[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-42 - 37 candidates



The following cluster contains 37 candidates that were announced
between October 13 and October 25, 2000.

Note that the voting web site will not be updated with this cluster
until sometime Wednesday.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0818
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001013
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
Reference: URL:http://xforce.iss.net/alerts/advise66.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf

The default installation for the Oracle listener program 7.3.4, 8.0.6,
and 8.1.6 allows an attacker to cause logging information to be
appended to arbitrary files and execute commands via the SET TRC_FILE
or SET LOG_FILE commands.

Analysis
----------------
ED_PRI CAN-2000-0818 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0884
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001019
Category: SF
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Reference: BID:1806

IIS 4.0 and 5.0 allows remote attackers to read documents outside of
the web root, and possibly execute arbitrary commands, via malformed
URLs that contain UNICODE encoded characters, aka the "Web Server
Folder Traversal" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0884 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0915
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0915
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: XF:freebsd-fingerd-files
Reference: URL:http://xforce.iss.net/static/5385.php

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary
files by specifying the target file name instead of a regular user
name.

Analysis
----------------
ED_PRI CAN-2000-0915 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0966
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: XF:hp-lpspooler-bo
Reference: URL:http://xforce.iss.net/static/5379.php

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of
HP-UX 11.0 and earlier allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2000-0966 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0970
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-080
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp
Reference: XF:session-cookie-remote-retrieval
Reference: URL:http://xforce.iss.net/static/5396.php

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure
and insecure web sessions, which could allow remote attackers to
hijack the secure web session of the user if that user moves to an
insecure session, aka the "Session ID Cookie Marking" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0970 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0973
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: DEBIAN:20001013 curl and curl-ssl: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001013a
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: XF:curl-error-bo
Reference: URL:http://xforce.iss.net/static/5374.php

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier
than 6.0-1.2, allows remote attackers to execute arbitrary commands by
forcing a long error message to be generated.

Analysis
----------------
ED_PRI CAN-2000-0973 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0983
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: MSKB:Q273854
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: XF:netmeeting-desktop-sharing-dos
Reference: URL:http://xforce.iss.net/static/5368.php

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote
attackers to cause a denial of service (CPU utilization) via a
sequence of null bytes to the NetMeeting port, aka the "NetMeeting
Desktop Sharing" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0983 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0984
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: XF:cisco-ios-query-dos
Reference: URL:http://xforce.iss.net/static/5412.php

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to
cause a denial of service (crash and reload) via a URL containing a
"?/" string.

Analysis
----------------
ED_PRI CAN-2000-0984 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0991
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-079
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: XF:win-hyperterminal-telnet-bo
Reference: URL:http://xforce.iss.net/static/5387.php

Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98,
ME, and 2000 allows remote attackers to execute arbitrary commands via
a long telnet URL, aka the "HyperTerminal Buffer Overflow"
vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0991 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: REDHAT:RHSA-2000:086-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086-05.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820

Format string vulnerability in logging function of ypbind 3.3, while
running in debug mode, leaks file descriptors and allows an attacker
to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2000-1040 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt

Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root
privileges.

Analysis
----------------
ED_PRI CAN-2000-1041 1
Vendor Acknowledgement: yes advisory

INCLUSION:
Various sources say that an overflow exists, but it might not be exploitable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820

Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and
possibly other Linux operating systems, allows an attacker to gain
root privileges.

Analysis
----------------
ED_PRI CAN-2000-1044 1
Vendor Acknowledgement: yes advisory

REFERENCES:

Various OS vendors reported problems in ypbind, but SuSE is the only
one that specifically mentioned ypbind-mt.  The advisory seems to
imply that this is a rewrite of original YP functionality.

ABSTRACTION:

There is a possibility that this is the same format string problem as
the ypserv/vsyslog problem as described in MANDRAKE:MDKSA-2000:064.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: XF:allaire-jrun-webinf-access
Reference: URL:http://xforce.iss.net/static/5407.php

Allaire JRun 3.0 http servlet server allows remote attackers to
directly access the WEB-INF directory via a URL request that contains
an extra "/" in the beginning of the request (aka the "extra leading
slash").

Analysis
----------------
ED_PRI CAN-2000-1050 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: XF:allaire-jrun-ssifilter-url
Reference: URL:http://xforce.iss.net/static/5405.php

Directory traversal vulnerability in Allaire JRun 2.3 server allows
remote attackers to read arbitrary files via the SSIFilter servlet.

Analysis
----------------
ED_PRI CAN-2000-1051 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0810
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1782

Auction Weaver 1.0 through 1.04 does not properly validate the names
of form fields, which allows remote attackers to delete arbitrary
files and directories via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0810 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0811
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1783

Auction Weaver 1.0 through 1.04 allows remote attackers to read
arbitrary files via a .. (dot dot) attack on the username or bidfile
form fields.

Analysis
----------------
ED_PRI CAN-2000-0811 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0968
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: XF:halflife-server-changelevel-bo
Reference: URL:http://xforce.iss.net/static/5375.php

Buffer overflow in Half Life dedicated server before build 3104 allows
remote attackers to execute arbitrary commands via a long rcon
command.

Analysis
----------------
ED_PRI CAN-2000-0968 2
Vendor Acknowledgement: yes followup

There seem to be conflicting or duplicate reports on Bugtraq.  It
appears that the 2 posts referenced in this candidate both describe an
rcon buffer overflow.  A followup by the vendor does not mention the
changelevel command in conjunction with the buffer overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0969
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-rcon-format-string
Reference: URL:http://xforce.iss.net/static/5413.php

Format string vulnerability in Half Life dedicated server build 3104
and earlier allows remote attackers to execute arbitrary commands by
injecting format strings into the changelevel command, via the system
console or rcon.

Analysis
----------------
ED_PRI CAN-2000-0969 2
Vendor Acknowledgement: yes followup

A followup by the vendor indicates that the problem is in the
changelevel command as opposed to the rcon command, as implied by
other sources.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0981
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication
Reference: URL:http://xforce.iss.net/static/5409.php

MySQL Database Engine uses a weak authentication method which leaks
information that could be used by a remote attacker to recover the
password.

Analysis
----------------
ED_PRI CAN-2000-0981 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0990
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: XF:cmd5checkpw-qmail-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5382.php

cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial
of service via an "SMTP AUTH" command with an unknown username.

Analysis
----------------
ED_PRI CAN-2000-0990 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1001
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:200024 Price modification in Element InstantShop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267884631455&w=2

add_2_basket.asp in Element InstantShop allows remote attackers to
modify price information via the "price" hidden form variable.

Analysis
----------------
ED_PRI CAN-2000-1001 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and
possibly other Linux operating systems, allows an attacker to gain
root privileges when ypserv is built without a vsyslog() function.

Analysis
----------------
ED_PRI CAN-2000-1042 2
Vendor Acknowledgement: yes advisory

REFERENCES:

Various OS vendors reported problems in ypbind, but Mandrake is the
only one that specifically mentioned ypserv.  It is possible that the
other vendors fixed this ypserv problem but did not report it.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1

Format string vulnerability in ypserv in Mandrake Linux 7.1 and
earlier, and possibly other Linux operating systems, allows an
attacker to gain root privileges when ypserv is built without a
vsyslog() function.

Analysis
----------------
ED_PRI CAN-2000-1043 2
Vendor Acknowledgement: yes advisory

REFERENCES:
Various OS vendors reported problems in ypbind, but Mandrake is the
only one that specifically mentioned ypserv.  It is possible that the
other vendors fixed the ypserv problem but did not report it.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0958
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access
Reference: URL:http://xforce.iss.net/static/5428.php

HotJava Browser 3.0 allows remote attackers to access the DOM of a web
page by opening a javascript: URL in a named window.

Analysis
----------------
ED_PRI CAN-2000-0958 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0971
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001023 Avirt Mail 4.x DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0301.html
Reference: XF:avirt-mail-from-dos
Reference: URL:http://xforce.iss.net/static/5397.php
Reference: XF:avirt-rcpt-to-dos
Reference: URL:http://xforce.iss.net/static/5398.php

Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of
service and possible execute arbitrary commands via a long "RCPT TO"
or "MAIL FROM" command.

Analysis
----------------
ED_PRI CAN-2000-0971 3
Vendor Acknowledgement: unknown discloser ignored
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0972
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files
Reference: URL:http://xforce.iss.net/static/5410.php

HP-UX 11.00 crontab allows local users to read arbitrary files via the
-e option by creating a symlink to the target file during the crontab
session, quitting the session, and reading the error messages that
crontab generates.

Analysis
----------------
ED_PRI CAN-2000-0972 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0986
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0986
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html
Reference: XF:oracle-home-bo
Reference: URL:http://xforce.iss.net/static/5390.php

Buffer overflow in Oracle 8.1.5 applications such as names, namesctl,
onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly
allow local users to gain privileges via a long ORACLE_HOME
environmental variable.

Analysis
----------------
ED_PRI CAN-2000-0986 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION:

Multiple binaries are listed, but it's not certain if this is a
library problem (in which case, CD:SF-LOC would suggest keeping all
binaries together), or separate bugs in different programs (where
CD:SF-EXEC would suggest separating the binaries).

INCLUSION:

While an exploit is posted, it is not specified whether the affected
applications are running as setuid/setgid at the time the overflow
occurs, so it is possible that this is not exploitable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0987
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: XF:oracle-oidldap-bo
Reference: URL:http://xforce.iss.net/static/5401.php
Reference: BUGTRAQ:20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6
Reference: URL:http://www.securityfocus.com/archive/1/140340
Reference: BUGTRAQ:20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6
Reference: URL:http://www.securityfocus.com/archive/1/140709

Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain
privileges via a long "connect" command line parameter.

Analysis
----------------
ED_PRI CAN-2000-0987 3
Vendor Acknowledgement: unknown followup
Content Decisions: SF-LOC

INCLUSION:

While an exploit is posted, it is not specified whether the affected
applications are running as setuid/setgid at the time the overflow
occurs, so it is possible that this is not exploitable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0988
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001013 WinU Backdoor passwords!!!!
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0238.html
Reference: CONFIRM:http://www.bardon.com/pwdcrack.htm
Reference: BID:1801
Reference: URL:http://www.securityfocus.com/bid/1801
Reference: XF:winu-backdoor
Reference: URL:http://xforce.iss.net/static/5376.php

WinU 1.0 through 5.1 has a backdoor password that allows remote
attackers to gain access to its administrative interface and modify
configuration.

Analysis
----------------
ED_PRI CAN-2000-0988 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF-PASS

ACKNOWLEDGEMENT:

On October 20, 2000, Bardon Data Systems posted the following to
http://www.bardon.com/pwdcrack.htm:

"The emergency password mechanisms used by WinU 1.0 through 5.1, and
Full Control 1.0 through 2.6, have been compromised and published. All
users should immediately upgrade to WinU 5.2 or Full Control 2.7 as
appropriate."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0989
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: XF:intel-email-username-bo
Reference: URL:http://xforce.iss.net/static/5414.php

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service
allows remote attackers to cause a denial of service and possibly
execute commands via a long username.

Analysis
----------------
ED_PRI CAN-2000-0989 3
Vendor Acknowledgement: unknown claimed dispute

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html

I-gear 3.5.7 and earlier does not properly process log entries in
which a URL is longer than 255 characters, which allows an attacker to
cause reporting errors.

Analysis
----------------
ED_PRI CAN-2000-1007 3
Vendor Acknowledgement: unknown claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001016 Wingate 4.1 Beta A vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html
Reference: XF:wingate-view-files
Reference: URL:http://xforce.iss.net/static/5373.php

Directory traversal vulnerability in the logfile service of Wingate
4.1 Beta A and earlier allows remote attackers to read arbitrary files
via a .. (dot dot) attack via an HTTP GET request that uses encoded
characters in the URL.

Analysis
----------------
ED_PRI CAN-2000-1048 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

CD:EX-BETA does not apply because, while the most recent version
affected is a beta version, several production versions were affected
as well.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2

Allaire JRun 2.3 server allows remote attackers to obtain source code
for executable content by directly calling the SSIFilter servlet.

Analysis
----------------
ED_PRI CAN-2000-1052 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

This problem would exist even if JRun 2.3 didn't have the directory
traversal problem, therefore CD:SF-LOC suggests that this should be
recorded separately.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236125107957&w=2
Reference: ALLAIRE:ASB00-029
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full
Reference: XF:allaire-jrun-jsp-execute
Reference: URL:http://xforce.iss.net/static/5406.php

Allaire JRun 2.3.3 server allows remote attackers to compile and
execute JSP code by inserting it via a cross-site scripting (CSS)
attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP
servlet.

Analysis
----------------
ED_PRI CAN-2000-1053 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2

pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary
commands via shell metacharacters in the poll_options parameter.

Analysis
----------------
ED_PRI CAN-2000-1068 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var
Reference: URL:http://xforce.iss.net/static/5419.php

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to
access administrative functions without knowing the real password by
specifying the same value to the entered_password and admin_password
parameters.

Analysis
----------------
ED_PRI CAN-2000-1069 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2

pollit.cgi in Poll It 2.01 and earlier uses data files that are
located under the web document root, which allows remote attackers to
access sensitive or private information.

Analysis
----------------
ED_PRI CAN-2000-1070 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007