[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-44 - 28 candidates



The following cluster contains 28 candidates that were announced
between October 18 and November 12, 2000.

Note that the voting web site will not be updated with this cluster
until sometime Wednesday.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve




Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936

modprobe in the modutils 2.3.x package on Linux systems allows a local
user to execute arbitrary commands via shell metacharacters.

Analysis
----------------
ED_PRI CAN-2000-1095 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1149
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server
allows remote attackers to execute arbitrary commands via a long
username, aka the "Terminal Server Login Buffer Overflow"
vulnerability.

Analysis
----------------
ED_PRI CAN-2000-1149 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001104 Redhat 6.2 restore exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97336034309944&w=2
Reference: BID:1914
Reference: URL:http://www.securityfocus.com/bid/1914

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname
specified by the RSH environmental variable, which allows local users
to obtain root privileges by modifying the RSH variable to point to a
Trojan horse program.

Analysis
----------------
ED_PRI CAN-2000-1125 2
Vendor Acknowledgement: yes

ABSTRACTION:
The dump program is also affected (CAN-2000-1009).  CD:SF-EXEC would
suggest combining these issues into a single candidate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1131
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940

Bill Kendrick web site guestbook (GBook) allows remote attackers to
execute arbitrary commands via shell metacharacters in the _MAILTO
form variable.

Analysis
----------------
ED_PRI CAN-2000-1131 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1140
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908

Recourse ManTrap 1.6 does not properly hide processes from attackers,
which could allow attackers to determine that they are in a honeypot
system by comparing the results from kill commands with the process
listing in the /proc filesystem.

Analysis
----------------
ED_PRI CAN-2000-1140 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1141
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear
in the /proc listing, which allows attackers to determine that they
are in a honeypot system.

Analysis
----------------
ED_PRI CAN-2000-1141 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1142
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 generates an error when an attacker cd's to
/proc/self/cwd and executes the pwd command, which allows attackers to
determine that they are in a honeypot system.

Analysis
----------------
ED_PRI CAN-2000-1142 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 hides the first 4 process that run on a Solaris
system, which allows attackers to determine that they are in a
honeypot system.

Analysis
----------------
ED_PRI CAN-2000-1143 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact
that it is running, but the inode number for the resulting "/" file
system is higher than normal, which allows attackers to determine that
they are in a chroot environment.

Analysis
----------------
ED_PRI CAN-2000-1144 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 allows attackers who have gained root access to
use utilities such as crash or fsdb to read /dev/mem and raw disk
devices to identify ManTrap processes or modify arbitrary data files.

Analysis
----------------
ED_PRI CAN-2000-1145 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2

Recourse ManTrap 1.6 allows attackers to cause a denial of service via
a sequence of commands that navigate into and out of the /proc/self
directory and executing various commands such as ls or pwd.

Analysis
----------------
ED_PRI CAN-2000-1146 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906

The installation of VolanoChatPro chat server sets world-readable
permissions for its configuration file and stores the server
administrator passwords in plaintext, which allows local users to gain
privileges on the server.

Analysis
----------------
ED_PRI CAN-2000-1148 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: MS:MS00-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-060.asp

Variant of the "IIS Cross-Site Scripting" vulnerability as originally
discussed in MS:MS00-060 (CAN-2000-0746) allows a malicious web site
operator to embed scripts in a link to a trusted site, which are
returned without quoting in an error message back to the client.  The
client then executes those scripts in the same context as the trusted
site.

Analysis
----------------
ED_PRI CAN-2000-1104 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001110 IE 5.x Win2000 Indexing service vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/144270
Reference: WIN2KSEC:20001110 IE 5.x Win2000 Indexing service vulnerability
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html
Reference: BID:1933
Reference: URL:http://www.securityfocus.com/bid/1933

The ixsso.query ActiveX Object is marked as safe for scripting, which
allows malicious web site operators to embed a script that remotely
determines the existence of files on visiting Windows 2000 systems
that have Indexing Services enabled.

Analysis
----------------
ED_PRI CAN-2000-1105 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1116
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: WIN2KSEC:20001018 TransSoft's Broker FTP Server 3.x & 4.x Remote DoS attack Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0041.html
Reference: XF:broker-ftp-username-dos
Reference: URL:http://xforce.iss.net/static/5388.php

Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long command.

Analysis
----------------
ED_PRI CAN-2000-1116 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 HP-UX 10.20 resource monitor service
Reference: URL:http://www.securityfocus.com/archive/1/143845
Reference: BID:1919
Reference: URL:http://www.securityfocus.com/bid/1919

registrar in the HP resource monitor service allows local users to
read and modify arbitrary files by renaming the original registrar.log
log file and creating a symbolic link to the target file, to which
registrar appends log information and sets the permissions to be world
readable.

Analysis
----------------
ED_PRI CAN-2000-1127 3
Vendor Acknowledgement:

This may be the same as HPSBUX0011-131; need to check with HP.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: NTBUGTRAQ:20001103 Elevation of Privileges Exploit with McAfee VirusScan 4.5
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0073.html
Reference: BID:1920
Reference: URL:http://www.securityfocus.com/bid/1920

The default configuration of McAfee VirusScan 4.5 does not quote the
ImagePath variable, which improperly sets the search path and allows
local users to place a Trojan horse "common.exe" program in the
C:\Program Files directory.

Analysis
----------------
ED_PRI CAN-2000-1128 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001106 Authentix Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97353881829760&w=2
Reference: BUGTRAQ:20001107 Explanation Authentix Input Validation Error
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97362374200478&w=2
Reference: BID:1907
Reference: URL:http://www.securityfocus.com/bid/1907

Authentix Authentix100 allows remote attackers to bypass
authentication by inserting a . (dot) into the URL for a protected
directory.

Analysis
----------------
ED_PRI CAN-2000-1133 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001028 tcsh: unsafe tempfile in << redirects
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
Reference: BUGTRAQ:20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97561816504170&w=2
Reference: BUGTRAQ:20001128  /bin/sh creates insecure tmp files
Reference: URL:http://www.securityfocus.com/archive/1/146657
Reference: DEBIAN:20001111 tcsh: local exploit
Reference: URL:http://www.debian.org/security/2000/20001111a
Reference: MANDRAKE:MDKSA-2000-069
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
Reference: FREEBSD:FreeBSD-SA-00:76
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
Reference: CONECTIVA:CLSA-2000:354
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
Reference: CALDERA:CSSA-2000-043.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
Reference: CALDERA:CSSA-2000-042.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
Reference: REDHAT:RHSA-2000:117
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-117.html
Reference: REDHAT:RHSA-2000:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-121.html
Reference: MANDRAKE:MDKSA-2000:075
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
Reference: BID:1926
Reference: URL:http://www.securityfocus.com/bid/1926
Reference: BID:2006
Reference: URL:http://www.securityfocus.com/bid/2006
Reference: CONECTIVA:CLA-2000:350
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350

tcsh, csh, sh, and bash on various Unix systems follow symlinks when
processing << redirects (aka here-documents or in-here documents),
which allows local users to overwrite files of other users via a
symlink attack.

Analysis
----------------
ED_PRI CAN-2000-1134 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE, SF-EXEC

If tcsh and bash come from the same codebase as csh, then
CD:SF-CODEBASE suggests keeping them in the same entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1138
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 Lotus Notes R5 clients - no warning for broken signature or encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97370725220953&w=2
Reference: BID:1925
Reference: URL:http://www.securityfocus.com/bid/1925

Lotus Notes R5 client R5.0.5 and earlier does not properly warn users
when an S/MIME email message has been modified, which could allow an
attacker to modify the email in transit without being detected.

Analysis
----------------
ED_PRI CAN-2000-1138 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001103 IIS ASP $19.95 hack - IISHack 1.5
Reference: URL:http://www.securityfocus.com/archive/1/143070
Reference: BID:1911
Reference: URL:http://www.securityfocus.com/bid/1911

Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers
to execute arbitrary commands via a long string to the "LANGUAGE"
argument in a script tag.

Analysis
----------------
ED_PRI CAN-2000-1147 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1156
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 StarOffice 5.2 Temporary Dir Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0115.html
Reference: BID:1922
Reference: URL:http://www.securityfocus.com/bid/1922

StarOffice 5.2 follows symlinks and sets world-readable permissions
for the /tmp/soffice.tmp directory, which allows a local user to read
files of the user who is using StarOffice.

Analysis
----------------
ED_PRI CAN-2000-1156 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1157
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Remotely exploitable buffer overflow in NAI's Distributed Sniffer Agent
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0038.html
Reference: BID:1901
Reference: URL:http://www.securityfocus.com/bid/1901

Buffer overflow in NAI Sniffer Agent allows remote attackers to
execute arbitrary commands via a long SNMP community name.

Analysis
----------------
ED_PRI CAN-2000-1157 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Remotely exploitable buffer overflow in NAI's Distributed Sniffer Agent
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0038.html

NAI Sniffer Agent uses base64 encoding for authentication, which
allows attackers to sniff the network and easily decrypt usernames and
passwords.

Analysis
----------------
ED_PRI CAN-2000-1158 3
Vendor Acknowledgement:
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Remotely exploitable buffer overflow in NAI's Distributed Sniffer Agent
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0038.html
Reference: BID:1902
Reference: URL:http://www.securityfocus.com/bid/1902

NAI Sniffer Agent allows remote attackers to gain privileges on the agent
by sniffing the initial UDP authentication packets and spoofing commands.

Analysis
----------------
ED_PRI CAN-2000-1159 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Remotely exploitable buffer overflow in NAI's Distributed Sniffer Agent
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0038.html
Reference: BID:1903
Reference: URL:http://www.securityfocus.com/bid/1903

NAI Sniffer Agent allows remote attackers to cause a denial of service
(crash) by sending a large number of login requests.

Analysis
----------------
ED_PRI CAN-2000-1160 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1172
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001110 Advisory: Gaim remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0204.html
Reference: BID:1948
Reference: URL:http://www.securityfocus.com/bid/1948

Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol
allows remote attackers to conduct a denial of service and possibly
execute arbitrary commands via a long HTML tag.

Analysis
----------------
ED_PRI CAN-2000-1172 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001107 Insecure input balidation in YaBB Search.pl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0110.html
Reference: BID:1921
Reference: URL:http://www.securityfocus.com/bid/1921

Directory traversal vulnerability in YaBB search.pl CGI script allows
remote attackers to read arbitrary files via a .. (dot dot) attack in
the "catsearch" form field.

Analysis
----------------
ED_PRI CAN-2000-1176 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007