACTION: CAN-2000-0582 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Frech, Cole
   NOOP(3) Wall, LeBlanc, Christey
   REVIEWING(1) Magdych

Voter Comments:
 Christey> It looks like this is confirmed by Check Point in:
   http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security


======================================================
Candidate: CAN-2000-0583
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0583
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com
Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog
Reference: BID:1418
Reference: URL:http://www.securityfocus.com/bid/1418
Reference: XF:vpopmail-format-string

vchkpw program in vpopmail before version 4.8 does not properly cleanse
an untrusted format string used in a call to syslog, which allows
remote attackers to cause a denial of service via a USER or PASS
command that contains arbitrary formatting directives.


Modifications:
  ADDREF XF:vpopmail-format-string

INFERRED ACTION: CAN-2000-0583 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole
   REVIEWING(1) Magdych

Voter Comments:
 Frech> XF:vpopmail-format-string(5046)


======================================================
Candidate: CAN-2000-0584
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0584
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html
Reference: DEBIAN:20000701 canna server: buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html
Reference: FREEBSD:FreeBSD-SA-00:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1
Reference: BID:1445
Reference: URL:http://www.securityfocus.com/bid/1445
Reference: XF:canna-bin-execute-bo
Reference: URL:http://xforce.iss.net/static/4912.php

Buffer overflow in Canna input system allows remote attackers to
execute arbitrary commands via an SR_INIT command with a long user
name or group name.


Modifications:
  ADDREF XF:canna-bin-execute-bo

INFERRED ACTION: CAN-2000-0584 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Magdych
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:canna-bin-execute-bo(4912)


======================================================
Candidate: CAN-2000-0585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0585
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html
Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
Reference: URL:http://www.openbsd.org/errata.html#dhclient
Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client
Reference: URL:http://www.debian.org/security/2000/20000628
Reference: FREEBSD:FreeBSD-SA-00:34
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc
Reference: BUGTRAQ:20000702 [Security Announce] dhcp update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html
Reference: SUSE:20000711 Security Hole in dhclient < 2.0
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_56.txt
Reference: NETBSD:NetBSD-SA2000-008
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc
Reference: BID:1388
Reference: URL:http://www.securityfocus.com/bid/1388
Reference: XF:openbsd-isc-dhcp
Reference: URL:http://xforce.iss.net/static/4772.php

ISC DHCP client program dhclient allows remote attackers to execute
arbitrary commands via shell metacharacters.


Modifications:
  DELREF XF:openbsd-isc-dhcp-bo
  ADDREF XF:openbsd-isc-dhcp
  ADDREF FREEBSD:FreeBSD-SA-00:34

INFERRED ACTION: CAN-2000-0585 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Magdych, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Christey

Voter Comments:
 Frech> DELREF:XF:openbsd-isc-dhcp-bo
   ADDREF:XF:openbsd-isc-dhcp(4772)
 Christey> ADDREF FREEBSD:FreeBSD-SA-00:34


======================================================
Candidate: CAN-2000-0586
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0586
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html
Reference: XF:ircd-dalnet-summon-bo
Reference: BID:1404
Reference: URL:http://www.securityfocus.com/bid/1404

Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to
cause a denial of service or execute arbitrary commands via the SUMMON
command.

INFERRED ACTION: CAN-2000-0586 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Frech, Magdych
   NOOP(3) Wall, LeBlanc, Cole


======================================================
Candidate: CAN-2000-0587
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0587
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: XF:glftpd-privpath-directive
Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl
Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
Reference: BID:1401
Reference: URL:http://www.securityfocus.com/bid/1401

The privpath directive in glftpd 1.18 allows remote attackers to
bypass access restrictions for directories by using the file name
completion capability.

INFERRED ACTION: CAN-2000-0587 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Frech, Magdych
   NOOP(3) Wall, LeBlanc, Cole


======================================================
Candidate: CAN-2000-0588
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0588
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Reference: BID:1402
Reference: URL:http://www.securityfocus.com/bid/1402
Reference: XF:sawmill-file-access

SawMill 5.0.21 CGI program allows remote attackers to read the first
line of arbitrary files by listing the file in the rfcf parameter,
whose contents SawMill attempts to parse as configuration commands.

INFERRED ACTION: CAN-2000-0588 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Frech
   NOOP(3) Wall, LeBlanc, Cole
   REVIEWING(1) Magdych


======================================================
Candidate: CAN-2000-0591
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0591
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html
Reference: BID:1432
Reference: URL:http://www.securityfocus.com/bid/1432
Reference: XF:bordermanager-bypass-url-restriction

Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL
filtering by encoding characters in the requested URL.


Modifications:
  ADDREF XF:bordermanager-bypass-url-restriction

INFERRED ACTION: CAN-2000-0591 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc
   REVIEWING(1) Magdych

Voter Comments:
 Frech> XF:bordermanager-bypass-url-restriction(4906)


======================================================
Candidate: CAN-2000-0594
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0594
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: VULN-DEV:20000704 BitchX /ignore bug
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html
Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html
Reference: REDHAT:RHSA-2000:042-01
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2383
Reference: FREEBSD:FreeBSD-SA-00:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html
Reference: CALDERA:CSSA-2000-022.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt
Reference: BUGTRAQ:20000707 BitchX update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html
Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html
Reference: BID:1436
Reference: URL:http://www.securityfocus.com/bid/1436
Reference: XF:irc-bitchx-invite-dos
Reference: URL:http://xforce.iss.net/static/4897.php

BitchX IRC client does not properly cleanse an untrusted format
string, which allows remote attackers to cause a denial of service via
an invite to a channel whose name includes special formatting
characters.


Modifications:
  ADDREF XF:irc-bitchx-invite-dos

INFERRED ACTION: CAN-2000-0594 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Magdych, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:irc-bitchx-invite-dos(4897)
   Caldera's advisory is at
   http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.tx
   t.
   In the interim, the Red Hat advisory is listed at
   http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3
   D2383.


======================================================
Candidate: CAN-2000-0595
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0595
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:24
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html
Reference: BID:1437
Reference: URL:http://www.securityfocus.com/bid/1437
Reference: XF:bsd-libedit-editrc

libedit searches for the .editrc file in the current directory instead
of the user's home directory, which may allow local users to execute
arbitrary commands by installing a modified .editrc in another
directory.


Modifications:
  ADDREF XF:bsd-libedit-editrc

INFERRED ACTION: CAN-2000-0595 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc
   REVIEWING(1) Magdych

Voter Comments:
 Frech> XF:bsd-libedit-editrc(4911)


======================================================
Candidate: CAN-2000-0596
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0596
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg
Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu
Reference: MS:MS00-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp
Reference: CERT:CA-2000-16
Reference: URL:http://www.cert.org/advisories/CA-2000-16.html
Reference: XF:ie-access-vba-code-execute
Reference: BID:1398
Reference: URL:http://www.securityfocus.com/bid/1398

Internet Explorer 5.x does not warn a user before opening a Microsoft
Access database file that is referenced within ActiveX OBJECT tags in
an HTML document, which could allow remote attackers to execute
arbitrary commands, aka the "IE Script" vulnerability.


Modifications:
  ADDREF CERT:CA-2000-16

INFERRED ACTION: CAN-2000-0596 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(6) Levy, Wall, LeBlanc, Frech, Magdych, Cole
   NOOP(1) Christey

Voter Comments:
 Christey> ADDREF CERT:CA-2000-16


======================================================
Candidate: CAN-2000-0597
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0597
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg
Reference: MS:MS00-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp
Reference: BID:1399
Reference: URL:http://www.securityfocus.com/bid/1399
Reference: XF:ie-powerpoint-activex-object-execute

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are
marked as safe for scripting, which allows remote attackers to force
Internet Explorer or some email clients to save files to arbitrary
locations via the Visual Basic for Applications (VBA) SaveAs function,
aka the "Office HTML Script" vulnerability.

INFERRED ACTION: CAN-2000-0597 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(6) Levy, Wall, LeBlanc, Frech, Magdych, Cole


======================================================
Candidate: CAN-2000-0598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0598
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html
Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm
Reference: BID:1395
Reference: URL:http://www.securityfocus.com/bid/1395
Reference: XF:fortech-proxy-telnet-gateway

Fortech Proxy+ allows remote attackers to bypass access restrictions
for to the administration service by redirecting their connections
through the telnet proxy.


Modifications:
  DELREF XF:proxyplus-telnet-gateway
  ADDREF MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm

INFERRED ACTION: CAN-2000-0598 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(4) Levy, Wall, Blake, Ozancin
   MODIFY(1) Frech
   NOOP(4) Armstrong, LeBlanc, Christey, Cole
   REVIEWING(1) Magdych

Voter Comments:
 Frech> DELREF XF:proxyplus-telnet-gateway
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> Included in X-Force and USSR Lab advisories.
 Christey> Possible vendor acknowledgement in a Change Log dated July 7 2000,
   at http://www.proxyplus.cz/faq/articles/EN/art01002.htm

   "Version 2.40 #184  07.07.2000" section says:

   Solved bug which could cause incorrect Insecure Interfaces detection.

   Solved bug with evaluating Access List ClientIP and InterfaceIP
   objects. In some cases parameters of the objects were improperly
   compared with client/interface IP addresses.

   Without knowing the product, it's hard to tell if this could be fixing
   the problem the discloser identified or not.  These fixes appear to
   happen within 2 weeks of the original post, so maybe this *is* fixing
   that problem.


======================================================
Candidate: CAN-2000-0599
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0599
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html
Reference: MISC:http://www.imesh.com/download/download.html
Reference: XF:imesh-tcp-port-overflow
Reference: BID:1407
Reference: URL:http://www.securityfocus.com/bid/1407

Buffer overflow in iMesh 1.02 allows remote attackers to execute
arbitrary commands via a long string to the iMesh port.


Modifications:
  ADDREF MISC:http://www.imesh.com/download/download.html

INFERRED ACTION: CAN-2000-0599 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(5) Levy, Wall, Blake, Frech, Cole
   NOOP(4) Armstrong, LeBlanc, Ozancin, Christey
   REVIEWING(1) Magdych

Voter Comments:
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> SecuriTeam has perl exploit.  Also included in X-Force and USSR Labs.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> Possible acknowledgement at:
   http://www.imesh.com/download/download.html
   A news column says version 1.02 build 118 was released; since discloser
   said 1.02 builds 116 and 117 were affected, this could be a
   fix. Select "new features" link to go to
   http://www.imesh.com/download/download.html

   Release date is listed as June 20, but discloser's post was June 29.
   So, did vendor provide the patch contrary to what discloser said they
   were told?  Under "client side:" section of new features, a comment
   says "Critical known issues have been solved."  Not certain if these
   refer to security, and/or if they refer to discloser's vulnerability.
   Timing is interesting since discloser said the vendor was notified on
   June 18.


======================================================
Candidate: CAN-2000-0601
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0601
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net
Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
Reference: XF:irc-leafchat-dos
Reference: BID:1396
Reference: URL:http://www.securityfocus.com/bid/1396

LeafChat 1.7 IRC client allows a remote IRC server to cause a denial
of service by rapidly sending a large amount of error messages.


Modifications:
  ADDREF CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html

INFERRED ACTION: CAN-2000-0601 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(5) Levy, Wall, Blake, Frech, Cole
   NOOP(4) Armstrong, LeBlanc, Ozancin, Christey
   REVIEWING(1) Magdych

Voter Comments:
 CHANGE> [Wall changed vote from NOOP to ACCEPT]
 Wall> Java exploit code at SecuriTeam.  Other multiple references.
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
   Statement in change log says: "Fixed (hopefully) some security flaws
   in message processing; invalid data received from server should now
   just be displayed to user [MDMA Crew]"

   Discloser identifies self as member of MDMA crew, so this is a
   confirmation.



======================================================
Candidate: CAN-2000-0602
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0602
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-secure-locate-path
Reference: BID:1385
Reference: URL:http://www.securityfocus.com/bid/1385

Secure Locate (slocate) in Red Hat Linux allows local users to gain
privileges via a malformed configuration file that is specified in the
LOCATE_PATH environmental variable.

INFERRED ACTION: CAN-2000-0602 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Frech, Magdych
   NOOP(3) Wall, LeBlanc, Cole


======================================================
Candidate: CAN-2000-0603
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0603
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: MS:MS00-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp
Reference: BID:1444
Reference: URL:http://www.securityfocus.com/bid/1444
Reference: XF:mssql-procedure-perms
Reference: URL:http://xforce.iss.net/static/4921.php

Microsoft SQL Server 7.0 allows a local user to bypass permissions for
stored procedures by referencing them via a temporary stored
procedure, aka the "Stored Procedure Permissions" vulnerability.


Modifications:
  ADDREF XF:mssql-procedure-perms

INFERRED ACTION: CAN-2000-0603 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(5) Levy, Wall, LeBlanc, Magdych, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mssql-procedure-perms(4921)


======================================================
Candidate: CAN-2000-0604
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0604
Final-Decision: 20001013
Interim-Decision: 20001011
Modified:
Proposed: 20000719
Assigned: 20000719
Category: CF
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: BID:1383
Reference: URL:http://www.securityfocus.com/bid/1383
Reference: XF:redhat-gkermit

gkermit in Red Hat Linux is improperly installed with setgid uucp,
which allows local users to modify files owned by uucp.

INFERRED ACTION: CAN-2000-0604 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Frech, Magdych
   NOOP(3) Wall, LeBlanc, Cole


======================================================
Candidate: CAN-2000-0610
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0610
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca
Reference: BID:1390
Reference: URL:http://www.securityfocus.com/bid/1390
Reference: XF:netwin-dmailweb-newline
Reference: URL:http://xforce.iss.net/static/4770.php

NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to
bypass authentication and use the server for mail relay via a username
that contains a carriage return.


Modifications:
  ADDREF XF:netwin-dmailweb-newline

INFERRED ACTION: CAN-2000-0610 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Magdych
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:netwin-dmailweb-newline(4770)


======================================================
Candidate: CAN-2000-0611
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0611
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: CF
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: BID:1391
Reference: URL:http://www.securityfocus.com/bid/1391
Reference: XF:netwin-dmailweb-auth
Reference: URL:http://xforce.iss.net/static/4771.php

The default configuration of NetWin dMailWeb and cwMail trusts all POP
servers, which allows attackers to bypass normal authentication and
cause a denial of service.


Modifications:
  ADDREF XF:netwin-dmailweb-auth

INFERRED ACTION: CAN-2000-0611 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(2) Levy, Magdych
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole

Voter Comments:
 Frech> XF:netwin-dmailweb-auth(4771)


======================================================
Candidate: CAN-2000-0613
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0613
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net
Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml
Reference: BID:1454
Reference: URL:http://www.securityfocus.com/bid/1454
Reference: XF:cisco-pix-firewall-tcp
Reference: URL:http://xforce.iss.net/static/4928.php

Cisco Secure PIX Firewall does not properly identify forged TCP Reset
(RST) packets, which allows remote attackers to force the firewall to
close legitimate connections.


Modifications:
  ADDREF XF:cisco-pix-firewall-tcp

INFERRED ACTION: CAN-2000-0613 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(3) Levy, Magdych, Cole
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:cisco-pix-firewall-tcp(4928)


======================================================
Candidate: CAN-2000-0616
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0616
Final-Decision: 20001013
Interim-Decision: 20001011
Modified: 20001010-1
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: HP:HPSBMP0006-007
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html
Reference: BID:1405
Reference: URL:http://www.securityfocus.com/bid/1405
Reference: XF:hp-turboimage-dbutil

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain
additional privileges via DBUTIL.PUB.SYS.


Modifications:
  ADDREF XF:hp-turboimage-dbutil

INFERRED ACTION: CAN-2000-0616 FINAL (Final Decision 20001013)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Cole
   REVIEWING(1) Magdych

Voter Comments:
 Frech> XF:hp-turboimage-dbutil(4943)

Page Last Updated or Reviewed: May 22, 2007