[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 234 recent candidates (Final 1/22)
I have made an Interim Decision to ACCEPT the following 234
candidates, all of which are from various RECENT-XX clusters. The
oldest cluster is RECENT-05, which was proposed almost a year ago.
I will make a Final Decision on January 22.
This is the first set of candidates that makes heavy use of MITRE's
new "right" to vote on candidates according to the latest version of
CD:VOTE as documented on October 2, 2000:
http://cve.mitre.org/board/archives/2000-10/msg00000.html
The votes of David Baker of MITRE have figured heavily in this large
set of candidates to be ACCEPTed.
This Interim Decision also includes two candidates that were
originally discovered by me, namely CAN-2000-0810 and CAN-2000-0811.
While the original Editorial Board thread describing this potential
conflict of interest quickly moved into a discussion of disclosure
practices, the process for proposing, reviewing, and ACCEPTing these
candidates has been the same as that for all other candidates. David
Baker has also abstained from voting on these candidates, in keeping
with CD:VOTE. (See
http://cve.mitre.org/board/archives/2000-09/msg00005.html and related
threads at http://cve.mitre.org/board/archives/2000-09/threads.html
for the initial discussion).
Voters:
Levy ACCEPT(29) MODIFY(1)
Wall ACCEPT(15) NOOP(133)
LeBlanc NOOP(6)
Ozancin NOOP(6)
Cole ACCEPT(160) NOOP(72)
Baker ACCEPT(163)
Frech ACCEPT(64) MODIFY(97)
TempVoter4 (aka Renaud Deraison) ACCEPT(9) NOOP(4)
Mell ACCEPT(123) NOOP(5)
Christey NOOP(41)
Armstrong NOOP(6)
Magdych ACCEPT(5) NOOP(7)
Bollinger ACCEPT(4)
<INTERIM> --> 234
ACCEPT --> 187
ACCEPT_ACK --> 47
======================================================
Candidate: CAN-2000-0048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0048
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: BID:928
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=928
Reference: XF:linux-corel-update
get_it program in Corel Linux Update allows local users to gain root
access by specifying an alternate PATH for the cp program.
Modifications:
ADDREF XF:linux-corel-update
ADDREF CONFIRM:http://linux.corel.com/support/clos_patch1.htm
INFERRED ACTION: CAN-2000-0048 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> ADDREF XF:linux-corel-update
Christey> CONFIRM:http://linux.corel.com/support/clos_patch1.htm
======================================================
Candidate: CAN-2000-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0080
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2
Reference: BID:931
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=931
Reference: XF:aix-techlibss-symbolic-link
AIX techlibss allows local users to overwrite files via a symlink
attack.
Modifications:
ADDREF XF:aix-techlibss-symbolic-link
INFERRED ACTION: CAN-2000-0080 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Bollinger
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:aix-techlibss-symbolic-link
Christey> The poster claims that some fileset "techlib.service.rte.1.0.0.4"
fixes the problem, but I can't find it in the AIX database,
so this problem is not vendor-confirmed.
======================================================
Candidate: CAN-2000-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0111
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: BID:953
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=953
Reference: XF:avt-rightfax-predict-session
The RightFax web client uses predictable session numbers, which allows
remote attackers to hijack user sessions.
Modifications:
ADDREF XF:avt-rightfax-predict-session
INFERRED ACTION: CAN-2000-0111 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:avt-rightfax-predict-session
CHANGE> [Cole changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2000-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0252
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-shell-metacharacters
Reference: URL:http://xforce.iss.net/static/4975.php
The dansie shopping cart application cart.pl allows remote attackers
to execute commands via a shell metacharacters in a form variable.
Modifications:
ADDREF XF:dansie-shell-metacharacters(4975)
INFERRED ACTION: CAN-2000-0252 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:dansie-shell-metacharacters(4975)
======================================================
Candidate: CAN-2000-0253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0253
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:shopping-cart-form-tampering
Reference: URL:http://xforce.iss.net/static/4621.php
The dansie shopping cart application cart.pl allows remote attackers
to modify sensitive purchase information via hidden form fields.
Modifications:
ADDREF XF:shopping-cart-form-tampering(4621)
INFERRED ACTION: CAN-2000-0253 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:shopping-cart-form-tampering(4621)
======================================================
Candidate: CAN-2000-0254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0254
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: XF:dansie-form-variables
Reference: URL:http://xforce.iss.net/static/4954.php
The dansie shopping cart application cart.pl allows remote attackers
to obtain the shopping cart database and configuration information via
a URL that references either the env, db, or vars form variables.
Modifications:
ADDREF XF:dansie-form-variables(4954)
INFERRED ACTION: CAN-2000-0254 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:dansie-form-variables(4954)
======================================================
Candidate: CAN-2000-0255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0255
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: XF:nbase-xyplex-router
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a
denial of service via a scan for the FormMail CGI program.
Modifications:
ADDREF XF:nbase-xyplex-router
INFERRED ACTION: CAN-2000-0255 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:nbase-xyplex-router
======================================================
Candidate: CAN-2000-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0276
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: XF:beos-syscall-dos
BeOS 4.5 and 5.0 allow local users to cause a denial of service via
malformed direct system calls using interrupt 37.
Modifications:
ADDREF XF:beos-syscall-dos
INFERRED ACTION: CAN-2000-0276 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:beos-syscall-dos
======================================================
Candidate: CAN-2000-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0278
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: XF:eviewer-admin-request-dos
The SalesLogix Eviewer allows remote attackers to cause a denial of
service by accessing the URL for the slxweb.dll administration
program, which does not authenticate the user.
Modifications:
ADDREF XF:eviewer-admin-request-dos
INFERRED ACTION: CAN-2000-0278 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:eviewer-admin-request-dos
======================================================
Candidate: CAN-2000-0283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0283
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: XF:irix-pmcd-info
The default installation of IRIX Performance Copilot allows remote
attackers to access sensitive system information via the pmcd daemon.
Modifications:
ADDREF XF:irix-pmcd-info
INFERRED ACTION: CAN-2000-0283 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:irix-pmcd-info
======================================================
Candidate: CAN-2000-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0287
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: XF:http-cgi-bizdb
The BizDB CGI script bizdb-search.cgi allows remote attackers to
execute arbitrary commands via shell metacharacters in the dbname
parameter.
Modifications:
ADDREF XF:http-cgi-bizdb
INFERRED ACTION: CAN-2000-0287 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:http-cgi-bizdb
======================================================
Candidate: CAN-2000-0292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0292
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: XF:adtran-ping-dos
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a
denial of service via a ping flood to the Ethernet interface, which
causes the device to crash.
Modifications:
ADDREF XF:adtran-ping-dos
INFERRED ACTION: CAN-2000-0292 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> ADDREF XF:adtran-ping-dos
Frech> XF:adtran-ping-dos
======================================================
Candidate: CAN-2000-0296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0296
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: XF:fcheck-shell
fcheck allows local users to gain privileges by embedding shell
metacharacters into file names that are processed by fcheck.
Modifications:
ADDREF XF:fcheck-shell
INFERRED ACTION: CAN-2000-0296 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Frech> XF:fcheck-shell
Christey> There is no apparent vendor acknowledgement; however, I
reviewed the source code, and the vulnerable system()
call is now being called in the safe fashion (i.e. splitting
command-line arguments out as separate parameters to the
system function itself). This, in conjunction with the
code mentioned in the discloser's original post, shows
conclusively that the code was modified. The version of
source code that I reviewed was 2.7.51.
Christey> http://sites.netscape.net/fcheck/FCheck_2.07.51.tar.gz
Line 385 of 2.07.51 seems to be fixed. While the filename
isn't being cleansed, system() is being called with multiple
arguments, so the metacharacters aren't being executed in a
shell context.
======================================================
Candidate: CAN-2000-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0341
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: XF:nntpserver-cassandra-bo
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a
denial of service via a long login name.
Modifications:
ADDREF XF:nntpserver-cassandra-bo
INFERRED ACTION: CAN-2000-0341 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(4) Wall, Ozancin, Cole, Armstrong
Voter Comments:
Frech> XF:nntpserver-cassandra-bo
======================================================
Candidate: CAN-2000-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0488
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:http://xforce.iss.net/static/4580.php
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to
execute arbitrary commands via a long RCPT TO mail command.
Modifications:
ADDREF XF:ithouse-rcpt-overflow(4580)
INFERRED ACTION: CAN-2000-0488 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole
Voter Comments:
Frech> XF:ithouse-rcpt-overflow(4580)
======================================================
Candidate: CAN-2000-0498
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0498
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:http://xforce.iss.net/static/4649.php
Unify eWave ServletExec allows a remote attacker to view source code
of a JSP program by requesting a URL which provides the JSP extension
in upper case.
Modifications:
ADDREF XF:ewave-servletexec-jsp-source-read(4649)
INFERRED ACTION: CAN-2000-0498 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole
Voter Comments:
Frech> XF:ewave-servletexec-jsp-source-read(4649)
======================================================
Candidate: CAN-2000-0523
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0523
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: XF:eserv-logging-overflow
Reference: URL:http://xforce.iss.net/static/4614.php
Buffer overflow in the logging feature of EServ 2.9.2 and earlier
allows an attacker to execute arbitrary commands via a long MKD
command.
Modifications:
ADDREF XF:eserv-logging-overflow(4614)
INFERRED ACTION: CAN-2000-0523 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole
Voter Comments:
Frech> XF:eserv-logging-overflow(4614)
======================================================
Candidate: CAN-2000-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0542
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: XF:tigris-radius-login-failure
Reference: URL:http://xforce.iss.net/static/4705.php
Tigris remote access server before 11.5.4.22 does not properly record
Radius accounting information when a user fails the initial login
authentication but subsequently succeeds.
Modifications:
ADDREF XF:tigris-radius-login-failure(4705)
INFERRED ACTION: CAN-2000-0542 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole
Voter Comments:
Christey> XF:tigris-radius-login-failure
Frech> XF:tigris-radius-login-failure(4705)
======================================================
Candidate: CAN-2000-0565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0565
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344
Reference: XF:smartftp-directory-traversal
Reference: URL:http://xforce.iss.net/static/4706.php
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by
uploading and specifying an alternate user configuration file via a
.. (dot dot) attack.
Modifications:
ADDREF XF:smartftp-directory-traversal(4706)
INFERRED ACTION: CAN-2000-0565 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole
Voter Comments:
Christey> XF:smartftp-directory-traversal
Frech> XF:smartftp-directory-traversal(4706)
======================================================
Candidate: CAN-2000-0672
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0672
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html
Reference: BID:1548
Reference: URL:http://www.securityfocus.com/bid/1548
Reference: XF:jakarta-tomcat-admin
Reference: URL:http://xforce.iss.net/static/5160.php
The default configuration of Jakarta Tomcat does not restrict access
to the /admin context, which allows remote attackers to read arbitrary
files by directly calling the administrative servlets to add a context
for the root directory.
Modifications:
ADDREF XF:jakarta-tomcat-admin(5160)
ADDREF ADDREF BID:1548
INFERRED ACTION: CAN-2000-0672 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Christey, Cole
Voter Comments:
Frech> XF:jakarta-tomcat-admin(5160)
Christey> ADDREF BID:1548
Christey> ADDREF BID:1548
URL:http://www.securityfocus.com/bid/1548
CHANGE> [Levy changed vote from REVIEWING to ACCEPT]
======================================================
Candidate: CAN-2000-0679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0679
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000728 cvs security problem
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Reference: BID:1523
Reference: URL:http://www.securityfocus.com/bid/1523
Reference: XF:cvs-client-creates-file
The CVS 1.10.8 client trusts pathnames that are provided by the CVS
server, which allows the server to force the client to create
arbitrary files.
Modifications:
XF:cvs-client-creates-file
INFERRED ACTION: CAN-2000-0679 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(2) Wall, Cole
Voter Comments:
Frech> XF:cvs-client-creates-file
======================================================
Candidate: CAN-2000-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0698
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/77361
Reference: BID:1599
Reference: URL:http://www.securityfocus.com/bid/1599
Reference: XF:minicom-capture-groupown
Reference: URL:http://xforce.iss.net/static/5151.php
Minicom 1.82.1 and earlier on some Linux systems allows local users to
create arbitrary files owned by the uucp user via a symlink attack.
Modifications:
ADDREF XF:minicom-capture-groupown
DESC mention only uucp-owned files that are affected.
INFERRED ACTION: CAN-2000-0698 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
MODIFY(1) Frech
NOOP(3) Wall, Christey, Cole
Voter Comments:
Frech> XF:minicom-capture-groupown
Christey> Change phrasing to indicate that it's only uucp-owned files
that can be affected.
ADDREF XF:minicom-capture-groupown
http://xforce.iss.net/static/5151.php
Frech> XF:minicom-capture-groupown(5151)
======================================================
Candidate: CAN-2000-0702
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0702
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html
Reference: BID:1602
Reference: URL:http://www.securityfocus.com/bid/1602
Reference: XF:hp-netinit-symlink
Reference: URL:http://xforce.iss.net/static/5131.php
The net.init rc script in HP-UX 11.00 (S008net.init) allows local
users to overwrite arbitrary files via a symlink attack that points
from /tmp/stcp.conf to the targeted file.
Modifications:
ADDREF XF:hp-netinit-symlink(5131)
INFERRED ACTION: CAN-2000-0702 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Frech> XF:hp-netinit-symlink
Christey> XF:hp-netinit-symlink
http://xforce.iss.net/static/5131.php
Frech> XF:hp-netinit-symlink(5131)
======================================================
Candidate: CAN-2000-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0716
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459
Reference: BID:1553
Reference: URL:http://www.securityfocus.com/bid/1553
Reference: XF:mdaemon-session-id-hijack
Reference: URL:http://xforce.iss.net/static/5070.php
WorldClient email client in MDaemon 2.8 includes the session ID in the
referer field of an HTTP request when the user clicks on a URL, which
allows the visited web site to hijcak the session ID and read the
user's email.
Modifications:
ADDREF XF:mdaemon-session-id-hijack(5070)
INFERRED ACTION: CAN-2000-0716 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> XF:mdaemon-session-id-hijack
http://xforce.iss.net/static/5070.php
Frech> XF:mdaemon-session-id-hijack(5070)
======================================================
Candidate: CAN-2000-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0729
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:41
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html
Reference: BID:1625
Reference: URL:http://www.securityfocus.com/bid/1625
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of
service by executing a program with a malformed ELF image header.
INFERRED ACTION: CAN-2000-0729 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
NOOP(2) Cole, Wall
======================================================
Candidate: CAN-2000-0732
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0732
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: XF:wormhttp-filename-dos
Reference: URL:http://xforce.iss.net/static/5149.php
Worm HTTP server allows remote attackers to cause a denial of service
via a long URL.
Modifications:
ADDREF XF:wormhttp-filename-dos(5149)
INFERRED ACTION: CAN-2000-0732 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Levy
NOOP(2) Christey, Wall
Voter Comments:
Christey> XF:wormhttp-filename-dos
http://xforce.iss.net/static/5149.php
======================================================
Candidate: CAN-2000-0738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0738
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html
Reference: BID:1589
Reference: URL:http://www.securityfocus.com/bid/1589
Reference: XF:webshield-smtp-dos
Reference: URL:http://xforce.iss.net/static/5100.php
WebShield SMTP 4.5 allows remote attackers to cause a denial of
service by sending e-mail with a From: address that has a . (period)
at the end, which causes WebShield to continuously send itself copies
of the e-mail.
Modifications:
ADDREF XF:webshield-smtp-dos(5100)
INFERRED ACTION: CAN-2000-0738 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> XF:webshield-smtp-dos
http://xforce.iss.net/static/5100.php
Frech> XF:webshield-smtp-dos(5100)
======================================================
Candidate: CAN-2000-0749
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0749
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:42
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html
Reference: BID:1628
Reference: URL:http://www.securityfocus.com/bid/1628
Buffer overflow in the Linux binary compatibility module in FreeBSD
3.x through 5.x allows local users to gain root privileges via long
filenames in the linux shadow file system.
Modifications:
DESC fix typo: "compatibility"
INFERRED ACTION: CAN-2000-0749 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> fix typo: "compatibility"
======================================================
Candidate: CAN-2000-0762
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0762
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: CF
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: BID:1583
Reference: URL:http://www.securityfocus.com/bid/1583
Reference: XF:etrust-access-control-default
Reference: URL:http://xforce.iss.net/static/5076.php
The default installation of eTrust Access Control (formerly SeOS) uses
a default encryption key, which allows remote attackers to spoof the
eTrust administrator and gain privileges.
Modifications:
ADDREF XF:etrust-access-control-default(5076)
INFERRED ACTION: CAN-2000-0762 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> XF:etrust-access-control-default
http://xforce.iss.net/static/5076.php
Frech> XF:etrust-access-control-default(5076)
======================================================
Candidate: CAN-2000-0764
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0764
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html
Reference: BID:1609
Reference: URL:http://www.securityfocus.com/bid/1609
Reference: XF:intel-express-switch-dos
Reference: URL:http://xforce.iss.net/static/5154.php
Intel Express 500 series switches allow a remote attacker to cause a
denial of service via a malformed IP packet.
Modifications:
ADDREF XF:intel-express-switch-dos(5154)
INFERRED ACTION: CAN-2000-0764 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Levy
NOOP(2) Christey, Wall
Voter Comments:
Christey> XF:intel-express-switch-dos(5154)
======================================================
Candidate: CAN-2000-0766
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0766
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com
Reference: BID:1610
Reference: URL:http://www.securityfocus.com/bid/1610
Reference: XF:vqserver-get-dos
Reference: URL:http://xforce.iss.net/static/5152.php
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to
cause a denial of service or possibly gain privileges via a long HTTP
GET request.
Modifications:
ADDREF XF:vqserver-get-dos(5152)
INFERRED ACTION: CAN-2000-0766 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> XF:vqserver-get-dos
http://xforce.iss.net/static/5152.php
Frech> XF:vqserver-get-dos(5152)
======================================================
Candidate: CAN-2000-0783
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0783
Final-Decision:
Interim-Decision: 20010117
Modified: 200116-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html
Reference: BID:1573
Reference: URL:http://www.securityfocus.com/bid/1573
Reference: XF:firebox-url-dos
Reference: URL:http://xforce.iss.net/static/5098.php
Watchguard Firebox II allows remote attackers to cause a denial of
service by sending a malformed URL to the authentication service on
port 4100.
Modifications:
ADDREF XF:firebox-url-dos(5098)
INFERRED ACTION: CAN-2000-0783 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Levy
MODIFY(1) Frech
NOOP(3) Christey, Cole, Wall
Voter Comments:
Christey> XF:firebox-url-dos
http://xforce.iss.net/static/5098.php
Frech> XF:firebox-url-dos(5098)
======================================================
Candidate: CAN-2000-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0804
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Reference: XF:fw1-remote-bypass
Reference: URL:http://xforce.iss.net/static/5468.php
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to bypass the directionality check via fragmented TCP connection
requests or reopening closed TCP connection requests, aka "One-way
Connection Enforcement Bypass."
Modifications:
ADDREF XF:fw1-remote-bypass(5468)
INFERRED ACTION: CAN-2000-0804 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-remote-bypass(5468)
======================================================
Candidate: CAN-2000-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0805
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
Reference: XF:fw1-client-spoof
Reference: URL:http://xforce.iss.net/static/5469.php
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits
encapsulated FWS packets, even if they do not come from a valid FWZ
client, aka "Retransmission of Encapsulated Packets."
Modifications:
ADDREF XF:fw1-client-spoof(5469)
INFERRED ACTION: CAN-2000-0805 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-client-spoof(5469)
======================================================
Candidate: CAN-2000-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0806
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
Reference: XF:fw1-fwa1-auth-replay
Reference: URL:http://xforce.iss.net/static/5162.php
The inter-module authentication mechanism (fwa1) in Check Point
VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct
a denial of service, aka "Inter-module Communications Bypass."
Modifications:
ADDREF XF:fw1-fwa1-auth-replay(5162)
INFERRED ACTION: CAN-2000-0806 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-fwa1-auth-replay(5162)
======================================================
Candidate: CAN-2000-0807
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0807
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
Reference: XF:fw1-opsec-auth-spoof
Reference: URL:http://xforce.iss.net/static/5471.php
The OPSEC communications authentication mechanism (fwn1) in Check
Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to
spoof connections, aka the "OPSEC Authentication Vulnerability."
Modifications:
ADDREF XF:fw1-opsec-auth-spoof(5471)
INFERRED ACTION: CAN-2000-0807 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-opsec-auth-spoof(5471)
======================================================
Candidate: CAN-2000-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0808
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Reference: XF:fw1-localhost-auth
Reference: URL:http://xforce.iss.net/static/5137.php
The seed generation mechanism in the inter-module S/Key authentication
mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows
remote attackers to bypass authentication via a brute force attack,
aka "One-time (s/key) Password Authentication."
Modifications:
ADDREF XF:fw1-localhost-auth(5137)
DESC Correct typo: "mecahnism"
INFERRED ACTION: CAN-2000-0808 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Christey, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-localhost-auth(5137)
Christey> Correct typo: "mecahnism"
======================================================
Candidate: CAN-2000-0809
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0809
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000925
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Reference: XF:fw1-getkey-bo
Reference: URL:http://xforce.iss.net/static/5139.php
Buffer overflow in Getkey in the protocol checker in the inter-module
communication mechanism in Check Point VPN-1/FireWall-1 4.1 and
earlier allows remote attackers to cause a denial of service.
Modifications:
ADDREF XF:fw1-getkey-bo(5139)
INFERRED ACTION: CAN-2000-0809 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:fw1-getkey-bo(5139)
======================================================
Candidate: CAN-2000-0810
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1782
Reference: XF:auction-weaver-delete-files
Reference: URL:http://xforce.iss.net/static/5371.php
Auction Weaver 1.0 through 1.04 does not properly validate the names
of form fields, which allows remote attackers to delete arbitrary
files and directories via a .. (dot dot) attack.
Modifications:
ADDREF XF:auction-weaver-delete-files(5371)
INFERRED ACTION: CAN-2000-0810 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Christey, Mell
Voter Comments:
Frech> XF:auction-weaver-username-bidfile(5372)
Christey> Actually, the reference is XF:auction-weaver-delete-files(5371)
======================================================
Candidate: CAN-2000-0811
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20000926
Category: SF
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: BID:1783
Reference: XF:auction-weaver-username-bidfile
Reference: URL:http://xforce.iss.net/static/5372.php
Auction Weaver 1.0 through 1.04 allows remote attackers to read
arbitrary files via a .. (dot dot) attack on the username or bidfile
form fields.
Modifications:
ADDREF XF:auction-weaver-username-bidfile(5372)
INFERRED ACTION: CAN-2000-0811 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(1) Mell
Voter Comments:
Frech> XF:auction-weaver-username-bidfile(5372)
======================================================
Candidate: CAN-2000-0812
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0812
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000926
Category: CF
Reference: SUN:00197
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/197&type=0&nav=sec.sba
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2542
Reference: BID:1600
Reference: URL:http://www.securityfocus.com/bid/1600
Reference: XF:sunjava-webadmin-bbs
Reference: URL:http://xforce.iss.net/static/5135.php
The administration module in Sun Java web server allows remote
attackers to execute arbitrary commands by uploading Java code to the
module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet
by requesting a URL that begins with a /servlet/ tag.
Modifications:
ADDREF XF:sunjava-webadmin-bbs(5135)
ADDREF BID:1600
INFERRED ACTION: CAN-2000-0812 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(2) Frech, Levy
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:sunjava-webadmin-bbs(5135)
Levy> BID 1600
======================================================
Candidate: CAN-2000-0813
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0813
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20000926
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Reference: XF:fw1-ftp-redirect
Reference: URL:http://xforce.iss.net/static/5474.php
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers
to redirect FTP connections to other servers ("FTP Bounce") via
invalid FTP commands that are processed improperly by FireWall-1, aka
"FTP Connection Enforcement Bypass."
Modifications:
ADDREF XF:fw1-ftp-redirect(5474)
INFERRED ACTION: CAN-2000-0813 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:fw1-ftp-redirect(5474)
======================================================
Candidate: CAN-2000-0824
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0824
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/0992.html
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: URL:http://www.securityfocus.com/archive/1/79537
Reference: CALDERA:CSSA-2000-028.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: MANDRAKE:MDKSA-2000:040
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
Reference: MANDRAKE:MDKSA-2000:045
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Reference: REDHAT:RHSA-2000:057-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-04.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: SUSE:20000924 glibc locale security problem
Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Reference: BID:648
Reference: URL:http://www.securityfocus.com/bid/648
Reference: BID:1639
Reference: URL:http://www.securityfocus.com/bid/1639
Reference: XF:glibc-ld-unsetenv
Reference: URL:http://xforce.iss.net/static/5173.php
The unsetenv function in glibc 2.1.1 does not properly unset an
environmental variable if the variable is provided twice to a program,
which could allow local users to execute arbitrary commands in setuid
programs by specifying their own duplicate environmental variables
such as LD_PRELOAD or LD_LIBRARY_PATH.
Modifications:
ADDREF XF:glibc-ld-unsetenv(5173)
INFERRED ACTION: CAN-2000-0824 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:glibc-ld-unsetenv(5173)
======================================================
Candidate: CAN-2000-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001015
Category: CF
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: MS:MS00-067
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: XF:win2k-telnet-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5242.php
The Windows 2000 telnet client attempts to perform NTLM authentication
by default, which allows remote attackers to capture and replay the
NTLM challenge/response via a telnet:// URL that points to the
malicious server, aka the "Windows 2000 Telnet Client NTLM
Authentication" vulnerability.
INFERRED ACTION: CAN-2000-0834 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Frech, Baker, Magdych, Cole, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Magdych> ACKNOWLEDGED-BY-VENDOR
======================================================
Candidate: CAN-2000-0837
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0837
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/73843
Reference: BID:1543
Reference: URL:http://www.securityfocus.com/bid/1543
Reference: XF:servu-null-character-dos
Reference: URL:http://xforce.iss.net/static/5029.php
FTP Serv-U 2.5e allows remote attackers to cause a denial of service
by sending a large number of null bytes.
INFERRED ACTION: CAN-2000-0837 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:servu-null-character-dos(5029)
======================================================
Candidate: CAN-2000-0844
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0844
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: CALDERA:CSSA-2000-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
Reference: REDHAT:RHSA-2000-057-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-02.html
Reference: SUSE:20000906 glibc locale security problem
Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: AIXAPAR:IY13753
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Reference: COMPAQ:SSRT0689U
Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
Reference: SGI:20000901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://www.securityfocus.com/archive/1/79960
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634
Some functions that implement the locale subsystem on Unix do not
properly cleanse user-injected format strings, which allows local attackers
to execute arbitrary commands via functions such as gettext and catopen.
Modifications:
ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
ADDREF DEBIAN:20000902 glibc: local root exploit
ADDREF CALDERA:CSSA-2000-030.0
ADDREF REDHAT:RHSA-2000-057-02
ADDREF SUSE:20000906 glibc locale security problem
ADDREF TURBO:TLSA2000020-1
ADDREF AIXAPAR:IY13753
ADDREF COMPAQ:SSRT0689U
ADDREF SGI:20000901-01-P
INFERRED ACTION: CAN-2000-0844 ACCEPT (3 accept, 6 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Bollinger
NOOP(2) Christey, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Christey> ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
http://www.securityfocus.com/archive/1/79960
DEBIAN:20000902 glibc: local root exploit
http://www.debian.org/security/2000/20000902
CALDERA:CSSA-2000-030.0
http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
REDHAT:RHSA-2000-057-02
http://www.redhat.com/support/errata/RHSA-2000-057-02.html
SUSE:20000906 glibc locale security problem
http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt
TURBO:TLSA2000020-1
http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Christey> ADDREF AIXAPAR:IY13753
http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Christey> ADDREF COMPAQ:SSRT0689U
URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
ADDREF SGI:20000901-01-P
URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
======================================================
Candidate: CAN-2000-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0846
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Reference: BID:1598
Reference: URL:http://www.securityfocus.com/bid/1598
Reference: XF:darxite-login-bo
Reference: URL:http://xforce.iss.net/static/5134.php
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to
execute arbitrary commands via a long username or password.
INFERRED ACTION: CAN-2000-0846 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:darxite-login-bo(5143)
======================================================
Candidate: CAN-2000-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0847
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687
Buffer overflow in University of Washington c-client library (used by
pine and other programs) allows remote attackers to execute arbitrary
commands via a long X-Keywords header.
INFERRED ACTION: CAN-2000-0847 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: XF:websphere-header-dos
Reference: URL:http://xforce.iss.net/static/5252.php
Buffer overflow in IBM WebSphere web application server (WAS) allows
remote attackers to execute arbitrary commands via a long Host:
request header.
INFERRED ACTION: CAN-2000-0848 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Magdych, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0849
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0849
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: MS:MS00-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655
Race condition in Microsoft Windows Media server allows remote attackers
to cause a denial of service in the Windows Media Unicast Service via a
malformed request, aka the "Unicast Service Race Condition" vulnerability.
INFERRED ACTION: CAN-2000-0849 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5230.php
Netegrity SiteMinder before 4.11 allows remote attackers to bypass
its authentication mechanism by appending "$/FILENAME.ext" (where ext
is .ccc, .class, or .jpg) to the requested URL.
INFERRED ACTION: CAN-2000-0850 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Magdych, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0851
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: MS:MS00-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: XF:w2k-still-image-service
Reference: URL:http://xforce.iss.net/static/5203.php
Buffer overflow in the Still Image Service in Windows 2000 allows local
users to gain additional privileges via a long WM_USER message, aka the
"Still Image Service Privilege Escalation" vulnerability.
INFERRED ACTION: CAN-2000-0851 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: XF:freebsd-eject-port
Reference: URL:http://xforce.iss.net/static/5248.php
Multiple buffer overflows in eject on FreeBSD and possibly other OSes
allows local users to gain root privileges.
INFERRED ACTION: CAN-2000-0852 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Baker, Magdych, Cole
NOOP(1) Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Magdych> ACKNOWLEDGED-BY-VENDOR
======================================================
Candidate: CAN-2000-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: XF:yabb-file-access
Reference: URL:http://xforce.iss.net/static/5254.php
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
INFERRED ACTION: CAN-2000-0853 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Magdych, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0858
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0858
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: XF:iis-invald-url-dos
Reference: URL:http://xforce.iss.net/static/5202.php
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to
cause a denial of service in IIS by sending it a series of malformed
requests which cause INETINFO.EXE to fail, aka the "Invalid URL"
vulnerability.
INFERRED ACTION: CAN-2000-0858 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0860
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: XF:php-file-upload
Reference: URL:http://xforce.iss.net/static/5190.php
The file upload capability in PHP versions 3 and 4 allows remote
attackers to read arbitrary files by setting hidden form fields whose
names match the names of internal PHP script variables.
INFERRED ACTION: CAN-2000-0860 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0861
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667
Mailman 1.1 allows list administrators to execute arbitrary commands
via shell metacharacters in the %(listname) macro expansion.
INFERRED ACTION: CAN-2000-0861 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Christey, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Christey> Mention the external archiving mechanism?
======================================================
Candidate: CAN-2000-0862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0862
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ALLAIRE:ASB00-23
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html
Reference: XF:allaire-spectra-admin-access
Reference: URL:http://xforce.iss.net/static/5466.php
Vulnerability in an administrative interface utility for Allaire
Spectra 1.0.1 allows remote attackers to read and modify sensitive
configuration information.
Modifications:
ADDREF XF:allaire-spectra-admin-access(5466)
INFERRED ACTION: CAN-2000-0862 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:allaire-spectra-admin-access(5466)
======================================================
Candidate: CAN-2000-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html
Reference: XF:listmanager-port-bo
Reference: URL:http://xforce.iss.net/static/5503.php
Buffer overflow in listmanager earlier than 2.105.1 allows local users
to gain additional privileges.
Modifications:
ADDREF XF:listmanager-port-bo(5503)
INFERRED ACTION: CAN-2000-0863 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Magdych, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Magdych> ACKNOWLEDGED-BY-VENDOR
Frech> XF:listmanager-port-bo(5503)
======================================================
Candidate: CAN-2000-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0864
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: FREEBSD:FreeBSD-SA-00:45
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html
Reference: MANDRAKE:MDKSA-2000:051
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm
Reference: REDHAT:RHSA-2000:077-03
Reference: DEBIAN:20001008 esound: race condition
Reference: URL:http://www.debian.org/security/2000/20001008
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
Reference: SUSE:20001012 esound daemon race condition
Reference: URL:http://www.suse.de/de/support/security//esound_daemon_race_condition.txt
Reference: BID:1659
Reference: URL:http://www.securityfocus.com/bid/1659
Reference: XF:gnome-esound-symlink
Reference: URL:http://xforce.iss.net/static/5213.php
Race condition in the creation of a Unix domain socket in GNOME esound
0.2.19 and earlier allows a local user to change the permissions of
arbitrary files and directories, and gain additional privileges, via a
symlink attack.
Modifications:
ADDREF XF:gnome-esound-symlink(5213)
ADDREF DEBIAN:20001008 esound: race condition
ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound
ADDREF SUSE:20001012 esound daemon race condition
INFERRED ACTION: CAN-2000-0864 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Christey, Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
Frech> XF:gnome-esound-symlink(5213)
Christey> ADDREF DEBIAN:20001008 esound: race condition
http://www.debian.org/security/2000/20001008
ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound
http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
ADDREF SUSE:20001012 esound daemon race condition
http://www.suse.de/de/support/security//esound_daemon_race_condition.txt
======================================================
Candidate: CAN-2000-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697
Reference: XF:doublevision-dvtermtype-bo
Reference: URL:http://xforce.iss.net/static/5261.php
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows
local users to gain root privileges via a long terminal type argument.
Modifications:
ADDREF XF:doublevision-dvtermtype-bo(5261)
INFERRED ACTION: CAN-2000-0865 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(3) Magdych, Christey, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Christey> ADDREF XF:doublevision-dvtermtype-bo
URL:http://xforce.iss.net/static/5261.php
Frech> XF:doublevision-dvtermtype-bo(5261)
======================================================
Candidate: CAN-2000-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: REDHAT:RHSA-2000:061-02
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: CALDERA:CSSA-2000-032.0
Reference: TURBO:TLSA2000022-2
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: URL:http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2
Reference: XF:klogd-format-string
Reference: URL:http://xforce.iss.net/static/5259.php
Kernel logging daemon (klogd) in Linux does not properly cleanse
user-injected format strings, which allows local users to gain root
privileges by triggering malformed kernel messages.
Modifications:
ADDREF TURBO:TLSA2000022-2
ADDREF SUSE:20000920 syslogd + klogd format string parsing error
ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
INFERRED ACTION: CAN-2000-0867 ACCEPT (4 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Baker, Magdych, Cole
NOOP(2) Christey, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Magdych> ACKNOWLEDGED-BY-VENDOR
Christey> ADDREF TURBO:TLSA2000022-2
http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
ADDREF SUSE:20000920 syslogd + klogd format string parsing error
http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt
Christey> ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
======================================================
Candidate: CAN-2000-0868
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0868
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: XF:suse-apache-cgi-source-code
Reference: URL:http://xforce.iss.net/static/5197.php
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows
remote attackers to read source code for CGI scripts by replacing the
/cgi-bin/ in the requested URL with /cgi-bin-sdb/.
INFERRED ACTION: CAN-2000-0868 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0869
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: XF:apache-webdav-directory-listings
Reference: URL:http://xforce.iss.net/static/5204.php
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables
WebDAV, which allows remote attackers to list arbitrary diretories via
the PROPFIND HTTP request method.
INFERRED ACTION: CAN-2000-0869 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: XF:eftp-bo
Reference: URL:http://xforce.iss.net/static/5219.php
Buffer overflow in EFTP allows remote attackers to cause a denial of
service via a long string.
INFERRED ACTION: CAN-2000-0870 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Magdych, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: XF:eftp-newline-dos
Reference: URL:http://xforce.iss.net/static/5220.php
Buffer overflow in EFTP allows remote attackers to cause a denial of
service by sending a string that does not contain a newline, then
disconnecting from the server.
INFERRED ACTION: CAN-2000-0871 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Magdych, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0873
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: XF:aix-clear-netstat
Reference: URL:http://xforce.iss.net/static/5214.php
netstat in AIX 4.x.x does not properly restrict access to the -Zi
option, which allows local users to clear network interface statistics
and possibly hiding evidence of unusual network activities.
INFERRED ACTION: CAN-2000-0873 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Bollinger
NOOP(1) Wall
Voter Comments:
Cole> INDEPENDENT-CONFIRMATION
======================================================
Candidate: CAN-2000-0878
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669
Reference: XF:mailto-piped-address
Reference: URL:http://xforce.iss.net/static/5241.php
The mailto CGI script allows remote attacker to execute arbitrary
commands via shell metacharacters in the emailadd form field.
Modifications:
ADDREF XF:mailto-piped-address(5241)
DESC Fix typo: "metacharactwers"
INFERRED ACTION: CAN-2000-0878 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(3) Magdych, Christey, Wall
Voter Comments:
Cole> HAS-INDEPENDENT-CONFIRMATION
Christey> Correct Barbara Walters-style spelling of "metacharactwers"
Christey> ADDREF XF:mailto-piped-address
Frech> XF:mailto-piped-address(5241)
======================================================
Candidate: CAN-2000-0883
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001018
Assigned: 20001018
Category: CF
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: XF:linux-mod-perl
Reference: URL:http://xforce.iss.net/static/5257.php
The default configuration of mod_perl for Apache as installed on
Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be
browseable, which allows remote attackers to list the contents of that
directory.
INFERRED ACTION: CAN-2000-0883 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Magdych
NOOP(2) Cole, Wall
Voter Comments:
Magdych> ACKNOWLEDGED-BY-VENDOR
======================================================
Candidate: CAN-2000-0884
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001019
Category: SF
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp
Reference: BID:1806
Reference: XF:iis-unicode-translation
Reference: URL:http://xforce.iss.net/static/5377.php
IIS 4.0 and 5.0 allows remote attackers to read documents outside of
the web root, and possibly execute arbitrary commands, via malformed
URLs that contain UNICODE encoded characters, aka the "Web Server
Folder Traversal" vulnerability.
Modifications:
ADDREF XF:iis-unicode-translation(5377)
INFERRED ACTION: CAN-2000-0884 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:iis-unicode-translation(5377)
======================================================
Candidate: CAN-2000-0886
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001102
Category: SF
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&
Reference: MS:MS00-086
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912
IIS 5.0 allows remote attackers to execute arbitrary commands via a
malformed request for an executable file whose name is appended with
operating system commands, aka the "Web Server File Request Parsing"
vulnerability.
INFERRED ACTION: CAN-2000-0886 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by making a compressed zone transfer (ZXFR) request
and performing a name service query on an authoritative record that is
not cached, aka the "zxfr bug."
Modifications:
ADDREF DEBIAN:20001112 bind: remote Denial of Service
ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
ADDREF SUSE:SuSE-SA:2000:45
ADDREF IBM:ERS-SVA-E01-2000:005.1
INFERRED ACTION: CAN-2000-0887 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cole, Mell, TempVoter4
NOOP(1) Christey
Voter Comments:
Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service
http://www.debian.org/security/2000/20001112
ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
SUSE:SuSE-SA:2000:45
http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
ADDREF IBM:ERS-SVA-E01-2000:005.1
======================================================
Candidate: CAN-2000-0888
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001114
Category: SF
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: REDHAT:RHSA-2000:107-01
Reference: MANDRAKE:MDKSA-2000:067
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a
denial of service by sending an SRV record to the server, aka the "srv
bug."
Modifications:
ADDREF DEBIAN:20001112 bind: remote Denial of Service
ADDREF IBM:ERS-SVA-E01-2000:005.1
ADDREF SUSE:SuSE-SA:2000:45
INFERRED ACTION: CAN-2000-0888 ACCEPT_ACK (2 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
NOOP(1) Christey
Voter Comments:
Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service
http://www.debian.org/security/2000/20001112
ADDREF IBM:ERS-SVA-E01-2000:005.1
SUSE:SuSE-SA:2000:45
http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
======================================================
Candidate: CAN-2000-0900
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0900
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
Reference: XF:acme-thttpd-ssi
Reference: URL:http://xforce.iss.net/static/5313.php
Reference: BID:1737
Reference: URL:http://www.securityfocus.com/bid/1737
Directory traversal vulnerability in ssi CGI program in thttpd 2.19
and earlier allows remote attackers to read arbitrary files via a
"%2e%2e" string, a variation of the .. (dot dot) attack.
Modifications:
ADDREF FREEBSD:FreeBSD-SA-00:73
INFERRED ACTION: CAN-2000-0900 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(2) Christey, Wall
Voter Comments:
Christey> ADDREF FREEBSD:FreeBSD-SA-00:73
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
======================================================
Candidate: CAN-2000-0901
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0901
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/80178
Reference: DEBIAN:20000902 screen: local exploit
Reference: URL:http://www.debian.org/security/2000/20000902a
Reference: MANDRAKE:MDKSA-2000:044
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Reference: SUSE:20000906 screen format string parsing security problem
Reference: URL:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt
Reference: REDHAT:RHSA-2000:058-03
Reference: URL:http://www.redhat.com
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Reference: BID:1641
Reference: URL:http://www.securityfocus.com/bid/1641
Reference: XF:screen-format-string
Reference: URL:http://xforce.iss.net/static/5188.php
Format string vulnerability in screen 3.9.5 and earlier allows local
users to gain root privileges via format characters in the vbell_msg
initialization variable.
INFERRED ACTION: CAN-2000-0901 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0908
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0908
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: XF:browsegate-http-dos
Reference: URL:http://xforce.iss.net/static/5270.php
Reference: BID:1702
Reference: URL:http://www.securityfocus.com/bid/1702
BrowseGate 2.80 allows remote attackers to cause a denial of service
and possibly execute arbitrary commands via long Authorization or
Referer MIME headers in the HTTP request.
INFERRED ACTION: CAN-2000-0908 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0909
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0909
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000922 [ no subject ]
Reference: URL:http://www.securityfocus.com/archive/1/84901
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
Reference: REDHAT:RHSA-2000-102-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html
Reference: MANDRAKE:MDKSA-2000:073
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
Reference: BID:1709
Reference: URL:http://www.securityfocus.com/bid/1709
Reference: XF:pine-check-mail-bo
Reference: URL:http://xforce.iss.net/static/5283.php
Buffer overflow in the automatic mail checking component of Pine 4.21
and earlier allows remote attackers to execute arbitrary commands via
a long From: header.
Modifications:
ADDREF MANDRAKE:MDKSA-2000:073
INFERRED ACTION: CAN-2000-0909 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(2) Christey, Wall
Voter Comments:
Christey> ADDREF MANDRAKE:MDKSA-2000:073
http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
======================================================
Candidate: CAN-2000-0910
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0910
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html
Reference: DEBIAN:20000910 imp: remote compromise
Reference: URL:http://www.debian.org/security/2000/20000910
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: BID:1674
Reference: URL:http://www.securityfocus.com/bid/1674
Reference: XF:horde-imp-sendmail-command
Reference: URL:http://xforce.iss.net/static/5278.php
Horde library 1.02 allows attackers to execute arbitrary commands via
shell metacharacters in the "from" address.
INFERRED ACTION: CAN-2000-0910 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0911
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP
Reference: URL:http://www.securityfocus.com/archive/1/82088
Reference: BID:1679
Reference: URL:http://www.securityfocus.com/bid/1679
Reference: XF:imp-attach-file
Reference: URL:http://xforce.iss.net/static/5227.php
IMP 2.2 and earlier allows attackers to read and delete arbitrary
files by modifying the attachment_name hidden form variable, which
causes IMP to send the file to the attacker as an attachment.
INFERRED ACTION: CAN-2000-0911 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0912
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html
Reference: XF:http-cgi-multihtml
Reference: URL:http://xforce.iss.net/static/5285.php
MultiHTML CGI script allows remote attackers to read arbitrary files
and possibly execute arbitrary commands by specifying the file name to
the "multi" parameter.
INFERRED ACTION: CAN-2000-0912 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0913
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
Reference: MANDRAKE:MDKSA-2000:060
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088-04.html
Reference: CALDERA:CSSA-2000-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt
Reference: HP:HPSBUX0010-126
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html
Reference: BID:1728
Reference: URL:http://www.securityfocus.com/bid/1728
Reference: XF:apache-rewrite-view-files
Reference: URL:http://xforce.iss.net/static/5310.php
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to
read arbitrary files if a RewriteRule directive is expanded to include
a filename whose name contains a regular expression.
INFERRED ACTION: CAN-2000-0913 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0914
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: XF:bsd-arp-request-dos
Reference: URL:http://xforce.iss.net/static/5340.php
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of
service by flooding the server with ARP requests.
INFERRED ACTION: CAN-2000-0914 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0915
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0915
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: XF:freebsd-fingerd-files
Reference: URL:http://xforce.iss.net/static/5385.php
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary
files by specifying the target file name instead of a regular user
name.
INFERRED ACTION: CAN-2000-0915 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0917
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0917
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html
Reference: CERT:CA-2000-22
Reference: URL:http://www.cert.org/advisories/CA-2000-22.html
Reference: CALDERA:CSSA-2000-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt
Reference: REDHAT:RHSA-2000:065-06
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065-06.html
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc
Reference: XF:lprng-format-string
Reference: URL:http://xforce.iss.net/static/5287.php
Reference: BID:1712
Reference: URL:http://www.securityfocus.com/bid/1712
Format string vulnerability in use_syslog() function in LPRng 3.6.24
allows remote attackers to execute arbitrary commands.
Modifications:
ADDREF CERT:CA-2000-22
INFERRED ACTION: CAN-2000-0917 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(2) Christey, Wall
Voter Comments:
Christey> ADDREF CERT:CA-2000-22
URL:http://www.cert.org/advisories/CA-2000-22.html
======================================================
Candidate: CAN-2000-0919
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0919
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: XF:phpix-dir-traversal
Reference: URL:http://xforce.iss.net/static/5331.php
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and
earlier allows remote attackers to read arbitrary files via a .. (dot
dot) attack.
INFERRED ACTION: CAN-2000-0919 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0920
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0920
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: XF:boa-webserver-get-dir-traversal
Reference: URL:http://xforce.iss.net/static/5330.php
Directory traversal vulnerability in BOA web server 0.94.8.2 and
earlier allows remote attackers to read arbitrary files via a modified
.. (dot dot) attack in the GET HTTP request that uses a "%2E" instead
of a "."
INFERRED ACTION: CAN-2000-0920 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0921
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: XF:hassan-shopping-cart-dir-traversal
Reference: URL:http://xforce.iss.net/static/5342.php
Directory traversal vulnerability in Hassan Consulting shop.cgi
shopping cart program allows remote attackers to read arbitrary files
via a .. (dot dot) attack on the page parameter.
INFERRED ACTION: CAN-2000-0921 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0922
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: XF:web-shopper-directory-traversal
Reference: URL:http://xforce.iss.net/static/5351.php
Directory traversal vulnerability in Bytes Interactive Web Shopper
shopping cart program (shopper.cgi) 2.0 and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
newpage parameter.
INFERRED ACTION: CAN-2000-0922 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0923
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute
Reference: URL:http://xforce.iss.net/static/5333.php
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784
authenticate.cgi CGI program in Aplio PRO allows remote attackers to
execute arbitrary commands via shell metacharacters in the password
parameter.
INFERRED ACTION: CAN-2000-0923 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0924
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772
Reference: XF:master-index-directory-traversal
Reference: URL:http://xforce.iss.net/static/5355.php
Directory traversal vulnerability in search.cgi CGI script in Armada
Master Index allows remote attackers to read arbitrary files via a
.. (dot dot) attack in the "catigory" parameter.
Modifications:
ADDREF XF:master-index-directory-traversal(5355)
INFERRED ACTION: CAN-2000-0924 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:master-index-directory-traversal(5355)
======================================================
Candidate: CAN-2000-0925
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0925
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html
Reference: BID:1734
Reference: URL:http://www.securityfocus.com/bid/1734
Reference: XF:cyberoffice-world-readable-directory
Reference: URL:http://xforce.iss.net/static/5318.php
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka
CyberShop) installs the _private directory with world readable
permissions, which allows remote attackers to obtain sensitive
information.
Modifications:
XF:cyberoffice-world-readable-directory(5318)
INFERRED ACTION: CAN-2000-0925 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:cyberoffice-world-readable-directory(5318)
======================================================
Candidate: CAN-2000-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0926
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
Reference: BID:1733
Reference: URL:http://www.securityfocus.com/bid/1733
Reference: XF:cyberoffice-price-modification
Reference: URL:http://xforce.iss.net/static/5319.php
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote
attackers to modify price information by changing the "Price" hidden
form variable.
Modifications:
ADDREF XF:cyberoffice-price-modification(5319)
INFERRED ACTION: CAN-2000-0926 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:cyberoffice-price-modification(5319)
======================================================
Candidate: CAN-2000-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0928
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765
Reference: XF:quotaadvisor-list-files
Reference: URL:http://xforce.iss.net/static/5327.php
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by
running a report on the targeted shares.
Modifications:
ADDREF XF:quotaadvisor-list-files(5327)
INFERRED ACTION: CAN-2000-0928 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:quotaadvisor-list-files(5327)
======================================================
Candidate: CAN-2000-0929
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0929
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2
Reference: MS:MS00-068
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp
Reference: BID:1714
Reference: URL:http://www.securityfocus.com/bid/1714
Reference: XF:mediaplayer-outlook-dos
Reference: URL:http://xforce.iss.net/static/5309.php
Microsoft Windows Media Player 7 allows attackers to cause a denial of
service in RTF-enabled email clients via an embedded OCX control that
is not closed properly, aka the "OCX Attachment" vulnerability.
INFERRED ACTION: CAN-2000-0929 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Cole, Mell, Wall
======================================================
Candidate: CAN-2000-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0930
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html
Reference: BID:1738
Reference: URL:http://www.securityfocus.com/bid/1738
Reference: XF:pegasus-file-forwarding
Reference: URL:http://xforce.iss.net/static/5326.php
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via
an embedded URL that calls the mailto: protocol with a -F switch.
INFERRED ACTION: CAN-2000-0930 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0932
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html
Reference: XF:mailsweeper-smtp-dos
Reference: URL:http://xforce.iss.net/static/5641.php
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA
documents in a ZIP file and hangs, which allows remote attackers to
cause a denial of service.
Modifications:
ADDREF XF:mailsweeper-smtp-dos(5641)
INFERRED ACTION: CAN-2000-0932 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Mell, Wall
Voter Comments:
Frech> XF:mailsweeper-smtp-dos(5641)
======================================================
Candidate: CAN-2000-0933
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0933
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-069
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp
Reference: BID:1729
Reference: URL:http://www.securityfocus.com/bid/1729
Reference: XF:win2k-simplified-chinese-ime
Reference: URL:http://xforce.iss.net/static/5301.php
The Input Method Editor (IME) in the Simplified Chinese version of
Windows 2000 does not disable access to privileged functionality that
should normally be restricted, which allows local users to gain
privileges, aka the "Simplified Chinese IME State Recognition"
vulnerability.
INFERRED ACTION: CAN-2000-0933 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Cole, Mell, Wall
======================================================
Candidate: CAN-2000-0934
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0934
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: REDHAT:RHSA-2000:062-03
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0250.html
Reference: BID:1703
Reference: URL:http://www.securityfocus.com/bid/1703
Reference: XF:glint-symlink
Reference: URL:http://xforce.iss.net/static/5271.php
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary
files and cause a denial of service via a symlink attack.
INFERRED ACTION: CAN-2000-0934 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0935
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: XF:samba-swat-logging-sym-link
Reference: URL:http://xforce.iss.net/static/5443.php
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users
to overwrite arbitrary files via a symlink attack on the cgi.log file.
INFERRED ACTION: CAN-2000-0935 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
NOOP(2) Cole, TempVoter4
======================================================
Candidate: CAN-2000-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0936
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: XF:samba-swat-logfile-info
Reference: URL:http://xforce.iss.net/static/5445.php
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the
cgi.log logging file with world readable permissions, which allows
local users to read sensitive information such as user names and
passwords.
INFERRED ACTION: CAN-2000-0936 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
NOOP(2) Cole, TempVoter4
======================================================
Candidate: CAN-2000-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0937
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: XF:samba-swat-brute-force
Reference: URL:http://xforce.iss.net/static/5442.php
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login
attempts in which the username is correct but the password is wrong,
which allows remote attackers to conduct brute force password guessing
attacks.
INFERRED ACTION: CAN-2000-0937 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0938
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a
different error message when a valid username is provided versus an
invalid name, which allows remote attackers to identify valid users on
the server.
INFERRED ACTION: CAN-2000-0938 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Mell, TempVoter4
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0941
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: XF:kw-whois-meta
Reference: URL:http://xforce.iss.net/static/5438.php
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to
execute arbitrary commands via shell metacharacters in the "whois"
parameter.
INFERRED ACTION: CAN-2000-0941 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cole, Mell, TempVoter4
======================================================
Candidate: CAN-2000-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: XF:iis-htw-cross-scripting
Reference: URL:http://xforce.iss.net/static/5441.php
The CiWebHitsFile component in Microsoft Indexing Services for Windows
2000 allows remote attackers to conduct a cross site scripting (CSS)
attack via a CiRestriction parameter in a .htw request, aka the
"Indexing Services Cross Site Scripting" vulnerability.
INFERRED ACTION: CAN-2000-0942 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0943
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: BID:1858
Reference: XF:bftpd-user-bo
Reference: URL:http://xforce.iss.net/static/5426.php
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers
to cause a denial of service and possibly execute arbitrary commands
via a long USER command.
Modifications:
ADDREF BID:1858
INFERRED ACTION: CAN-2000-0943 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cole, Mell, TempVoter4
NOOP(1) Christey
Voter Comments:
Christey> ADDREF BID:1858
======================================================
Candidate: CAN-2000-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0944
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: XF:news-update-bypass-password
Reference: URL:http://xforce.iss.net/static/5433.php
CGI Script Center News Update 1.1 does not properly validate the
original news administration password during a password change
operation, which allows remote attackers to modify the password
without knowing the original password.
INFERRED ACTION: CAN-2000-0944 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0946
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: XF:compaq-ea-elevate-privileges
Reference: URL:http://xforce.iss.net/static/5718.php
Compaq Easy Access Keyboard software 1.3 does not properly disable
access to custom buttons when the screen is locked, which could allow
an attacker to gain privileges or execute programs without
authorization.
Modifications:
ADDREF XF:compaq-ea-elevate-privileges(5718)
INFERRED ACTION: CAN-2000-0946 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:compaq-ea-elevate-privileges(5718)
======================================================
Candidate: CAN-2000-0947
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0947
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Reference: MANDRAKE:MDKSA-2000:061
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Reference: NETBSD:NetBSD-SA2000-013
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Reference: BID:1757
Reference: URL:http://www.securityfocus.com/bid/1757
Reference: XF:cfengine-cfd-format-string
Reference: URL:http://xforce.iss.net/static/5630.php
Format string vulnerability in cfd daemon in GNU CFEngine before
1.6.0a11 allows attackers to execute arbitrary commands via format
characters in the CAUTH command.
Modifications:
ADDREF XF:cfengine-cfd-format-string(5630)
INFERRED ACTION: CAN-2000-0947 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:cfengine-cfd-format-string(5630)
======================================================
Candidate: CAN-2000-0948
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0948
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/136866
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html
Reference: MANDRAKE:MDKSA-2000:055
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0
Reference: REDHAT:RHSA-2000:072-07
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html
Reference: BID:1761
Reference: URL:http://www.securityfocus.com/bid/1761
Reference: XF:gnorpm-temp-symlink
Reference: URL:http://xforce.iss.net/static/5317.php
GnoRPM before 0.95 allows local users to modify arbitrary files via a
symlink attack.
INFERRED ACTION: CAN-2000-0948 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0949
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0949
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
Reference: CALDERA:CSSA-2000-034.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
Reference: MANDRAKE:MDKSA-2000:053
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
Reference: REDHAT:RHSA-2000:078-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078-02.html
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: URL:http://www.debian.org/security/2000/20001013
Reference: TURBO:TLSA2000023-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
Reference: BID:1739
Reference: URL:http://www.securityfocus.com/bid/1739
Reference: XF:traceroute-heap-overflow
Reference: URL:http://xforce.iss.net/static/5311.php
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier
allows a local user to execute arbitrary commands via the -g option.
INFERRED ACTION: CAN-2000-0949 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0951
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: ATSTAKE:A100400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt
Reference: MSKB:Q272079
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079
Reference: BID:1756
Reference: URL:http://www.securityfocus.com/bid/1756
Reference: XF:iis-index-dir-traverse
Reference: URL:http://xforce.iss.net/static/5335.php
A misconfiguration in IIS 5.0 with Index Server enabled and the Index
property set allows remote attackers to list directories in the web
root via a Web Distributed Authoring and Versioning (WebDAV) search.
INFERRED ACTION: CAN-2000-0951 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Cole, Mell, Wall
======================================================
Candidate: CAN-2000-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0952
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NETBSD:NetBSD-SA2000-014
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: XF:global-execute-remote-commands
Reference: URL:http://xforce.iss.net/static/5424.php
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows
remote attackers to execute arbitrary commands via shell
metacharacters.
INFERRED ACTION: CAN-2000-0952 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0953
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: XF:shambala-connection-dos
Reference: URL:http://xforce.iss.net/static/5345.php
Shambala Server 4.5 allows remote attackers to cause a denial of
service by opening then closing a connection.
INFERRED ACTION: CAN-2000-0953 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0956
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: REDHAT:RHSA-2000:094-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: XF:cyrus-sasl-gain-access
Reference: URL:http://xforce.iss.net/static/5427.php
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify
the authorization for a local user, which could allow the users to
bypass specified access restrictions.
INFERRED ACTION: CAN-2000-0956 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
NOOP(1) TempVoter4
======================================================
Candidate: CAN-2000-0957
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0957
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input
Reference: URL:http://xforce.iss.net/static/5447.php
The pluggable authentication module for msql (pam_mysql) before 0.4.7
does not properly cleanse user input when constructing SQL statements,
which allows attackers to obtain plaintext passwords or hashes.
INFERRED ACTION: CAN-2000-0957 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Mell, TempVoter4
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0958
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access
Reference: URL:http://xforce.iss.net/static/5428.php
HotJava Browser 3.0 allows remote attackers to access the DOM of a web
page by opening a javascript: URL in a named window.
INFERRED ACTION: CAN-2000-0958 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0959
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Reference: URL:http://www.securityfocus.com/archive/1/85028
Reference: BID:1719
Reference: URL:http://www.securityfocus.com/bid/1719
Reference: XF:glibc-unset-symlink
Reference: URL:http://xforce.iss.net/static/5299.php
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG
environmental variables when a program is spawned from a setuid
program, which could allow local users to overwrite files via a
symlink attack.
INFERRED ACTION: CAN-2000-0959 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(2) Cole, Wall
======================================================
Candidate: CAN-2000-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0960
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: XF:netscape-messaging-email-verify
Reference: URL:http://xforce.iss.net/static/5364.php
The POP3 server in Netscape Messaging Server 4.15p1 generates
different error messages for incorrect user names versus incorrect
passwords, which allows remote attackers to determine valid users on
the system and harvest email addresses for spam abuse.
INFERRED ACTION: CAN-2000-0960 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0961
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: XF:netscape-messaging-list-dos
Reference: URL:http://xforce.iss.net/static/5292.php
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch
2 allows local users to execute arbitrary commands via a long LIST
command.
INFERRED ACTION: CAN-2000-0961 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0962
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0962
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: BID:1723
Reference: URL:http://www.securityfocus.com/bid/1723
Reference: XF:openbsd-nmap-dos
Reference: URL:http://xforce.iss.net/static/5634.php
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty
AH/ESP packets, which allows remote attackers to cause a denial of
service.
Modifications:
ADDREF XF:openbsd-nmap-dos(5634)
INFERRED ACTION: CAN-2000-0962 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:openbsd-nmap-dos(5634)
======================================================
Candidate: CAN-2000-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0965
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: XF:hp-virtualvault-nsapi-dos
Reference: URL:http://xforce.iss.net/static/5361.php
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS
10.24 and 11.04 allows an attacker to cause a denial of service (high
CPU utilization)
INFERRED ACTION: CAN-2000-0965 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0966
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: XF:hp-lpspooler-bo
Reference: URL:http://xforce.iss.net/static/5379.php
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of
HP-UX 11.0 and earlier allows local users to gain privileges.
INFERRED ACTION: CAN-2000-0966 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0967
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: DEBIAN:20001014 php3: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014a
Reference: DEBIAN:20001014 php4: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014b
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: XF:php-logging-format-string
Reference: URL:http://xforce.iss.net/static/5359.php
PHP 3 and 4 do not properly cleanse user-injected format strings,
which allows remote attackers to execute arbitrary commands by
triggering error messages that are improperly written to the error
logs.
Modifications:
ADDREF FREEBSD:FreeBSD-SA-00:75
INFERRED ACTION: CAN-2000-0967 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Christey
Voter Comments:
Christey> FREEBSD:FreeBSD-SA-00:75
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
======================================================
Candidate: CAN-2000-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0968
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: XF:halflife-server-changelevel-bo
Reference: URL:http://xforce.iss.net/static/5375.php
Buffer overflow in Half Life dedicated server before build 3104 allows
remote attackers to execute arbitrary commands via a long rcon
command.
INFERRED ACTION: CAN-2000-0968 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0969
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-rcon-format-string
Reference: URL:http://xforce.iss.net/static/5413.php
Format string vulnerability in Half Life dedicated server build 3104
and earlier allows remote attackers to execute arbitrary commands by
injecting format strings into the changelevel command, via the system
console or rcon.
INFERRED ACTION: CAN-2000-0969 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0970
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-080
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp
Reference: XF:session-cookie-remote-retrieval
Reference: URL:http://xforce.iss.net/static/5396.php
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure
and insecure web sessions, which could allow remote attackers to
hijack the secure web session of the user if that user moves to an
insecure session, aka the "Session ID Cookie Marking" vulnerability.
INFERRED ACTION: CAN-2000-0970 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0972
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files
Reference: URL:http://xforce.iss.net/static/5410.php
HP-UX 11.00 crontab allows local users to read arbitrary files via the
-e option by creating a symlink to the target file during the crontab
session, quitting the session, and reading the error messages that
crontab generates.
INFERRED ACTION: CAN-2000-0972 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0973
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: DEBIAN:20001013 curl and curl-ssl: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001013a
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: FREEBSD:FreeBSD-SA-00:72
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: XF:curl-error-bo
Reference: URL:http://xforce.iss.net/static/5374.php
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier
than 6.0-1.2, allows remote attackers to execute arbitrary commands by
forcing a long error message to be generated.
Modifications:
ADDREF FREEBSD:FreeBSD-SA-00:72
INFERRED ACTION: CAN-2000-0973 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Christey
Voter Comments:
Christey> ADDREF FREEBSD:FreeBSD-SA-00:72
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
======================================================
Candidate: CAN-2000-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0974
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: DEBIAN:20001111 gnupg: incorrect signature verification
Reference: URL:http://www.debian.org/security/2000/20001111
Reference: FREEBSD:FreeBSD-SA-00:67
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
Reference: REDHAT:RHSA-2000:089-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089-04.html
Reference: CALDERA:CSSA-2000-038.0
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: XF:gnupg-message-modify
Reference: URL:http://xforce.iss.net/static/5386.php
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file
containing multiple documents, which allows an attacker to modify
contents of all documents but the first without detection.
Modifications:
ADDREF DEBIAN:20001111 gnupg: incorrect signature verification
ADDREF FREEBSD:FreeBSD-SA-00:67
INFERRED ACTION: CAN-2000-0974 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Christey
Voter Comments:
Christey> ADDREF DEBIAN:20001111 gnupg: incorrect signature verification
http://www.debian.org/security/2000/20001111
ADDREF FREEBSD:FreeBSD-SA-00:67
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
======================================================
Candidate: CAN-2000-0975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0975
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html
Reference: XF:anaconda-apexec-directory-traversal
Reference: URL:http://xforce.iss.net/static/5750.php
Directory traversal vulnerability in apexec.pl in Anaconda Foundation
Directory allows remote attackers to read arbitrary files via a
.. (dot dot) attack.
Modifications:
ADDREF XF:anaconda-apexec-directory-traversal(5750)
INFERRED ACTION: CAN-2000-0975 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:anaconda-apexec-directory-traversal(5750)
======================================================
Candidate: CAN-2000-0977
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0977
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807
Reference: XF:mailfile-post-file-read
Reference: URL:http://xforce.iss.net/static/5358.php
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to
read arbitrary files by specifying the target file name in the
"filename" parameter in a POST request, which is then sent by email to
the address specified in the "email" parameter.
Modifications:
ADDREF XF:mailfile-post-file-read(5358)
INFERRED ACTION: CAN-2000-0977 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:mailfile-post-file-read(5358)
======================================================
Candidate: CAN-2000-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0978
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779
Reference: XF:bb4-netmon-execute-commands
Reference: URL:http://xforce.iss.net/static/5719.php
bbd server in Big Brother System and Network Monitor before 1.5c2
allows remote attackers to execute arbitrary commands via the "&"
shell metacharacter.
Modifications:
ADDREF XF:bb4-netmon-execute-commands(5719)
INFERRED ACTION: CAN-2000-0978 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:bb4-netmon-execute-commands(5719)
======================================================
Candidate: CAN-2000-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0979
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: XF:win9x-share-level-password
Reference: URL:http://xforce.iss.net/static/5395.php
File and Print Sharing service in Windows 95, Windows 98, and Windows
Me does not properly check the password for a file share, which allows
remote attackers to bypass share access controls by sending a 1-byte
password that matches the first character of the real password, aka
the "Share Level Password" vulnerability.
INFERRED ACTION: CAN-2000-0979 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0980
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-073
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: XF:win-nmpi-packet-dos
Reference: URL:http://xforce.iss.net/static/5357.php
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink
does not properly filter packets from a broadcast address, which
allows remote attackers to cause a broadcast storm and flood the
network.
INFERRED ACTION: CAN-2000-0980 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0981
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication
Reference: URL:http://xforce.iss.net/static/5409.php
MySQL Database Engine uses a weak authentication method which leaks
information that could be used by a remote attacker to recover the
password.
INFERRED ACTION: CAN-2000-0981 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0982
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-076
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: XF:ie-cache-info
Reference: URL:http://xforce.iss.net/static/5367.php
Internet Explorer before 5.5 forwards cached user credentials for a
secure web site to insecure pages on the same web site, which could
allow remote attackers to obtain the credentials by monitoring
connections to the web server, aka the "Cached Web Credentials"
vulnerability.
INFERRED ACTION: CAN-2000-0982 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0983
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: MSKB:Q273854
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: XF:netmeeting-desktop-sharing-dos
Reference: URL:http://xforce.iss.net/static/5368.php
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote
attackers to cause a denial of service (CPU utilization) via a
sequence of null bytes to the NetMeeting port, aka the "NetMeeting
Desktop Sharing" vulnerability.
INFERRED ACTION: CAN-2000-0983 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0984
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: XF:cisco-ios-query-dos
Reference: URL:http://xforce.iss.net/static/5412.php
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to
cause a denial of service (crash and reload) via a URL containing a
"?/" string.
INFERRED ACTION: CAN-2000-0984 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0989
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: XF:intel-email-username-bo
Reference: URL:http://xforce.iss.net/static/5414.php
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service
allows remote attackers to cause a denial of service and possibly
execute commands via a long username.
INFERRED ACTION: CAN-2000-0989 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0990
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: XF:cmd5checkpw-qmail-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5382.php
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial
of service via an "SMTP AUTH" command with an unknown username.
INFERRED ACTION: CAN-2000-0990 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0991
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-079
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: XF:win-hyperterminal-telnet-bo
Reference: URL:http://xforce.iss.net/static/5387.php
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98,
ME, and 2000 allows remote attackers to execute arbitrary commands via
a long telnet URL, aka the "HyperTerminal Buffer Overflow"
vulnerability.
INFERRED ACTION: CAN-2000-0991 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-0992
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0992
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000930 scp file transfer hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Reference: MANDRAKE:MDKSA-2000:057
Reference: BID:1742
Reference: URL:http://www.securityfocus.com/bid/1742
Reference: XF:scp-overwrite-files
Reference: URL:http://xforce.iss.net/static/5312.php
Directory traversal vulnerability in scp in sshd 1.2.xx allows a
remote malicious scp server to overwrite arbitrary files via a .. (dot
dot) attack.
Modifications:
ADDREF XF:scp-overwrite-files(5312)
INFERRED ACTION: CAN-2000-0992 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(2) Cole, Wall
Voter Comments:
Frech> XF:scp-overwrite-files(5312)
======================================================
Candidate: CAN-2000-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0993
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function.
Reference: URL:http://www.openbsd.org/errata27.html#pw_error
Reference: NETBSD:NetBSD-SA2000-015
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:58
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/137482
Reference: BID:1744
Reference: URL:http://www.securityfocus.com/bid/1744
Reference: XF:bsd-libutil-format
Reference: URL:http://xforce.iss.net/static/5339.php
Format string vulnerability in pw_error function in BSD libutil
library allows local users to gain root privileges via a malformed
password in commands such as chpass or passwd.
INFERRED ACTION: CAN-2000-0993 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0994
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/137482
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: BID:1746
Reference: URL:http://www.securityfocus.com/bid/1746
Reference: XF:bsd-fstat-format
Reference: URL:http://xforce.iss.net/static/5338.php
Format string vulnerability in OpenBSD fstat program (and possibly
other BSD-based operating systems) allows local users to gain root
privileges via the PWD environmental variable.
INFERRED ACTION: CAN-2000-0994 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0995
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-yp-passwd-format
Reference: URL:http://xforce.iss.net/static/5635.php
Format string vulnerability in OpenBSD yp_passwd program (and possibly
other BSD-based operating systems) allows attackers to gain root
privileges a malformed name.
Modifications:
ADDREF XF:bsd-yp-passwd-format(5635)
INFERRED ACTION: CAN-2000-0995 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Mell, Wall
Voter Comments:
Frech> XF:bsd-yp-passwd-format(5635)
======================================================
Candidate: CAN-2000-0996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0996
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: XF:bsd-su-format
Reference: URL:http://xforce.iss.net/static/5636.php
Format string vulnerability in OpenBSD su program (and possibly other
BSD-based operating systems) allows local attackers to gain root
privileges via a malformed shell.
Modifications:
ADDREF XF:bsd-su-format(5636)
INFERRED ACTION: CAN-2000-0996 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Mell, Wall
Voter Comments:
Frech> XF:bsd-su-format(5636)
======================================================
Candidate: CAN-2000-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1000
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS
Reference: URL:http://www.securityfocus.com/archive/1/137374
Reference: BID:1747
Reference: URL:http://www.securityfocus.com/bid/1747
Reference: XF:aim-file-transfer-dos
Reference: URL:http://xforce.iss.net/static/5314.php
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands by transferring a file whose name includes
format characters.
INFERRED ACTION: CAN-2000-1000 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Mell, Wall
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1001
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001024 Price modification in Element InstantShop
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267884631455&w=2
Reference: XF:instantshop-modify-price
Reference: URL:http://xforce.iss.net/static/5402.php
add_2_basket.asp in Element InstantShop allows remote attackers to
modify price information via the "price" hidden form variable.
Modifications:
ADDREF XF:instantshop-modify-price(5402)
DESC CHANGEREF BUGTRAQ [fix date]
INFERRED ACTION: CAN-2000-1001 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> Change date in Bugtraq reference to 20001024
Frech> XF:instantshop-modify-price(5402)
======================================================
Candidate: CAN-2000-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1002
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify
Reference: URL:http://xforce.iss.net/static/5363.php
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error
messages for invalid usernames versus invalid passwords, which allows
remote attackers to determine valid email addresses on the server for
SPAM attacks.
INFERRED ACTION: CAN-2000-1002 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1003
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: XF:win-netbios-driver-type-dos
Reference: URL:http://xforce.iss.net/static/5370.php
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker
to cause a denial of service by changing a file sharing service to
return an unknown driver type, which causes the client to crash.
INFERRED ACTION: CAN-2000-1003 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1004
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2
Reference: XF:bsd-photurisd-format
Reference: URL:http://xforce.iss.net/static/5336.php
Format string vulnerability in OpenBSD photurisd allows local users to
execute arbitrary commands via a configuration file directory name
that contains formatting characters.
INFERRED ACTION: CAN-2000-1004 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Mell, Wall
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1005
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: XF:extropia-webstore-fileread
Reference: URL:http://xforce.iss.net/static/5347.php
Directory traversal vulnerability in html_web_store.cgi and
web_store.cgi CGI programs in eXtropia WebStore allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
page parameter.
INFERRED ACTION: CAN-2000-1005 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1006
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-082
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp
Reference: XF:ms-exchange-mime-dos
Reference: URL:http://xforce.iss.net/static/5448.php
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869
Microsoft Exchange Server 5.5 does not properly handle a MIME header
with a blank charset specified, which allows remote attackers to cause
a denial of service via a charset="" command, aka the "Malformed MIME
Header" vulnerability.
INFERRED ACTION: CAN-2000-1006 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Baker, Cole, Mell, TempVoter4
======================================================
Candidate: CAN-2000-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1007
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html
Reference: XF:igear-invalid-log(5791)
Reference: URL:http://xforce.iss.net/static/5791.php
I-gear 3.5.7 and earlier does not properly process log entries in
which a URL is longer than 255 characters, which allows an attacker to
cause reporting errors.
Modifications:
ADDREF XF:igear-invalid-log(5791)
INFERRED ACTION: CAN-2000-1007 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:igear-invalid-log(5791)
======================================================
Candidate: CAN-2000-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1010
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: XF:linux-talkd-overwrite-root
Reference: URL:http://xforce.iss.net/static/5344.php
Format string vulnerability in talkd in OpenBSD and possibly other
BSD-based OSes allows remote attackers to execute arbitrary commands
via a user name that contains format characters.
INFERRED ACTION: CAN-2000-1010 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-1011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1011
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
Reference: XF:freebsd-catopen-bo
Reference: URL:http://xforce.iss.net/static/5638.php
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and
possibly other OSes, allows local users to gain root privileges via a
long environmental variable.
Modifications:
XF:freebsd-catopen-bo(5638)
INFERRED ACTION: CAN-2000-1011 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:freebsd-catopen-bo(5638)
======================================================
Candidate: CAN-2000-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1014
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html
Reference: BID:1717
Reference: URL:http://www.securityfocus.com/bid/1717
Reference: XF:unixware-scohelp-format
Reference: URL:http://xforce.iss.net/static/5291.php
Format string vulnerability in the search97.cgi CGI script in SCO help
http server for Unixware 7 allows remote attackers to execute
arbitrary commands via format characters in the queryText parameter.
INFERRED ACTION: CAN-2000-1014 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(2) Wall, Cole
======================================================
Candidate: CAN-2000-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1016
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: CF
Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4
Reference: URL:http://www.securityfocus.com/archive/1/84360
Reference: BID:1707
Reference: URL:http://www.securityfocus.com/bid/1707
Reference: XF:suse-installed-packages-exposed
Reference: URL:http://xforce.iss.net/static/5276.php
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes
an alias for the /usr/doc directory, which allows remote attackers to
read package documentation and obtain system configuration information
via an HTTP request for the /doc/packages URL.
INFERRED ACTION: CAN-2000-1016 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1018
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788
Reference: XF:shred-recover-files
Reference: URL:http://xforce.iss.net/static/5722.php
shred 1.0 file wiping utility does not properly open a file for
overwriting or flush its buffers, which prevents shred from properly
replacing the file's data and allows local users to recover the file.
Modifications:
ADDREF XF:shred-recover-files(5722)
INFERRED ACTION: CAN-2000-1018 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:shred-recover-files(5722)
======================================================
Candidate: CAN-2000-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1019
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: XF:ultraseek-malformed-url-dos
Reference: URL:http://xforce.iss.net/static/5439.php
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows
remote attackers to cause a denial of service via a malformed URL.
INFERRED ACTION: CAN-2000-1019 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Mell, TempVoter4
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1022
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Reference: BID:1698
Reference: URL:http://www.securityfocus.com/bid/1698
Reference: XF:cisco-pix-smtp-filtering
Reference: URL:http://xforce.iss.net/static/5277.php
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier
does not properly restrict access to SMTP commands, which allows
remote attackers to execute restricted commands by sending a DATA
command before sending the restricted commands.
INFERRED ACTION: CAN-2000-1022 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1024
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category:
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: XF:ewave-servletexec-file-upload
Reference: URL:http://xforce.iss.net/static/5450.php
eWave ServletExec 3.0C and earlier does not restrict access to the
UploadServlet Java/JSP servlet, which allows remote attackers to
upload files and execute arbitrary commands.
INFERRED ACTION: CAN-2000-1024 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Mell, TempVoter4
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1026
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: SUSE:SuSE-SA:2000:46
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
Reference: DEBIAN:20001120 tcpdump: remote denial of service
Reference: URL:http://www.debian.org/security/2000/20001120a
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870
Multiple buffer overflows in LBNL tcpdump allows remote attackers to
execute arbitrary commands.
Modifications:
ADDREF SUSE:SuSE-SA:2000:46
ADDREF DEBIAN:20001120 tcpdump: remote denial of service
INFERRED ACTION: CAN-2000-1026 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
NOOP(1) Christey
Voter Comments:
Christey> SUSE:SuSE-SA:2000:46
http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
DEBIAN:20001120 tcpdump: remote denial of service
URL:http://www.debian.org/security/2000/20001120a
======================================================
Candidate: CAN-2000-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1027
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2
Reference: BID:1877
Reference: URL:http://www.securityfocus.com/bid/1877
Reference: XF:cisco-pix-reveal-address
Reference: URL:http://xforce.iss.net/static/5646.php
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine
the real IP address of a target FTP server by flooding the server with
PASV requests, which includes the real IP address in the response when
passive mode is established.
Modifications:
ADDREF XF:cisco-pix-reveal-address(5646)
INFERRED ACTION: CAN-2000-1027 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(2) Wall, Cole
Voter Comments:
Frech> XF:cisco-pix-reveal-address(5646)
======================================================
Candidate: CAN-2000-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1031
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )
Reference: URL:http://www.securityfocus.com/archive/1/75188
Reference: HP:HPSBUX0011-128
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html
Reference: BID:1889
Reference: URL:http://www.securityfocus.com/bid/1889
Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain
privileges via a long -tn option.
INFERRED ACTION: CAN-2000-1031 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1032
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890
The client authentication interface for Check Point Firewall-1 4.0 and
earlier generates different error messages for invalid usernames
versus invalid passwords, which allows remote attackers to identify
valid usernames on the firewall.
INFERRED ACTION: CAN-2000-1032 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
======================================================
Candidate: CAN-2000-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1034
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899
Buffer overflow in the System Monitor ActiveX control in Windows 2000
allows remote attackers to execute arbitrary commands via a long
LogFileName parameter in HTML source code, aka the "ActiveX Parameter
Validation" vulnerability.
INFERRED ACTION: CAN-2000-1034 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
NOOP(1) TempVoter4
======================================================
Candidate: CAN-2000-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1036
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000920 Extent RBS directory Transversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html
Reference: BID:1704
Reference: URL:http://www.securityfocus.com/bid/1704
Reference: XF:rbs-isp-directory-traversal
Reference: URL:http://xforce.iss.net/static/5275.php
Directory traversal vulnerability in Extent RBS ISP web server allows
remote attackers to read sensitive information via a .. (dot dot)
attack on the Image parameter.
INFERRED ACTION: CAN-2000-1036 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1038
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: AIXAPAR:SA90544
Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Reference: XF:as400-firewall-dos
Reference: URL:http://xforce.iss.net/static/5266.php
The web administration interface for IBM AS/400 Firewall allows remote
attackers to cause a denial of service via an empty GET request.
INFERRED ACTION: CAN-2000-1038 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1040
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: REDHAT:RHSA-2000:086-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086-05.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Format string vulnerability in logging function of ypbind 3.3, while
running in debug mode, leaks file descriptors and allows an attacker
to cause a denial of service.
INFERRED ACTION: CAN-2000-1040 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1041
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: XF:ypbind-remote-bo
Reference: URL:http://xforce.iss.net/static/5759.php
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root
privileges.
Modifications:
ADDREF XF:ypbind-remote-bo(5759)
INFERRED ACTION: CAN-2000-1041 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:ypbind-remote-bo(5759)
======================================================
Candidate: CAN-2000-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1042
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-bo
Reference: URL:http://xforce.iss.net/static/5730.php
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and
possibly other Linux operating systems, allows an attacker to gain
root privileges when ypserv is built without a vsyslog() function.
Modifications:
ADDREF XF:linux-ypserv-bo(5730)
INFERRED ACTION: CAN-2000-1042 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:linux-ypserv-bo(5730)
======================================================
Candidate: CAN-2000-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1043
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-format-string
Reference: URL:http://xforce.iss.net/static/5731.php
Format string vulnerability in ypserv in Mandrake Linux 7.1 and
earlier, and possibly other Linux operating systems, allows an
attacker to gain root privileges when ypserv is built without a
vsyslog() function.
Modifications:
XF:linux-ypserv-format-string(5731)
INFERRED ACTION: CAN-2000-1043 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:linux-ypserv-format-string(5731)
======================================================
Candidate: CAN-2000-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1044
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: XF:ypbind-printf-format-string
Reference: URL:http://xforce.iss.net/static/5394.php
Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and
possibly other Linux operating systems, allows an attacker to gain
root privileges.
Modifications:
ADDREF XF:ypbind-printf-format-string(5394)
INFERRED ACTION: CAN-2000-1044 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:ypbind-printf-format-string(5394)
======================================================
Candidate: CAN-2000-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1045
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: XF:nssldap-nscd-dos
Reference: URL:http://xforce.iss.net/static/5449.php
nss_ldap earlier than 121, when run with nscd (name service caching
daemon), allows remote attackers to cause a denial of service via a
flood of LDAP requests.
INFERRED ACTION: CAN-2000-1045 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1049
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: XF:allaire-jrun-servlet-dos
Reference: URL:http://xforce.iss.net/static/5452.php
Allaire JRun 3.0 http servlet server allows remote attackers to cause
a denial of service via a URL that contains a long string of "."
characters.
INFERRED ACTION: CAN-2000-1049 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
======================================================
Candidate: CAN-2000-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1050
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: XF:allaire-jrun-webinf-access
Reference: URL:http://xforce.iss.net/static/5407.php
Allaire JRun 3.0 http servlet server allows remote attackers to
directly access the WEB-INF directory via a URL request that contains
an extra "/" in the beginning of the request (aka the "extra leading
slash").
INFERRED ACTION: CAN-2000-1050 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1051
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: XF:allaire-jrun-ssifilter-url
Reference: URL:http://xforce.iss.net/static/5405.php
Directory traversal vulnerability in Allaire JRun 2.3 server allows
remote attackers to read arbitrary files via the SSIFilter servlet.
INFERRED ACTION: CAN-2000-1051 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
======================================================
Candidate: CAN-2000-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1054
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1705
Reference: URL:http://www.securityfocus.com/bid/1705
Reference: XF:ciscosecure-csadmin-bo
Reference: URL:http://xforce.iss.net/static/5272.php
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a large packet.
INFERRED ACTION: CAN-2000-1054 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1055
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1706
Reference: URL:http://www.securityfocus.com/bid/1706
Reference: XF:ciscosecure-tacacs-dos
Reference: URL:http://xforce.iss.net/static/5273.php
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a large TACACS+ packet.
INFERRED ACTION: CAN-2000-1055 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1056
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: BID:1708
Reference: URL:http://www.securityfocus.com/bid/1708
Reference: XF:ciscosecure-ldap-bypass-authentication
Reference: URL:http://xforce.iss.net/static/5274.php
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to
bypass LDAP authentication on the server if the LDAP server allows
null passwords.
INFERRED ACTION: CAN-2000-1056 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1057
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: unknown
Reference: HP:HPSBUX0009-120
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html
Reference: BID:1682
Reference: URL:http://www.securityfocus.com/bid/1682
Reference: XF:hp-openview-nnm-scripts
Reference: URL:http://xforce.iss.net/static/5229.php
Vulnerabilities in database configuration scripts in HP OpenView
Network Node Manager (NNM) 6.1 and earlier allows local users to gain
privileges, possibly via insecure permissions.
INFERRED ACTION: CAN-2000-1057 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1058
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2
Reference: HP:HPSBUX0009-121
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html
Reference: XF:openview-nmm-snmp-bo
Reference: URL:http://xforce.iss.net/static/5282.php
Buffer overflow in OverView5 CGI program in HP OpenView Network Node
Manager (NNM) 6.1 and earlier allows remote attackers to cause a
denial of service, and possibly execute arbitrary commands, in the
SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID
parsing problem."
INFERRED ACTION: CAN-2000-1058 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1059
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security.
Reference: URL:http://www.securityfocus.com/archive/1/136495
Reference: MANDRAKE:MDKSA-2000:052
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
Reference: BID:1735
Reference: URL:http://www.securityfocus.com/bid/1735
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php
The default configuration of the Xsession file in Mandrake Linux 7.1
and 7.0 bypasses the Xauthority access control mechanism with an
"xhost + localhost" command, which allows local users to sniff X
Windows events and gain privileges.
INFERRED ACTION: CAN-2000-1059 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Mell
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1060
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
Reference: FREEBSD:FreeBSD-SA-00:65
Reference: BID:1736
Reference: URL:http://www.securityfocus.com/bid/1736
Reference: XF:xinitrc-bypass-xauthority
Reference: URL:http://xforce.iss.net/static/5305.php
The default configuration of XFCE 3.5.1 bypasses the Xauthority access
control mechanism with an "xhost + localhost" command in the xinitrc
program, which allows local users to sniff X Windows traffic and gain
privileges.
Modifications:
ADDREF FREEBSD:FreeBSD-SA-00:65
INFERRED ACTION: CAN-2000-1060 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(3) Wall, Christey, Cole
Voter Comments:
Christey> ADDREF FREEBSD:FreeBSD-SA-00:65
======================================================
Candidate: CAN-2000-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1061
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category:
Reference: MS:MS00-075
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp
Reference: XF:java-vm-applet
Reference: URL:http://xforce.iss.net/static/5127.php
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows
an unsigned applet to create and use ActiveX controls, which allows a
remote attacker to bypass Internet Explorer's security settings and
execute arbitrary commands via a malicious web page or email, aka the
"Microsoft VM ActiveX Component" vulnerability.
Modifications:
ADDREF XF:java-vm-applet(5127)
INFERRED ACTION: CAN-2000-1061 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:java-vm-applet(5127)
======================================================
Candidate: CAN-2000-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1068
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: CONFIRM:http://www.cgi-world.com/pollit.html
Reference: XF:pollit-polloptions-execute-commands
Reference: URL:http://xforce.iss.net/static/5792.php
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary
commands via shell metacharacters in the poll_options parameter.
Modifications:
ADDREF CONFIRM:http://www.cgi-world.com/pollit.html
ADDREF XF:pollit-polloptions-execute-commands(5792)
INFERRED ACTION: CAN-2000-1068 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Mell
MODIFY(1) Frech
NOOP(2) Christey, Cole
Voter Comments:
Christey> CONFIRM:http://www.cgi-world.com/pollit.html
Under the "product features" section, an item titled
"Version 2.05 (Released: 10.24.00)" says:
"Update to Fix Security Issues (Upgrade Suggested)"
Frech> XF:pollit-polloptions-execute-commands(5792)
======================================================
Candidate: CAN-2000-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1069
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var
Reference: URL:http://xforce.iss.net/static/5419.php
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to
access administrative functions without knowing the real password by
specifying the same value to the entered_password and admin_password
parameters.
INFERRED ACTION: CAN-2000-1069 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1070
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-webroot-gain-access
Reference: URL:http://xforce.iss.net/static/5794.php
pollit.cgi in Poll It 2.01 and earlier uses data files that are
located under the web document root, which allows remote attackers to
access sensitive or private information.
Modifications:
ADDREF XF:pollit-webroot-gain-access(5794)
INFERRED ACTION: CAN-2000-1070 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:pollit-webroot-gain-access(5794)
======================================================
Candidate: CAN-2000-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1071
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767
Reference: XF:ical-xhost-gain-privileges
Reference: URL:http://xforce.iss.net/static/5752.php
The GUI installation for iCal 2.1 Patch 2 disables access control for
the X server using an "xhost +" command, which allows remote attackers
to monitor X Windows events and gain privileges.
Modifications:
ADDREF XF:ical-xhost-gain-privileges(5752)
INFERRED ACTION: CAN-2000-1071 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:ical-xhost-gain-privileges(5752)
======================================================
Candidate: CAN-2000-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1072
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768
Reference: XF:ical-iplncal-gain-access
Reference: URL:http://xforce.iss.net/static/5756.php
iCal 2.1 Patch 2 installs many files with world-writeable permissions,
which allows local users to modify the iCal configuration and execute
arbitrary commands by replacing the iplncal.sh program with a Trojan
horse.
Modifications:
ADDREF XF:ical-iplncal-gain-access(5756)
INFERRED ACTION: CAN-2000-1072 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:ical-iplncal-gain-access(5756)
======================================================
Candidate: CAN-2000-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1073
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program
in the current working directory, which allows local users to gain
root privileges by creating a Trojan Horse cshttpd program in a
directory and calling csstart from that directory.
Modifications:
ADDREF XF:ical-csstart-gain-access(5757)
INFERRED ACTION: CAN-2000-1073 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Mell
MODIFY(1) Frech
Voter Comments:
Frech> XF:ical-csstart-gain-access(5757)
======================================================
Candidate: CAN-2000-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1074
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: XF:ical-csstart-gain-access
Reference: URL:http://xforce.iss.net/static/5757.php
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install
the libsocket and libnsl libraries, which could allow the icsuser
account to gain root privileges by creating a Trojan Horse library in
the current or parent directory.
Modifications:
ADDREF XF:ical-csstart-gain-access(5757)
INFERRED ACTION: CAN-2000-1074 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
MODIFY(1) Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:ical-csstart-gain-access(5757)
======================================================
Candidate: CAN-2000-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1077
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo
Reference: URL:http://xforce.iss.net/static/5446.php
Buffer overflow in the SHTML logging functionality of iPlanet Web
Server 4.x allows remote attackers to execute arbitrary commands via a
long filename with a .shtml extension.
INFERRED ACTION: CAN-2000-1077 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Mell, TempVoter4
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1080
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers
to cause a denial of service via a malformed (empty) UDP packet.
INFERRED ACTION: CAN-2000-1080 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Mell
NOOP(1) Cole
======================================================
Candidate: CAN-2000-1089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1089
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001201
Category: SF
Reference: ATSTAKE:A120400-1
Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt
Reference: MS:MS00-094
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp
Reference: BID:2048
Reference: URL:http://www.securityfocus.com/bid/2048
Buffer overflow in Microsoft Phone Book Service allows local users to
execute arbitrary commands, aka the "Phone Book Service Buffer
Overflow" vulnerability.
INFERRED ACTION: CAN-2000-1089 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
======================================================
Candidate: CAN-2000-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1094
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001212
Category: SF
Reference: ATSTAKE:A121200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt
Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2
Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows
remote attackers to execute arbitrary commands via a "buddyicon"
command with a long "src" argument.
Modifications:
ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory
ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory
INFERRED ACTION: CAN-2000-1094 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
NOOP(1) Christey
Voter Comments:
Christey> ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2
ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2
======================================================
Candidate: CAN-2000-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1095
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936
Reference: XF:linux-modprobe-execute-code
Reference: URL:http://xforce.iss.net/static/5516.php
modprobe in the modutils 2.3.x package on Linux systems allows a local
user to execute arbitrary commands via shell metacharacters.
Modifications:
ADDREF XF:linux-modprobe-execute-code(5516)
INFERRED ACTION: CAN-2000-1095 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-modprobe-execute-code(5516)
======================================================
Candidate: CAN-2000-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1096
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118 cron: local privilege escalation
Reference: URL:http://www.debian.org/security/2000/20001118a
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960
crontab by Paul Vixie uses predictable file names for a temporary file
and does not properly ensure that the file is owned by the user
executing the crontab -e command, which allows local users with write
access to the crontab spool directory to execute arbitrary commands by
creating world-writeable temporary files and modifying them while the
victim is editing the file.
INFERRED ACTION: CAN-2000-1096 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1097
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
Reference: BID:2013
Reference: URL:http://www.securityfocus.com/bid/2013
The web server for the Sonicwall SOHO firewall allows remote attackers
to cause a denial of service via a long username in the authentication
page.
INFERRED ACTION: CAN-2000-1097 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1098
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Re: DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0439.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
The web server for the Sonicwall SOHO firewall allows remote attackers
to cause a denial of service via an empty GET or POST request.
INFERRED ACTION: CAN-2000-1098 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1099
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: SUN:00199
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba
Reference: HP:HPSBUX0011-132
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0061.html
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and
earlier can allow an untrusted Java class to call into a disallowed
class, which could allow an attacker to escape the Java sandbox and
conduct unauthorized activities.
INFERRED ACTION: CAN-2000-1099 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1106
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem
Reference: URL:http://www.securityfocus.com/archive/1/147563
Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html
Reference: BID:2014
Reference: URL:http://www.securityfocus.com/bid/2014
Reference: XF:interscan-viruswall-unauth-access
Reference: URL:http://xforce.iss.net/static/5606.php
Trend Micro InterScan VirusWall creates an "Intscan" share to the
"InterScan" directory with permissions that grant Full Control
permissions to the Everyone group, which allows attackers to gain
privileges by modifying the VirusWall programs.
Modifications:
ADDREF XF:interscan-viruswall-unauth-access(5606)
INFERRED ACTION: CAN-2000-1106 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:interscan-viruswall-unauth-access(5606)
======================================================
Candidate: CAN-2000-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1107
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html
Reference: BID:2015
Reference: URL:http://www.securityfocus.com/bid/2015
Reference: XF:linux-ident-bo
Reference: URL:http://xforce.iss.net/static/5590.php
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote
attackers to cause a denial of service via a long request, which
causes the server to access a NULL pointer and crash.
Modifications:
ADDREF XF:linux-ident-bo(5590)
INFERRED ACTION: CAN-2000-1107 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-ident-bo(5590)
Baker> http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-01-14%26fromthread%3D1%26threads%3D0%26end%3D2001-01-20%26mid%3D147592%26
======================================================
Candidate: CAN-2000-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1112
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1976
Reference: URL:http://www.securityfocus.com/bid/1976
Reference: XF:mediaplayer-wms-script-exe
Reference: URL:http://xforce.iss.net/static/5575.php
Microsoft Windows Media Player 7 executes scripts in custom skin
(.WMS) files, which could allow remote attackers to gain privileges
via a skin that contains a malicious script, aka the ".WMS Script
Execution" vulnerability.
Modifications:
ADDREF XF:mediaplayer-wms-script-exe(5575)
INFERRED ACTION: CAN-2000-1112 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:mediaplayer-wms-script-exe(5575)
======================================================
Candidate: CAN-2000-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1113
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: ATSTAKE:A112300-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt
Reference: MS:MS00-090
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp
Reference: BID:1980
Reference: URL:http://www.securityfocus.com/bid/1980
Reference: XF:mediaplayer-asx-bo
Reference: URL:http://xforce.iss.net/static/5574.php
Buffer overflow in Microsoft Windows Media Player allows remote
attackers to execute arbitrary commands via a malformed Active Stream
Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
Modifications:
ADDREF XF:mediaplayer-asx-bo(5574)
INFERRED ACTION: CAN-2000-1113 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:mediaplayer-asx-bo(5574)
======================================================
Candidate: CAN-2000-1115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1115
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html
Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html
Reference: BID:1979
Reference: URL:http://www.securityfocus.com/bid/1979
Reference: XF:software602-lan-suite-bo
Reference: URL:http://xforce.iss.net/static/5583.php
Buffer overflow in remote web administration component (webprox.dll)
of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to
cause a denial of service and possibly execute arbitrary commands via
a long GET request.
Modifications:
ADDREF XF:software602-lan-suite-bo(5583)
INFERRED ACTION: CAN-2000-1115 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:software602-lan-suite-bo(5583)
======================================================
Candidate: CAN-2000-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1120
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08143
Reference: AIXAPAR:IY08287
Reference: BID:2033
Reference: URL:http://www.securityfocus.com/bid/2033
Buffer overflow in digest command in IBM AIX 4.3.x and earlier
allows local users to execute arbitrary commands.
INFERRED ACTION: CAN-2000-1120 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Bollinger, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1131
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940
Reference: XF:gbook-cgi-remote-execution
Reference: URL:http://xforce.iss.net/static/5509.php
Bill Kendrick web site guestbook (GBook) allows remote attackers to
execute arbitrary commands via shell metacharacters in the _MAILTO
form variable.
Modifications:
ADDREF XF:gbook-cgi-remote-execution(5509)
INFERRED ACTION: CAN-2000-1131 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:gbook-cgi-remote-execution(5509)
======================================================
Candidate: CAN-2000-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1132
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1
DCForum cgforum.cgi CGI script allows remote attackers to read
arbitrary files, and delete the program itself, via a malformed
"forum" variable.
INFERRED ACTION: CAN-2000-1132 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1135
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001130
fshd (fsh daemon) in Debian Linux allows local users to overwrite
files of other users via a symlink attack.
INFERRED ACTION: CAN-2000-1135 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1136
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001122 New version of elvis-tiny released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2
Reference: BID:1984
Reference: URL:http://www.securityfocus.com/bid/1984
Reference: XF:linux-tinyelvis-tmpfiles
Reference: URL:http://xforce.iss.net/static/5632.php
elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux
operating systems, allows local users to overwrite files of other
users via a symlink attack.
Modifications:
ADDREF XF:linux-tinyelvis-tmpfiles(5632)
INFERRED ACTION: CAN-2000-1136 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-tinyelvis-tmpfiles(5632)
Baker> http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2887
======================================================
Candidate: CAN-2000-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1137
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001129
Reference: MANDRAKE:MDKSA-2000:076
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3
Reference: REDHAT:RHSA-2000:123-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html
Reference: BUGTRAQ:20001211 Immunix OS Security update for ed
Reference: CONECTIVA:CLA-2000:359-2
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359
GNU ed before 0.2-18.1 allows local users to overwrite the files of
other users via a symlink attack.
Modifications:
ADDREF CONECTIVA:CLA-2000:359-2
INFERRED ACTION: CAN-2000-1137 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Wall, Christey
Voter Comments:
Christey> ADDREF CONECTIVA:CLA-2000:359-2
======================================================
Candidate: CAN-2000-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1139
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: MS:MS00-088
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958
The installation of Microsoft Exchange 2000 before Rev. A creates a
user account with a known password, which could allow attackers to
gain privileges, aka the "Exchange User Account" vulnerability.
INFERRED ACTION: CAN-2000-1139 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
======================================================
Candidate: CAN-2000-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1140
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php
Recourse ManTrap 1.6 does not properly hide processes from attackers,
which could allow attackers to determine that they are in a honeypot
system by comparing the results from kill commands with the process
listing in the /proc filesystem.
Modifications:
ADDREF XF:mantrap-hidden-processes(5473)
INFERRED ACTION: CAN-2000-1140 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-hidden-processes(5473)
======================================================
Candidate: CAN-2000-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1141
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear
in the /proc listing, which allows attackers to determine that they
are in a honeypot system.
Modifications:
ADDREF XF:mantrap-hidden-processes(5473)
INFERRED ACTION: CAN-2000-1141 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-hidden-processes(5473)
======================================================
Candidate: CAN-2000-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1142
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-pwd-reveal-information
Reference: URL:http://xforce.iss.net/static/5949.php
Recourse ManTrap 1.6 generates an error when an attacker cd's to
/proc/self/cwd and executes the pwd command, which allows attackers to
determine that they are in a honeypot system.
Modifications:
ADDREF XF:mantrap-pwd-reveal-information(5949)
INFERRED ACTION: CAN-2000-1142 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-pwd-reveal-information(5949)
======================================================
Candidate: CAN-2000-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1143
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-hidden-processes
Reference: URL:http://xforce.iss.net/static/5473.php
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris
system, which allows attackers to determine that they are in a
honeypot system.
Modifications:
ADDREF XF:mantrap-hidden-processes(5473)
DESC Change "process" to "processes"
INFERRED ACTION: CAN-2000-1143 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-hidden-processes(5473)
======================================================
Candidate: CAN-2000-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1144
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-inode-disclosure
Reference: URL:http://xforce.iss.net/static/5472.php
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact
that it is running, but the inode number for the resulting "/" file
system is higher than normal, which allows attackers to determine that
they are in a chroot environment.
Modifications:
ADDREF XF:mantrap-inode-disclosure(5472)
INFERRED ACTION: CAN-2000-1144 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-inode-disclosure(5472)
======================================================
Candidate: CAN-2000-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1145
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-identify-processes
Reference: URL:http://xforce.iss.net/static/5950.php
Recourse ManTrap 1.6 allows attackers who have gained root access to
use utilities such as crash or fsdb to read /dev/mem and raw disk
devices to identify ManTrap processes or modify arbitrary data files.
Modifications:
ADDREF XF:mantrap-identify-processes(5950)
INFERRED ACTION: CAN-2000-1145 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-identify-processes(5950)
======================================================
Candidate: CAN-2000-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1146
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2
Reference: XF:mantrap-dir-dos
Reference: URL:http://xforce.iss.net/static/5528.php
Recourse ManTrap 1.6 allows attackers to cause a denial of service via
a sequence of commands that navigate into and out of the /proc/self
directory and executing various commands such as ls or pwd.
Modifications:
ADDREF XF:mantrap-dir-dos(5528)
INFERRED ACTION: CAN-2000-1146 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:mantrap-dir-dos(5528)
======================================================
Candidate: CAN-2000-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1148
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906
Reference: XF:volanochatpro-plaintext-password
Reference: URL:http://xforce.iss.net/static/5465.php
The installation of VolanoChatPro chat server sets world-readable
permissions for its configuration file and stores the server
administrator passwords in plaintext, which allows local users to gain
privileges on the server.
Modifications:
ADDREF XF:volanochatpro-plaintext-password(5465)
INFERRED ACTION: CAN-2000-1148 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:volanochatpro-plaintext-password(5465)
======================================================
Candidate: CAN-2000-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1149
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924
Reference: XF:nt-termserv-gina-bo
Reference: URL:http://xforce.iss.net/static/5489.php
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server
allows remote attackers to execute arbitrary commands via a long
username, aka the "Terminal Server Login Buffer Overflow"
vulnerability.
Modifications:
ADDREF XF:nt-termserv-gina-bo(5489)
INFERRED ACTION: CAN-2000-1149 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Baker, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:nt-termserv-gina-bo(5489)
======================================================
Candidate: CAN-2000-1162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1162
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: REDHAT:RHSA-2000:114-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1990
Reference: URL:http://www.securityfocus.com/bid/1990
Reference: XF:ghostscript-sym-link
Reference: URL:http://xforce.iss.net/static/5563.php
ghostscript before 5.10-16 allows local users to overwrite files of
other users via a symlink attack.
Modifications:
ADDREF XF:ghostscript-sym-link(5563)
INFERRED ACTION: CAN-2000-1162 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ghostscript-sym-link(5563)
======================================================
Candidate: CAN-2000-1163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1163
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: BID:1991
Reference: URL:http://www.securityfocus.com/bid/1991
Reference: XF:ghostscript-env-variable
Reference: URL:http://xforce.iss.net/static/5564.php
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental
variable to find libraries in the current directory, which could allow
local users to execute commands as other users by placing a Trojan
horse library into a directory from which another user executes
ghostscript.
Modifications:
ADDREF XF:ghostscript-env-variable(5564)
INFERRED ACTION: CAN-2000-1163 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ghostscript-env-variable(5564)
======================================================
Candidate: CAN-2000-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1167
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict
access as specified by the "nat deny_incoming" command, which allows
remote attackers to connect to the target system.
INFERRED ACTION: CAN-2000-1167 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1169
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: REDHAT:RHSA-2000-111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent
forwarding, which could allow a malicious SSH server to gain access to
the X11 display and sniff X11 events, or gain access to the ssh-agent.
INFERRED ACTION: CAN-2000-1169 ACCEPT_ACK (2 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1178
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: REDHAT:RHSA-2000:110-06
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001121 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959
Joe text editor follows symbolic links when creating a rescue copy
called DEADJOE during an abnormal exit, which allows local users to
overwrite the files of other users whose joe session crashes.
INFERRED ACTION: CAN-2000-1178 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1179
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to
read system logs without authentication by directly connecting to the
login screen and typing certain control characters.
INFERRED ACTION: CAN-2000-1179 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1181
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957
Real Networks RealServer 7 and earlier allows remote attackers to
obtain portions of RealServer's memory contents, possibly including
sensitive information, by accessing the /admin/includes/ URL.
INFERRED ACTION: CAN-2000-1181 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1182
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953
WatchGuard Firebox II allows remote attackers to cause a denial of
service by flooding the Firebox with a large number of FTP or SMTP
requests, which disables proxy handling.
INFERRED ACTION: CAN-2000-1182 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1184
Final-Decision:
Interim-Decision: 20010117
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc
telnetd in FreeBSD 4.2 and earlier, and possibly other operating
systems, allows remote attackers to cause a denial of service by
specifying an arbitrary large file in the TERMCAP environmental
variable, which consumes resources as the server processes the file.
INFERRED ACTION: CAN-2000-1184 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2000-1187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1187
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: REDHAT:RHSA-2000:109-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html
Reference: CONECTIVA:CLSA-2000:344
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344
Reference: SUSE:SuSE-SA:2000:48
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html
Reference: FREEBSD:FreeBSD-SA-00:66
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2
Reference: XF:netscape-client-html-bo
Reference: URL:http://xforce.iss.net/static/5542.php
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows
remote attackers to execute arbitrary commands via a long password
value in a form field.
Modifications:
ADDREF XF:netscape-client-html-bo(5542)
INFERRED ACTION: CAN-2000-1187 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:netscape-client-html-bo(5542)
======================================================
Candidate: CAN-2000-1189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1189
Final-Decision:
Interim-Decision: 20010117
Modified: 20010116-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: REDHAT:RHSA-2000:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html
Reference: CONECTIVA:CLA-2000:358
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358
Reference: MANDRAKE:MDKSA-2000:082-1
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and
6.x allows attackers to gain privileges.
Modifications:
ADDREF CONECTIVA:CLA-2000:358
ADDREF MANDRAKE:MDKSA-2000:082-1
INFERRED ACTION: CAN-2000-1189 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
NOOP(2) Wall, Christey
Voter Comments:
Christey> ADDREF CONECTIVA:CLA-2000:358
ADDREF MANDRAKE:MDKSA-2000:082-1