[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 134 recent candidates (Final 5/7)
I have made an Interim Decision to ACCEPT the following 234
candidates, all of which are from various RECENT-XX clusters, up to
the clusters that were proposed on April 4.
I will make a Final Decision on May 7.
Voters:
Wall ACCEPT(19) NOOP(85) REVIEWING(1)
Ziese ACCEPT(75) NOOP(31) REVIEWING(1)
LeBlanc ACCEPT(1)
Cole ACCEPT(110) NOOP(3)
Collins ACCEPT(7)
Bishop ACCEPT(28)
Baker ACCEPT(31)
Lawler ACCEPT(29)
Frech ACCEPT(51) MODIFY(71)
Dik ACCEPT(4) MODIFY(1) NOOP(1)
Christey NOOP(39)
Balinsky ACCEPT(1)
Bollinger ACCEPT(1)
Prosser ACCEPT(18)
ACCEPT --> 117
ACCEPT_ACK --> 15
ACCEPT_ACK_REV --> 1
ACCEPT_REV --> 1
======================================================
Candidate: CAN-2001-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0002
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010309
Assigned: 20010104
Category: SF
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97475003815911&w=2
Reference: XF:ie-chm-execute-files(5567)
Internet Explorer 5.5 and earlier allows remote attackers to obtain
the physical location of cached content and open the content in the
Local Computer Zone, then use compiled HTML help (.chm) files to
execute arbitrary programs.
Modifications:
ADDREF XF:ie-chm-execute-files(5567)
INFERRED ACTION: CAN-2001-0002 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:ie-chm-execute-files(5567)
======================================================
Candidate: CAN-2001-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0003
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: MS:MS01-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp
Reference: XF:wec-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5920.php
Reference: BID:2199
Reference: URL:http://www.securityfocus.com/bid/2199
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and
Windows Me does not properly process Internet Explorer security
settings for NTLM authentication, which allows attackers to obtain
NTLM credentials and possibly obtain the password, aka the "Web Client
NTLM Authentication" vulnerability.
Modifications:
ADDREF BID:2199
ADDREF XF:wec-ntlm-authentication
INFERRED ACTION: CAN-2001-0003 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Wall
MODIFY(1) Frech
NOOP(2) Ziese, Christey
Voter Comments:
Christey> BID:2199
URL:http://www.securityfocus.com/bid/2199
Frech> XF:wec-ntlm-authentication(5920)
Christey> XF:wec-ntlm-authentication
URL:http://xforce.iss.net/static/5920.php
======================================================
Candidate: CAN-2001-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0005
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: ATSTAKE:A012301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt
Reference: MS:MS01-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp
Reference: XF:powerpoint-execute-code(5996)
Buffer overflow in the parsing mechanism of the file loader in
Microsoft PowerPoint 2000 allows attackers to execute arbitrary
commands.
Modifications:
ADDREF XF:powerpoint-execute-code(5996)
INFERRED ACTION: CAN-2001-0005 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Ziese, Prosser, Cole, Collins, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:powerpoint-execute-code(5996)
Christey> XF:powerpoint-execute-code(5996)
Prosser> MS01-002
======================================================
Candidate: CAN-2001-0006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0006
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2
Reference: MS:MS01-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp
Reference: XF:winnt-mutex-dos(6006)
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has
inappropriate Everyone/Full Control permissions, which allows local
users to modify the permissions to "No Access" and disable Winsock
network connectivity to cause a denial of service, aka the "Winsock
Mutex" vulnerability.
Modifications:
ADDREF XF:winnt-mutex-dos(6006)
INFERRED ACTION: CAN-2001-0006 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Wall
MODIFY(1) Frech
NOOP(2) Ziese, Christey
Voter Comments:
Frech> XF:winnt-mutex-dos(6006)
Christey> XF:winnt-mutex-dos(6006)
Prosser> MS01-003
======================================================
Candidate: CAN-2001-0008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0008
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010110
Category: SF
Reference: CERT:CA-2001-01
Reference: URL:http://www.cert.org/advisories/CA-2001-01.html
Reference: BID:2192
Reference: URL:http://www.securityfocus.com/bid/2192
Reference: XF:interbase-backdoor-account(5911)
Reference: URL:http://xforce.iss.net/static/5911.php
Backdoor account in Interbase database server allows remote attackers
to overwrite arbitrary files using stored procedures.
Modifications:
ADDREF BID:2192
ADDREF XF:interbase-backdoor-account
INFERRED ACTION: CAN-2001-0008 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Collins
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Christey> BID:2192
URL:http://www.securityfocus.com/bid/2192
Frech> XF:interbase-backdoor-account(5911)
Christey> XF:interbase-backdoor-account
URL:http://xforce.iss.net/static/5911.php
Prosser> CA-2001-01
======================================================
Candidate: CAN-2001-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0009
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010110
Category: SF
Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
Reference: URL:http://www.securityfocus.com/archive/1/154537
Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
Reference: URL:http://www.securityfocus.com/archive/1/155124
Reference: BID:2173
Reference: URL:http://www.securityfocus.com/bid/2173
Reference: XF:lotus-domino-directory-traversal(5899)
Reference: URL:http://xforce.iss.net/static/5899.php
Directory traversal vulnerability in Lotus Domino 5.0.5 web server
allows remote attackers to read arbitrary files via a .. attack.
Modifications:
ADDREF XF:lotus-domino-directory-traversal(5899)
INFERRED ACTION: CAN-2001-0009 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Collins
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> XF:lotus-domino-directory-traversal(5899)
Christey> reorganize the Bugtraq ref's into chronological order
XF:lotus-domino-directory-traversal
URL:http://xforce.iss.net/static/5899.php
======================================================
Candidate: CAN-2001-0010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0010
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010118
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-tsig-bo
Reference: BID:2302
Buffer overflow in transaction signature (TSIG) handling code in BIND
8 allows remote attackers to gain root privileges.
Modifications:
ADDREF IBM:ERS-SVA-E01-2001:002.1
ADDREF MANDRAKE:MDKSA-2001-017
ADDREF REDHAT:RHSA-2001-007
ADDREF CONECTIVA:000377
ADDREF FREEBSD:FreeBSD-SA-01:18
ADDREF XF:bind-tsig-bo
ADDREF BID:2302
INFERRED ACTION: CAN-2001-0010 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Baker, Collins
MODIFY(1) Frech
NOOP(4) Ziese, Christey, Cole, Wall
Voter Comments:
Frech> XF:bind-tsig-bo(6015)
Christey> IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
REDHAT:RHSA-2001-007
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
Christey> XF:bind-tsig-bo
URL:http://xforce.iss.net/static/6015.php
BID:2302
URL:http://www.securityfocus.com/bid/2302
======================================================
Candidate: CAN-2001-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0011
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010118
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-bo
Reference: BID:2307
Buffer overflow in nslookupComplain function in BIND 4 allows remote
attackers to gain root privileges.
Modifications:
ADDREF IBM:ERS-SVA-E01-2001:002.1
ADDREF MANDRAKE:MDKSA-2001-017
ADDREF REDHAT:RHSA-2001-007
ADDREF CONECTIVA:000377
ADDREF FREEBSD:FreeBSD-SA-01:18
ADDREF XF:bind-complain-bo
ADDREF BID:2307
INFERRED ACTION: CAN-2001-0011 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Collins
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> XF:bind-complain-bo(6016)
Christey> IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
REDHAT:RHSA-2001-007
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
Christey> XF:bind-complain-bo
URL:http://xforce.iss.net/static/6016.php
BID:2307
URL:http://www.securityfocus.com/bid/2307
======================================================
Candidate: CAN-2001-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0012
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010119
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-inverse-query-disclosure
Reference: BID:2321
BIND 4 and BIND 8 allow remote attackers to access sensitive
information such as environment variables.
Modifications:
ADDREF IBM:ERS-SVA-E01-2001:002.1
ADDREF MANDRAKE:MDKSA-2001-017
ADDREF REDHAT:RHSA-2001-007
ADDREF CONECTIVA:000377
ADDREF FREEBSD:FreeBSD-SA-01:18
ADDREF XF:bind-inverse-query-disclosure
ADDREF BID:2321
INFERRED ACTION: CAN-2001-0012 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Collins
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> XF:bind-inverse-query-disclosure(6018)
Christey> XF:bind-inverse-query-disclosure
URL:http://xforce.iss.net/static/6018.php
Add these ref's to this and other CAN's:
IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
REDHAT:RHSA-2001-007
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
Christey> BID:2321
URL:http://www.securityfocus.com/bid/2321
Christey> Make sure ISS/BID ref's are added
======================================================
Candidate: CAN-2001-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0013
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010125
Category: SF
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.pgp.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001-007
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-format-string
Reference: BID:2309
Format string vulnerability in nslookupComplain function in BIND 4
allows remote attackers to gain root privileges.
Modifications:
ADDREF IBM:ERS-SVA-E01-2001:002.1
ADDREF MANDRAKE:MDKSA-2001-017
ADDREF REDHAT:RHSA-2001-007
ADDREF CONECTIVA:000377
ADDREF FREEBSD:FreeBSD-SA-01:18
ADDREF XF:bind-complain-format-string
ADDREF BID:2309
INFERRED ACTION: CAN-2001-0013 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Collins
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> XF:bind-complain-format-string(6017)
Christey> IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
REDHAT:RHSA-2001-007
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
Christey> XF:bind-complain-format-string
URL:http://xforce.iss.net/static/6017.php
BID:2309
URL:http://www.securityfocus.com/bid/2309
Prosser> CERT Advisory CA-2001-02
Multiple Vulnerabilities in BIND
http://www.cert.org/advisories
Internet Software Consortium
BIND Vulnerabilities
http://www.isc.org/products/BIND/bind-security.html
COVERT Labs Security Advisory
COVERT-2001-01
http://www.pgp.com/covert
======================================================
Candidate: CAN-2001-0014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0014
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010127
Category: SF
Reference: MS:MS01-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp
Reference: XF:win2k-rdp-dos
Reference: BID:2326
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not
properly handle certain malformed packets, which allows remote
attackers to cause a denial of service, aka the "Invalid RDP Data"
vulnerability.
Modifications:
ADDREF XF:win2k-rdp-dos
ADDREF BID:2326
INFERRED ACTION: CAN-2001-0014 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Prosser, Cole, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:win2k-rdp-dos(6035)
Christey> XF:win2k-rdp-dos
http://xforce.iss.net/static/6035.php
BID:2326
URL:http://www.securityfocus.com/bid/2326
Prosser> MS01-06
======================================================
Candidate: CAN-2001-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0015
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt
Reference: MS:MS01-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
Reference: BID:2341
Reference: XF:win-dde-elevate-privileges(6062)
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users
to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible
window that is running with the privileges of the WINLOGON process.
Modifications:
ADDREF BID:2341
ADDREF XF:win-dde-elevate-privileges(6062)
INFERRED ACTION: CAN-2001-0015 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Prosser, Baker, Cole, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> BID:2341
URL:http://www.securityfocus.com/bid/2341
Frech> XF:win-dde-elevate-privileges(6062)
Prosser> MS01-007
======================================================
Candidate: CAN-2001-0016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0016
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp
Reference: BID:2348
Reference: XF:ntlm-ssp-elevate-privileges(6076)
NTLM Security Support Provider (NTLMSSP) service does not properly
check the function number in an LPC request, which could allow local
users to gain administrator level access.
Modifications:
ADDREF BID:2348
ADDREF XF:ntlm-ssp-elevate-privileges(6076)
INFERRED ACTION: CAN-2001-0016 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Prosser, Baker, Cole, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> BID:2348
URL:http://www.securityfocus.com/bid/2348
Frech> XF:ntlm-ssp-elevate-privileges(6076)
Prosser> MS01-008
======================================================
Candidate: CAN-2001-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0017
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010214
Assigned: 20010127
Category: SF
Reference: MS:MS01-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp
Reference: BID:2368
Reference: XF:winnt-pptp-dos(6103)
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers
to cause a denial of service via a malformed data packet, aka the
"Malformed PPTP Packet Stream" vulnerability.
Modifications:
ADDREF BID:2368
ADDREF XF:winnt-pptp-dos(6103)
INFERRED ACTION: CAN-2001-0017 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Prosser, Baker, Cole, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Christey> BID:2368
URL:http://www.securityfocus.com/bid/2368
Frech> XF:winnt-pptp-dos(6103)
Prosser> MS01-009
======================================================
Candidate: CAN-2001-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0021
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: XF:mailman-alternate-templates
Reference: URL:http://xforce.iss.net/static/5649.php
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute
arbitrary commands via shell metacharacters in the alternate_template
paramater.
INFERRED ACTION: CAN-2001-0021 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0026
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: XF:rppppoe-zero-length-dos
Reference: URL:http://xforce.iss.net/static/5727.php
rp-pppoe PPPoE client allows remote attackers to cause a denial of service
via the Clamp MSS option and a TCP packet with a zero-length TCP option.
INFERRED ACTION: CAN-2001-0026 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0028
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: XF:oops-ftputils-bo
Reference: URL:http://xforce.iss.net/static/5725.php
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2
and earlier allows remote attackers to execute arbitrary commands via a
large number of " (quotation) characters.
INFERRED ACTION: CAN-2001-0028 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0033
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config
Reference: URL:http://xforce.iss.net/static/5738.php
KTH Kerberos IV allows local users to change the configuration of a
Kerberos server running at an elevated privilege by specifying an
alternate directory using with the KRBCONFDIR environmental variable,
which allows the user to gain additional privileges.
INFERRED ACTION: CAN-2001-0033 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0034
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy
Reference: URL:http://xforce.iss.net/static/5733.php
KTH Kerberos IV allows local users to specify an alternate proxy using
the krb4_proxy variable, which allows the user to generate false proxy
responses and possibly gain privileges.
INFERRED ACTION: CAN-2001-0034 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0035
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
Reference: XF:kerberos4-auth-packet-overflow
Reference: URL:http://xforce.iss.net/static/5734.php
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands via a long authentication request.
Modifications:
ADDREF BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
INFERRED ACTION: CAN-2001-0035 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Christey> See comments by Dug Song at:
BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
======================================================
Candidate: CAN-2001-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0036
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-tmpfile-dos
Reference: URL:http://xforce.iss.net/static/5754.php
KTH Kerberos IV allows local users to overwrite arbitrary files via a
symlink attack on a ticket file.
INFERRED ACTION: CAN-2001-0036 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0039
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos
Reference: URL:http://xforce.iss.net/static/5674.php
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of
service using the SMTP AUTH command by sending a base64-encoded user
password whose length is between 80 and 136 bytes.
Modifications:
DESC fix typo: "remore" and add hyphen to "base64 encoded"
INFERRED ACTION: CAN-2001-0039 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> In description, may want to change to "base64-encoded".
Christey> fix typo: "remore"
======================================================
Candidate: CAN-2001-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0040
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: CF
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: XF:apc-apcupsd-dos
Reference: URL:http://xforce.iss.net/static/5654.php
APC UPS daemon, apcupsd, saves its process ID in a world-writable
file, which allows local users to kill an arbitrary process by
specifying the target process ID in the apcupsd.pid file.
Modifications:
DESC Fix spelling: "writeable" should be "writable"
INFERRED ACTION: CAN-2001-0040 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
Voter Comments:
Frech> In description, "writable", not "writeable".
======================================================
Candidate: CAN-2001-0041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0041
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: XF:cisco-catalyst-telnet-dos
Reference: URL:http://xforce.iss.net/static/5656.php
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches
allows remote attackers to cause a denial of service via a series of
failed telnet authentication attempts.
INFERRED ACTION: CAN-2001-0041 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0043
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: XF:phpgroupware-include-files
Reference: URL:http://xforce.iss.net/static/5650.php
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary
PHP commands by specifying a malicious include file in the phpgw_info
parameter of the phpgw.inc.php program.
INFERRED ACTION: CAN-2001-0043 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0050
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: REDHAT:RHSA-2000:126-03
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-126.html
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: XF:irc-bitchx-dns-bo
Reference: URL:http://xforce.iss.net/static/5701.php
Buffer overflow in BitchX IRC client allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via an IP
address that resolves to a long DNS hostname or domain name.
INFERRED ACTION: CAN-2001-0050 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0053
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: XF:bsd-ftpd-replydirname-bo
Reference: URL:http://xforce.iss.net/static/5776.php
One-byte buffer overflow in replydirname function in BSD-based ftpd
allows remote attackers to gain root privileges.
INFERRED ACTION: CAN-2001-0053 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0054
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: XF:ftp-servu-homedir-travers
Reference: URL:http://xforce.iss.net/static/5639.php
Directory traversal vulnerability in FTP Serv-U before 2.5i allows
remote attackers to escape the FTP root and read arbitrary files by
appending a string such as "/..%20." to a CD command, a variant of a
.. (dot dot) attack.
INFERRED ACTION: CAN-2001-0054 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0055
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets
Reference: URL:http://xforce.iss.net/static/5627.php
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to
cause a denial of service via a slow stream of TCP SYN packets.
INFERRED ACTION: CAN-2001-0055 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0056
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login
Reference: URL:http://xforce.iss.net/static/5628.php
The Cisco Web Management interface in routers running CBOS 2.4.1 and
earlier does not log invalid logins, which allows remote attackers to
guess passwords without detection.
INFERRED ACTION: CAN-2001-0056 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0057
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-icmp-echo
Reference: URL:http://xforce.iss.net/static/5629.php
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote
attackers to cause a denial of service via a large ICMP echo (ping)
packet.
INFERRED ACTION: CAN-2001-0057 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0058
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-web-access
Reference: URL:http://xforce.iss.net/static/5626.php
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier
allow remote attackers to cause a denial of service via a URL that
does not end in a space character.
INFERRED ACTION: CAN-2001-0058 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0059
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2
Reference: BID:2127
Reference: URL:http://www.securityfocus.com/bid/2127
Reference: XF:solaris-patchadd-symlink
Reference: URL:http://xforce.iss.net/static/5789.php
patchadd in Solaris allows local users to overwrite arbitrary files
via a symlink attack.
INFERRED ACTION: CAN-2001-0059 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Dik, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0060
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Stunnel format bug
Reference: URL:http://www.securityfocus.com/archive/1/151719
Reference: REDHAT:RHSA-2000:129-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html
Reference: CONECTIVA:CLA-2000:363
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
Reference: DEBIAN:20001225 DSA-009-1 stunnel: insecure file handling, format string bug
Reference: URL:http://www.debian.org/security/2000/20001225a
Reference: FREEBSD:FreeBSD-SA-01:05
Reference: XF:stunnel-format-logfile
Reference: URL:http://xforce.iss.net/static/5807.php
Reference: BID:2128
Reference: URL:http://www.securityfocus.com/bid/2128
Format string vulnerability in stunnel 3.8 and earlier allows
attackers to execute arbitrary commands via a malformed ident
username.
Modifications:
ADDREF FREEBSD:FreeBSD-SA-01:05
INFERRED ACTION: CAN-2001-0060 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(2) Christey, Wall
Voter Comments:
Christey> ADDREF FREEBSD:FreeBSD-SA-01:05
======================================================
Candidate: CAN-2001-0061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0061
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2130
Reference: URL:http://www.securityfocus.com/bid/2130
Reference: XF:procfs-elevate-privileges(6106)
procfs in FreeBSD and possibly other operating systems does not
properly restrict access to per-process mem and ctl files, which
allows local users to gain root privileges by forking a child process
and executing a privileged process from the child, while the parent
retains access to the child's address space.
Modifications:
ADDREF XF:procfs-elevate-privileges(6106)
INFERRED ACTION: CAN-2001-0061 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:procfs-elevate-privileges(6106)
Prosser> http://www.linuxsecurity.com/advisories/freebsd_advisory-988.html
======================================================
Candidate: CAN-2001-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0062
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2131
Reference: URL:http://www.securityfocus.com/bid/2131
Reference: XF:procfs-mmap-dos(6107)
procfs in FreeBSD and possibly other operating systems allows local
users to cause a denial of service by calling mmap on the process' own
mem file, which causes the kernel to hang.
Modifications:
ADDREF XF:procfs-mmap-dos(6107)
INFERRED ACTION: CAN-2001-0062 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:procfs-mmap-dos(6107)
======================================================
Candidate: CAN-2001-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0063
Final-Decision:
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2132
Reference: URL:http://www.securityfocus.com/bid/2132
Reference: XF:procfs-access-control-bo(6108)
procfs in FreeBSD and possibly other operating systems allows local
users to bypass access control restrictions for a jail environment and
gain additional privileges.
Modifications:
ADDREF XF:procfs-access-control-bo(6108)
INFERRED ACTION: CAN-2001-0063 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:procfs-access-control-bo(6108)
======================================================
Candidate: CAN-2001-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0066
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
Reference: DEBIAN:DSA-005-1
Reference: URL:http://www.debian.org/security/2000/20001217a
Reference: MANDRAKE:MDKSA-2000:085
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
Reference: REDHAT:RHSA-2000:128-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html
Reference: CONECTIVA:CLA-2001:369
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
Reference: TURBO:TLSA2001002-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html
Reference: XF:slocate-heap-execute-code(5594)
Reference: http://xforce.iss.net/static/5594.php
Reference: BID:2004
Reference: URL:http://www.securityfocus.com/bid/2004
Secure Locate (slocate) allows local users to corrupt memory via a
malformed database file that specifies an offset value that accesses
memory outside of the intended buffer.
Modifications:
ADDREF XF:slocate-heap-execute-code(5594)
ADDREF TURBO:TLSA2001002-1
INFERRED ACTION: CAN-2001-0066 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(3) Ziese, Christey, Wall
Voter Comments:
Frech> XF:slocate-heap-execute-code(5594)
Christey> TURBO:TLSA2001002-1
======================================================
Candidate: CAN-2001-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0069
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: DEBIAN:DSA-008-1
Reference: URL:http://www.debian.org/security/2000/20001225
Reference: BID:2151
Reference: URL:http://www.securityfocus.com/bid/2151
Reference: XF:dialog-symlink
Reference: URL:http://xforce.iss.net/static/5809.php
dialog before 0.9a-20000118-3bis in Debian Linux allows local users to
overwrite arbitrary files via a symlink attack.
INFERRED ACTION: CAN-2001-0069 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0071
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: REDHAT:RHSA-2000-131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: XF:gnupg-detached-sig-modify
Reference: URL:http://xforce.iss.net/static/5802.php
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BID:2141
Reference: URL:http://www.securityfocus.com/bid/2141
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached
signatures, which allows attackers to modify the contents of a file
without detection.
INFERRED ACTION: CAN-2001-0071 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0072
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: REDHAT:RHSA-2000-131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: BID:2153
Reference: URL:http://www.securityfocus.com/bid/2153
Reference: XF:gnupg-reveal-private
Reference: URL:http://xforce.iss.net/static/5803.php
gpg (aka GnuPG) 1.0.4 and other versions imports both public and
private keys from public key servers without notifying the user about
the private keys, which could allow an attacker to break the web of
trust.
INFERRED ACTION: CAN-2001-0072 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0080
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
Reference: XF:cisco-catalyst-ssh-mismatch
Reference: URL:http://xforce.iss.net/static/5760.php
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to
cause a denial of service by connecting to the SSH service with a
non-SSH client, which generates a protocol mismatch error.
INFERRED ACTION: CAN-2001-0080 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0081
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt
Reference: XF:ncipher-recover-operator-cards(5999)
Reference: URL:http://xforce.iss.net/static/5999.php
swinit in nCipher does not properly disable the Operator Card Set
recovery feature even when explicitly disabled by the user, which
could allow attackers to gain access to application keys.
Modifications:
ADDREF XF:ncipher-recover-operator-cards(5999)
INFERRED ACTION: CAN-2001-0081 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Baker, Cole
MODIFY(1) Frech
NOOP(2) Ziese, Wall
Voter Comments:
Frech> XF:ncipher-recover-operator-cards(5999)
Prosser> Add Source:
http://active.ncipher.com/updates/advisory.txt
Security World Recovery Bug Fix
======================================================
Candidate: CAN-2001-0083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0083
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-097
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp
Reference: MSKB:Q281256
Reference: XF:mediaservices-dropped-connection-dos
Reference: URL:http://xforce.iss.net/static/5785.php
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1
does not properly shut down some types of connections, producing a
memory leak that allows remote attackers to cause a denial of service
via a series of severed connections, aka the "Severed Windows Media
Server Connection" vulnerability.
Modifications:
DESC Change "which allows" to "that allows"
INFERRED ACTION: CAN-2001-0083 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Cole, Wall
NOOP(1) Ziese
Voter Comments:
Frech> In description, consider changing "leak which allows" to
"leak that allows".
======================================================
Candidate: CAN-2001-0085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0085
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0012-135
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html
Reference: BID:2170
Reference: URL:http://www.securityfocus.com/bid/2170
Reference: XF:hpux-kermit-bo
Reference: URL:http://xforce.iss.net/static/5793.php
Buffer overflow in Kermit communications software in HP-UX 11.0 and
earlier allows local users to cause a denial of service and possibly
execute arbitrary commands.
INFERRED ACTION: CAN-2001-0085 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Prosser, Cole
NOOP(1) Wall
Voter Comments:
Prosser> HPSBUX0012-135 Sec. Vulnerability in kermit(1) REVISED01
http://us-support2.external.hp.com
======================================================
Candidate: CAN-2001-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0089
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-form-file-upload
Reference: URL:http://xforce.iss.net/static/5615.php
Internet Explorer 5.0 through 5.5 allows remote attackers to read
arbitrary files from the client via the INPUT TYPE element in an HTML
form, aka the "File Upload via Form" vulnerability.
INFERRED ACTION: CAN-2001-0089 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Cole, Wall
======================================================
Candidate: CAN-2001-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0090
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-print-template(5614)
Reference: URL:http://xforce.iss.net/static/5614.php
The Print Templates feature in Internet Explorer 5.5 executes
arbitrary custom print templates without prompting the user, which
could allow an attacker to execute arbitrary ActiveX controls, aka the
"Browser Print Template" vulnerability.
Modifications:
ADDREF XF:ie-print-template(5614)
INFERRED ACTION: CAN-2001-0090 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:ie-print-template(5614)
Christey> XF:ie-print-template
URL:http://xforce.iss.net/static/5614.php
======================================================
Candidate: CAN-2001-0091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0091
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-scriptlet-rendering-read-files(6085)
Reference: URL:http://xforce.iss.net/static/6085.php
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0
through 5.5 renders arbitrary file types instead of HTML, which allows
an attacker to read arbitrary files, aka a variant of the "Scriptlet
Rendering" vulnerability.
Modifications:
ADDREF XF:ie-scriptlet-rendering-read-files(6085)
INFERRED ACTION: CAN-2001-0091 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Wall
MODIFY(1) Frech
NOOP(1) Ziese
Voter Comments:
Frech> XF:ie-scriptlet-rendering-read-files(6085)
Prosser> ms00-093
======================================================
Candidate: CAN-2001-0092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0092
Final-Decision:
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-frame-verification-read-files(6086)
A function in Internet Explorer 5.0 through 5.5 does not properly
verify the domain of a frame within a browser window, which allows a
remote attacker to read client files, aka a new variant of the "Frame
Domain Verification" vulnerability.
Modifications:
ADDREF XF:ie-frame-verification-read-files(6086)
INFERRED ACTION: CAN-2001-0092 ACCEPT_REV (4 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Prosser, Cole, Wall
MODIFY(1) Frech
REVIEWING(1) Ziese
Voter Comments:
Frech> XF:ie-frame-verification-read-files(6086)
Prosser> ms00-093
======================================================
Candidate: CAN-2001-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0096
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: MS:MS00-100
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-100.asp
Reference: XF:iis-web-form-submit
Reference: URL:http://xforce.iss.net/static/5823.php
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote
attackers to cause a denial of service via a malformed form, aka the
"Malformed Web Form Submission" vulnerability.
INFERRED ACTION: CAN-2001-0096 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Cole, Wall
======================================================
Candidate: CAN-2001-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0099
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bsguest-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5796.php
bsguest.cgi guestbook script allows remote attackers to execute
arbitrary commands via shell metacharacters in the email address.
INFERRED ACTION: CAN-2001-0099 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Ziese, Wall
======================================================
Candidate: CAN-2001-0100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0100
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bslist-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5797.php
bslist.cgi mailing list script allows remote attackers to execute
arbitrary commands via shell metacharacters in the email address.
INFERRED ACTION: CAN-2001-0100 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(2) Wall, Ziese
======================================================
Candidate: CAN-2001-0105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0105
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0012-134
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
Reference: XF:hp-top-sys-files
Reference: URL:http://xforce.iss.net/static/5773.php
Vulnerability in top in HP-UX 11.04 and earlier allows local users to
overwrite files owned by the "sys" group.
INFERRED ACTION: CAN-2001-0105 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0106
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: HP:HPSBUX0101-136
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html
Reference: XF:hp-inetd-swait-dos(5904)
Reference: URL:http://xforce.iss.net/static/5904.php
Vulnerability in inetd server in HP-UX 11.04 and earlier allows
attackers to cause a denial of service when the "swait" state is used
by a server.
Modifications:
ADDREF XF:hp-inetd-swait-dos
INFERRED ACTION: CAN-2001-0106 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Prosser, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:hp-inetd-swait-dos(5904)
Christey> XF:hp-inetd-swait-dos
URL:http://xforce.iss.net/static/5904.php
Prosser> HPSBUX0101-136
http://us-support2.external.hp.com
======================================================
Candidate: CAN-2001-0109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0109
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
Reference: BID:2207
Reference: URL:http://www.securityfocus.com/bid/2207
Reference: XF:rctab-elevate-privileges(5945)
Reference: URL:http://xforce.iss.net/static/5945.php
rctab in SuSE 7.0 and earlier allows local users to create or overwrite
arbitrary files via a symlink attack on the rctmp temporary file.
Modifications:
ADDREF XF:rctab-elevate-privileges(5945)
CHANGEREF BUGTRAQ [fix date]
INFERRED ACTION: CAN-2001-0109 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(3) Wall, Christey, Cole
Voter Comments:
Christey> XF:rctab-elevate-privileges
URL:http://xforce.iss.net/static/5945.php
Also, see the clarification by SuSE at:
http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
Frech> XF:rctab-elevate-privileges(5945)
======================================================
Candidate: CAN-2001-0110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0110
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 Vulnerability in jaZip.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
Reference: DEBIAN:DSA-017-1
Reference: URL:http://www.debian.org/security/2001/dsa-017
Reference: XF:jazip-display-bo(5942)
Reference: URL:http://xforce.iss.net/static/5942.php
Reference: BID:2209
Reference: URL:http://www.securityfocus.com/bid/2209
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to
gain root privileges via a long DISPLAY environmental variable.
Modifications:
ADDREF XF:jazip-display-bo(5942)
INFERRED ACTION: CAN-2001-0110 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:jazip-display-bo(5942)
======================================================
Candidate: CAN-2001-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0111
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-1
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: XF:splitvt-perserc-format-string(5948)
Reference: URL:http://xforce.iss.net/static/5948.php
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210
Format string vulnerability in splitvt before 1.6.5 allows local users
to execute arbitrary commands via the -rcfile command line argument.
Modifications:
ADDREF XF:splitvt-perserc-format-string(5948)
INFERRED ACTION: CAN-2001-0111 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Christey> XF:splitvt-perserc-format-string(5948)
Frech> XF:splitvt-perserc-format-string(5948)
======================================================
Candidate: CAN-2001-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0115
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2
Reference: BUGTRAQ:20010112 arp exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2
Reference: SUN:00200
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
Reference: XF:solaris-arp-bo(5928)
Reference: URL:http://xforce.iss.net/static/5928.php
Reference: BID:2193
Reference: URL:http://www.securityfocus.com/bid/2193
Buffer overflow in arp command in Solaris 7 and earlier allows local users
to execute arbitrary commands via a long -f parameter.
Modifications:
ADDREF XF:solaris-arp-bo(5928)
INFERRED ACTION: CAN-2001-0115 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(2) Frech, Dik
NOOP(2) Wall, Christey
Voter Comments:
Christey> XF:solaris-arp-bo
URL:http://xforce.iss.net/static/5928.php
Frech> XF:solaris-arp-bo(5928)
Dik> "allows users to execute arbitrary commands *with euid sys*"
Sun bug 4296166
Christey> The "CVE style" implies that "arbitrary commands" means
"arbitrary commands as another UID," not necessarily root,
so the addition of euis sys to the description is not
essential.
======================================================
Candidate: CAN-2001-0116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0116
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:006
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3
Reference: BID:2188
Reference: URL:http://www.securityfocus.com/bid/2188
Reference: XF:linux-gpm-symlink(5917)
Reference: URL:http://xforce.iss.net/static/5917.php
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink
attack.
Modifications:
ADDREF XF:linux-gpm-symlink(5917)
INFERRED ACTION: CAN-2001-0116 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:linux-gpm-symlink(5917)
Christey> XF:linux-gpm-symlink
URL:http://xforce.iss.net/static/5917.php
======================================================
Candidate: CAN-2001-0117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0117
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:008-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3
Reference: XF:linux-diffutils-sdiff-symlink(5914)
Reference: URL:http://xforce.iss.net/static/5914.php
Reference: BID:2191
Reference: URL:http://www.securityfocus.com/bid/2191
sdiff 2.7 in the diffutils package allows local users to overwrite
files via a symlink attack.
Modifications:
ADDREF XF:linux-diffutils-sdiff-symlink(5914)
INFERRED ACTION: CAN-2001-0117 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:linux-diffutils-sdiff-symlink(5914)
Christey> http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008-1.php3?dis=7.0
XF:linux-diffutils-sdiff-symlimk
URL:http://xforce.iss.net/static/5914.php
======================================================
Candidate: CAN-2001-0118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0118
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001-005
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3
Reference: BID:2195
Reference: URL:http://www.securityfocus.com/bid/2195
Reference: XF:rdist-symlink(5925)
Reference: URL:http://xforce.iss.net/static/5925.php
rdist 6.1.5 allows local users to overwrite arbitrary files via a
symlink attack.
Modifications:
ADDREF XF:rdist-symlink(5925)
INFERRED ACTION: CAN-2001-0118 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:rdist-symlink(5925)
Christey> XF:rdist-symlink
URL:http://xforce.iss.net/static/5925.php
MANDRAKE:MDKSA-2001-005
http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-005.php3
======================================================
Candidate: CAN-2001-0119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0119
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:004
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3
Reference: BID:2194
Reference: URL:http://www.securityfocus.com/bid/2194
Reference: XF:gettyps-symlink(5924)
Reference: URL:http://xforce.iss.net/static/5924.php
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a
symlink attack.
Modifications:
ADDREF XF:gettyps-symlink(5924)
INFERRED ACTION: CAN-2001-0119 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:gettyps-symlink(5924)
Christey> XF:gettyps-symlink
URL:http://xforce.iss.net/static/5924.php
======================================================
Candidate: CAN-2001-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0120
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:007
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3
Reference: BID:2196
Reference: URL:http://www.securityfocus.com/bid/2196
Reference: XF:shadow-utils-useradd-symlink(5927)
Reference: URL:http://xforce.iss.net/static/5927.php
useradd program in shadow-utils program may allow local users to
overwrite arbitrary files via a symlink attack.
Modifications:
ADDREF XF:shadow-utils-useradd-symlink(5927)
INFERRED ACTION: CAN-2001-0120 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:shadow-utils-useradd-symlink(5927)
Christey> XF:shadow-utils-useradd-symlink
URL:http://xforce.iss.net/static/5927.php
======================================================
Candidate: CAN-2001-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0123
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2
Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html
Reference: BID:2177
Reference: URL:http://www.securityfocus.com/bid/2177
Reference: XF:http-cgi-bbs-forum(5906)
Reference: URL:http://xforce.iss.net/static/5906.php
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the file parameter.
Modifications:
ADDREF XF:http-cgi-bbs-forum(5906)
ADDREF CONFIRM:http://www.extropia.com/hacks/bbs_security.html
INFERRED ACTION: CAN-2001-0123 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:http-cgi-bbs-forum(5906)
Christey> XF:http-cgi-bbs-forum
URL:http://xforce.iss.net/static/5906.php
Baker> http://www.extropia.com/hacks/bbs_security.html
======================================================
Candidate: CAN-2001-0124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0124
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2
Reference: SUNBUG:4161925
Reference: XF:solaris-exrecover-bo(5913)
Reference: URL:http://xforce.iss.net/static/5913.php
Reference: BID:2179
Reference: URL:http://www.securityfocus.com/bid/2179
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly
allows local users to gain privileges via a long command line
argument.
Modifications:
ADDREF XF:solaris-exrecover-bo(5913)
INFERRED ACTION: CAN-2001-0124 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Dik, Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:solaris-exrecover-bo(5913)
Christey> XF:solaris-exrecover-bo
URL:http://xforce.iss.net/static/5913.php
======================================================
Candidate: CAN-2001-0125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0125
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2
Reference: BUGTRAQ:20010112 exmh security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2
Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html
Reference: FREEBSD:FreeBSD-SA-01:17
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html
Reference: MANDRAKE:MDKSA-2001:015
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3
Reference: DEBIAN:DSA-022-1
Reference: URL:http://www.debian.org/security/2001/dsa-022
Reference: XF:exmh-error-symlink
Reference: URL:http://xforce.iss.net/static/5829.php
exmh 2.2 and earlier allows local users to overwrite arbitrary files
via a symlink attack on the exmhErrorMsg temporary file.
INFERRED ACTION: CAN-2001-0125 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0126
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2
Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2
Reference: XF:oracle-xsql-execute-code(5905)
Reference: URL:http://xforce.iss.net/static/5905.php
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to
execute arbitrary Java code by redirecting the XSQL server to another
source via the xml-stylesheet parameter in the xslt stylesheet.
Modifications:
ADDREF XF:oracle-xsql-execute-code(5905)
INFERRED ACTION: CAN-2001-0126 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:oracle-xsql-execute-code(5905)
Christey> XF:oracle-xsql-execute-code(5905)
======================================================
Candidate: CAN-2001-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0128
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: MANDRAKE:MDKSA-2000-083
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: REDHAT:RHSA-2000:127-06
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-127.html
Reference: DEBIAN:DSA-006-1
Reference: URL:http://www.debian.org/security/2000/20001219
Reference: FREEBSD:FreeBSD-SA-01:06
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
Reference: XF:zope-calculate-roles
Reference: URL:http://xforce.iss.net/static/5777.php
Zope before 2.2.4 does not properly compute local roles, which could
allow users to bypass specified access restrictions and gain
privileges.
INFERRED ACTION: CAN-2001-0128 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0129
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2
Reference: DEBIAN:DSA-018-1
Reference: URL:http://www.debian.org/security/2001/dsa-018
Reference: FREEBSD:FreeBSD-SA-01:15
Reference: BID:2217
Reference: URL:http://www.securityfocus.com/bid/2217
Reference: XF:tinyproxy-remote-bo(5954)
Reference: URL:http://xforce.iss.net/static/5954.php
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary commands via a long connect request.
Modifications:
ADDREF XF:tinyproxy-remote-bo
INFERRED ACTION: CAN-2001-0129 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Christey> XF:tinyproxy-remote-bo
URL:http://xforce.iss.net/static/5954.php
Frech> XF:tinyproxy-remote-bo(5954)
======================================================
Candidate: CAN-2001-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0130
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
Reference: XF:lotus-html-bo(6207)
Reference: URL:http://xforce.iss.net/static/6207.php
Buffer overflow in HTML parser of the Lotus R5 Domino Server before
5.06, and Domino Client before 5.05, allows remote attackers to cause
a denial of service and possibly execute arbitrary commands via a
malformed font size specifier.
Modifications:
ADDREF XF:lotus-html-bo(6207)
INFERRED ACTION: CAN-2001-0130 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:lotus-html-bo(6207)
======================================================
Candidate: CAN-2001-0137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0137
Final-Decision:
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2
Reference: MS:MS01-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
Reference: XF:win-mediaplayer-arbitrary-code(5937)
Reference: URL:http://xforce.iss.net/static/5937.php
Reference: BID:2203
Reference: URL:http://www.securityfocus.com/bid/2203
Windows Media Player 7 allows remote attackers to execute malicious
Java applets in Internet Explorer clients by enclosing the applet in a
skin file named skin.wmz, then referencing that skin in the codebase
parameter to an applet tag, aka the Windows Media Player Skins File
Download" vulnerability.
Modifications:
ADDREF MS:MS01-010
DESC Add "aka" portion
ADDREF XF:win-mediaplayer-arbitrary-code(5937)
INFERRED ACTION: CAN-2001-0137 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(2) LeBlanc, Prosser
MODIFY(1) Frech
NOOP(2) Christey, Cole
REVIEWING(1) Wall
Voter Comments:
Christey> ADDREF MS:MS01-010
URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
Also change description to identify the "Windows Media Player
Skins File Download" vulnerability.
Christey> ADDREF XF:win-mediaplayer-arbitrary-code(5937)
http://xforce.iss.net/static/5937.php
Frech> XF:win-mediaplayer-arbitrary-code(5937)
Reference:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
LeBlanc> Looks to me like we fixed it.
Prosser> ms01-0010
======================================================
Candidate: CAN-2001-0138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0138
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0010.html
Reference: MANDRAKE:MDKSA-2001-001
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: BID:2189
Reference: URL:http://www.securityfocus.com/bid/2189
Reference: XF:linux-wuftpd-privatepw-symlink(5915)
Reference: URL:http://xforce.iss.net/static/5915.php
privatepw program in wu-ftpd before 2.6.1-6 allows local users to
overwrite arbitrary files via a symlink attack.
Modifications:
ADDREF XF:linux-wuftpd-privatepw-symlink(5915)
ADDREF MANDRAKE:MDKSA-2001-001
ADDREF DEBIAN:DSA-016
INFERRED ACTION: CAN-2001-0138 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:linux-wuftpd-privatepw-symlink(5915)
Christey> XF:linux-wuftpd-privatepw-symlink
URL:http://xforce.iss.net/static/5915.php
MANDRAKE:MDKSA-2001-001
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
DEBIAN:DSA-016
http://www.debian.org/security/2001/dsa-016
======================================================
Candidate: CAN-2001-0139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0139
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:010
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3
Reference: CALDERA:CSSA-2001-001.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt
Reference: XF:linux-inn-symlink(5916)
Reference: URL:http://xforce.iss.net/static/5916.php
Reference: BID:2190
Reference: URL:http://www.securityfocus.com/bid/2190
inn 2.2.3 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.
Modifications:
ADDREF XF:linux-inn-symlink(5916)
INFERRED ACTION: CAN-2001-0139 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-inn-symlink(5916)
======================================================
Candidate: CAN-2001-0140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0140
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:002
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3
Reference: XF:tcpdump-arpwatch-symlink(5922)
Reference: URL:http://xforce.iss.net/static/5922.php
Reference: BID:2183
Reference: URL:http://www.securityfocus.com/bid/2183
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.
Modifications:
ADDREF XF:tcpdump-arpwatch-symlink(5922)
INFERRED ACTION: CAN-2001-0140 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:tcpdump-arpwatch-symlink(5922)
Christey> XF:tcpdump-arpwatch-symlink
URL:http://xforce.iss.net/static/5922.php
======================================================
Candidate: CAN-2001-0141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0141
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:009
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
Reference: DEBIAN:DSA-011
Reference: URL:http://www.debian.org/security/2001/dsa-011
Reference: CALDERA:CSSA-2001-002.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
Reference: BID:2187
Reference: URL:http://www.securityfocus.com/bid/2187
Reference: XF:linux-mgetty-symlink(5918)
Reference: URL:http://xforce.iss.net/static/5918.php
mgetty 1.1.22 allows local users to overwrite arbitrary files via a
symlink attack in some configurations.
Modifications:
ADDREF XF:linux-mgetty-symlink(5918)
INFERRED ACTION: CAN-2001-0141 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:linux-mgetty-symlink(5918)
Christey> XF:linux-mgetty-symlink
URL:http://xforce.iss.net/static/5918.php
======================================================
Candidate: CAN-2001-0142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0142
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:003
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
Reference: DEBIAN:DSA-019
Reference: URL:http://www.debian.org/security/2001/dsa-019
Reference: XF:squid-email-symlink(5921)
Reference: URL:http://xforce.iss.net/static/5921.php
Reference: BID:2184
Reference: URL:http://www.securityfocus.com/bid/2184
squid 2.3 and earlier allows local users to overwrite arbitrary files
via a symlink attack in some configurations.
Modifications:
ADDREF XF:squid-email-symlink(5921)
ADDREF DEBIAN:DSA-019
INFERRED ACTION: CAN-2001-0142 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:squid-email-symlink(5921)
Christey> ADDREF XF:squid-email-symlink
URL:http://xforce.iss.net/static/5921.php
http://www.linux-mandrake.com/en/updates/2001/MDKSA-2001-003.php3?dis=7.0
http://www.debian.org/security/2001/dsa-019
Christey> http://archives.neohapsis.com/archives/vendor/2001-q1/0015.html
======================================================
Candidate: CAN-2001-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0143
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:011
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3
Reference: BID:2186
Reference: URL:http://www.securityfocus.com/bid/2186
Reference: XF:linuxconf-vpop3d-symlink(5923)
Reference: URL:http://xforce.iss.net/static/5923.php
vpop3d program in linuxconf 1.23r and earlier allows local users to
overwrite arbitrary files via a symlink attack.
Modifications:
ADDREF XF:linuxconf-vpop3d-symlink(5923)
INFERRED ACTION: CAN-2001-0143 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:linuxconf-vpop3d-symlink(5923)
Christey> XF:linuxconf-vpop3d-symlink
URL:http://xforce.iss.net/static/5923.php
======================================================
Candidate: CAN-2001-0144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0144
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010214
Assigned: 20010208
Category: SF
Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2
Reference: XF:ssh-deattack-overwrite-memory(6083)
Reference: URL:http://xforce.iss.net/static/6083.php
Reference: BID:2347
Reference: URL:http://www.securityfocus.com/bid/2347
CORE SDI SSH1 CRC-32 compensation attack detector allows remote
attackers to execute arbitrary commands on an SSH server or client via
an integer overflow.
Modifications:
ADDREF XF:ssh-deattack-overwrite-memory(6083)
INFERRED ACTION: CAN-2001-0144 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ssh-deattack-overwrite-memory(6083)
======================================================
Candidate: CAN-2001-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0147
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp
Buffer overflow in Windows 2000 event viewer snap-in allows attackers
to execute arbitrary commands via a malformed field that is improperly
handled during the detailed view of event records.
INFERRED ACTION: CAN-2001-0147 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Ziese, Balinsky, Cole, Bishop
======================================================
Candidate: CAN-2001-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0148
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:media-player-execute-commands(6227)
Reference: URL:http://xforce.iss.net/static/6227.php
The WMP ActiveX Control in Windows Media Player 7 allows remote
attackers to execute commands in Internet Explorer via javascript
URLs, a variant of the "Frame Domain Verification" vulnerability.
Modifications:
ADDREF XF:media-player-execute-commands(6227)
INFERRED ACTION: CAN-2001-0148 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:media-player-execute-commands(6227)
======================================================
Candidate: CAN-2001-0149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0149
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html
Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:ie-getobject-expose-files(5293)
Windows Scripting Host in Internet Explorer 5.5 and earlier allows
remote attackers to read arbitrary files via the GetObject Javascript
function and the htmlfile ActiveX object.
Modifications:
ADDREF XF:ie-getobject-expose-files(5293)
INFERRED ACTION: CAN-2001-0149 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:ie-getobject-expose-files(5293)
======================================================
Candidate: CAN-2001-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0150
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:ie-telnet-execute-commands(6230)
Internet Explorer 5.5 and earlier executes Telnet sessions using
command line arguments that are specified by the web site, which could
allow remote attackers to execute arbitrary commands if the IE client
is using the Telnet client provided in Services for Unix (SFU) 2.0,
which creates session transcripts.
Modifications:
ADDREF XF:ie-telnet-execute-commands(6230)
INFERRED ACTION: CAN-2001-0150 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> ie-telnet-execute-commands(6230)
======================================================
Candidate: CAN-2001-0151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0151
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010210
Category: SF
Reference: MS:MS01-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp
Reference: XF:iis-webdav-dos(6205)
IIS 5.0 allows remote attackers to cause a denial of service via a
series of malformed WebDAV requests.
Modifications:
ADDREF XF:iis-webdav-dos(6205)
INFERRED ACTION: CAN-2001-0151 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:iis-webdav-dos(6205)
======================================================
Candidate: CAN-2001-0152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0152
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: MS:MS01-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp
The password protection option for the Compressed Folders feature in
Plus! for Windows 98 and Windows Me writes password information to a
file, which allows local users to recover the passwords and read the
compressed folders.
INFERRED ACTION: CAN-2001-0152 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Ziese, Cole, Bishop
======================================================
Candidate: CAN-2001-0153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0153
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html
Reference: MS:MS01-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual
Studio 6.0 Enterprise Edition allows remote attackers to execute
arbitrary commands.
INFERRED ACTION: CAN-2001-0153 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Ziese, Cole, Bishop
======================================================
Candidate: CAN-2001-0154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0154
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010210
Category: SF
Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2
Reference: MS:MS01-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
HTML e-mail feature in Internet Explorer 5.5 and earlier allows
attackers to execute attachments by setting an unusual MIME type for
the attachment, which Internet Explorer does not process correctly.
INFERRED ACTION: CAN-2001-0154 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Ziese, Cole, Bishop
======================================================
Candidate: CAN-2001-0157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0157
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010301
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A030101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt
Reference: XF:palm-debug-bypass-password(6196)
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier
allows attackers with physical access to a Palm device to bypass
access restrictions and obtain passwords, even if the system lockout
mechanism is enabled.
Modifications:
ADDREF XF:palm-debug-bypass-password(6196)
INFERRED ACTION: CAN-2001-0157 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Cole
MODIFY(1) Frech
NOOP(1) Ziese
Voter Comments:
Frech> XF:palm-debug-bypass-password(6196)
======================================================
Candidate: CAN-2001-0165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0165
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
Reference: SUNBUG:4409148
Reference: XF:solaris-ximp40-bo
Reference: URL:http://xforce.iss.net/static/6039.php
Reference: BID:2322
Reference: URL:http://www.securityfocus.com/bid/2322
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8
allows local users to gain privileges via a long "arg0" (process name)
argument.
Modifications:
ADDREF SUNBUG:4409148
INFERRED ACTION: CAN-2001-0165 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Frech, Dik
NOOP(1) Ziese
Voter Comments:
Dik> More research needed on my part (the ximp40.so
appear to be loaded only in specific circumstances)
CHANGE> [Dik changed vote from REVIEWING to ACCEPT]
Dik> Sun bug 4409148
======================================================
Candidate: CAN-2001-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0166
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
Reference: XF:shockwave-flash-swf-bo
Reference: URL:http://xforce.iss.net/static/5826.php
Macromedia Shockwave Flash plugin version 8 and earlier allows remote
attackers to cause a denial of service via malformed tag length
specifiers in a SWF file.
INFERRED ACTION: CAN-2001-0166 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0169
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:012
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
Reference: SUSE:SuSE-SA:2001:01
Reference: URL:http://www.suse.com/de/support/security/2001_001_glibc_txt.txt
Reference: CALDERA:CSSA-2001-007
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
Reference: REDHAT:RHSA-2001:002-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html
Reference: DEBIAN:DSA-039
Reference: URL:http://www.debian.org/security/2001/dsa-039
Reference: TURBO:TLSA2000021-2
Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc
Reference: URL:http://www.securityfocus.com/archive/1/157650
Reference: BID:2223
Reference: URL:http://www.securityfocus.com/bid/2223
Reference: XF:linux-glibc-preload-overwrite
Reference: URL:http://xforce.iss.net/static/5971.php
When using the LD_PRELOAD environmental variable in SUID or SGID
applications, glibc does not verify that preloaded libraries in
/etc/ld.so.cache are also SUID/SGID, which could allow a local user to
overwrite arbitrary files by loading a library from /lib or /usr/lib.
Modifications:
ADDREF DEBIAN:DSA-039
ADDREF TURBO:TLSA2000021-2
INFERRED ACTION: CAN-2001-0169 ACCEPT (3 accept, 4 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
NOOP(1) Christey
Voter Comments:
Christey> DEBIAN:DSA-039
URL:http://www.debian.org/security/2001/dsa-039
TURBO:TLSA2000021-2
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
======================================================
Candidate: CAN-2001-0170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0170
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010110 Glibc Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
Reference: REDHAT:RHSA-2001:001-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html
Reference: BID:2181
Reference: URL:http://www.securityfocus.com/bid/2181
Reference: XF:linux-glibc-read-files
Reference: URL:http://xforce.iss.net/static/5907.php
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF,
HOSTALIASES, or RES_OPTIONS environmental variables when executing
setuid/setgid programs, which could allow local users to read
arbitrary files.
INFERRED ACTION: CAN-2001-0170 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0178
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:018
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Reference: CALDERA:CSSA-2001-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Reference: SUSE:SuSE-SA:2001:02
Reference: URL:http://www.suse.com/de/support/security/2001_002_kdesu_txt.txt
Reference: XF:kde2-kdesu-retrieve-passwords
Reference: URL:http://xforce.iss.net/static/5995.php
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify
the owner of a UNIX socket that is used to send a password, which
allows local users to steal passwords and gain privileges.
INFERRED ACTION: CAN-2001-0178 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0179
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: ALLAIRE:ASB01-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
Reference: XF:jrun-webinf-file-retrieval
Reference: URL:http://xforce.iss.net/static/6008.php
Allaire JRun 3.0 allows remote attackers to list contents of the
WEB-INF directory, and the web.xml file in the WEB-INF directory, via
a malformed URL that contains a "."
INFERRED ACTION: CAN-2001-0179 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0183
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:08
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
Reference: BID:2293
Reference: URL:http://www.securityfocus.com/bid/2293
Reference: XF:ipfw-bypass-firewall
Reference: URL:http://xforce.iss.net/static/5998.php
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to
bypass access restrictions by setting the ECE flag in a TCP packet,
which makes the packet appear to be part of an established connection.
INFERRED ACTION: CAN-2001-0183 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0185
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
Reference: URL:http://www.securityfocus.com/archive/1/157952
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035651825590&w=2
Reference: BID:2287
Reference: URL:http://www.securityfocus.com/bid/2287
Reference: XF:netopia-telnet-dos
Reference: URL:http://xforce.iss.net/static/6001.php
Netopia R9100 router version 4.6 allows authenticated users to cause a
denial of service by using the router's telnet program to connect to
the router's IP address, which causes a crash.
INFERRED ACTION: CAN-2001-0185 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0187
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0187
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
Reference: BID:2296
Reference: URL:http://www.securityfocus.com/bid/2296
Reference: XF:wuftp-debug-format-string
Reference: URL:http://xforce.iss.net/static/6020.php
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running
with debug mode enabled, allows remote attackers to execute arbitrary
commands via a malformed argument that is recorded in a PASV port
assignment.
INFERRED ACTION: CAN-2001-0187 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0190
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2
Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2
Reference: SUNBUG:4406722
Reference: XF:cu-argv-bo(6224)
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and
possibly other operating systems, allows local users to gain
privileges by executing cu with a long program name (arg0).
Modifications:
ADDREF XF:cu-argv-bo(6224)
ADDREF SUNBUG:4406722
INFERRED ACTION: CAN-2001-0190 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Dik
MODIFY(1) Frech
NOOP(1) Ziese
Voter Comments:
Frech> XF:cu-argv-bo(6224)
Dik> Sun bug 4406722
======================================================
Candidate: CAN-2001-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0191
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
Reference: REDHAT:RHSA-2001:010
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html
Reference: REDHAT:RHSA-2001:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html
Reference: MANDRAKE:MDKSA-2001:019
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
Reference: XF:gnuserv-tcp-cookie-overflow(6056)
gnuserv before 3.12, as shipped with XEmacs, does not properly check
the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which
allows remote attackers to execute arbitrary commands via a buffer
overflow, or brute force authentication by using a short cookie
length.
Modifications:
ADDREF XF:gnuserv-tcp-cookie-overflow(6056)
DESC Correct spelling: "MIT-MAGIC-COOKIE"
INFERRED ACTION: CAN-2001-0191 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Ziese
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:gnuserv-tcp-cookie-overflow(6056)
Christey> Correct spelling: "MIT-MAGIC-COOKIE"
======================================================
Candidate: CAN-2001-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0193
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98096782126481&w=2
Reference: DEBIAN:DSA-028-1
Reference: URL:http://www.debian.org/security/2001/dsa-028
Reference: BID:2327
Reference: URL:http://www.securityfocus.com/bid/2327
Reference: XF:man-i-format-string(6059)
Format string vulnerability in man in some Linux distributions allows
local users to gain privileges via a malformed -l parameter.
Modifications:
ADDREF XF:man-i-format-string(6059)
INFERRED ACTION: CAN-2001-0193 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Lawler
MODIFY(1) Frech
NOOP(1) Ziese
Voter Comments:
Frech> XF:man-i-format-string(6059)
======================================================
Candidate: CAN-2001-0194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0194
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001:020-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3
Reference: XF:cups-httpgets-dos(6043)
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote
attackers to execute arbitrary commands via a long input line.
Modifications:
ADDREF XF:cups-httpgets-dos(6043)
INFERRED ACTION: CAN-2001-0194 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:cups-httpgets-dos(6043)
======================================================
Candidate: CAN-2001-0195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0195
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-015
Reference: URL:http://www.debian.org/security/2001/dsa-015
Reference: XF:linux-sash-shadow-readable
Reference: URL:http://xforce.iss.net/static/5994.php
sash before 3.4-4 in Debian Linux does not properly clone /etc/shadow,
which makes it world-readable and could allow local users to gain
privileges via password cracking.
INFERRED ACTION: CAN-2001-0195 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0196
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:11
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
Reference: BID:2324
Reference: URL:http://www.securityfocus.com/bid/2324
Reference: XF:inetd-ident-read-files(6052)
inetd ident server in FreeBSD 4.x and earlier does not properly set
group permissions, which allows remote attackers to read the first 16
bytes of files that are accessible by the wheel group.
Modifications:
ADDREF XF:inetd-ident-read-files(6052)
INFERRED ACTION: CAN-2001-0196 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:inetd-ident-read-files(6052)
======================================================
Candidate: CAN-2001-0197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0197
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
Reference: CONECTIVA:CLA-2001:374
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
Reference: REDHAT:RHSA-2001:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html
Reference: XF:icecast-format-string
Reference: URL:http://xforce.iss.net/static/5978.php
Reference: BID:2264
Reference: URL:http://www.securityfocus.com/bid/2264
Format string vulnerability in print_client in icecast 1.3.8beta2 and
earlier allows remote attackers to execute arbitrary commands.
INFERRED ACTION: CAN-2001-0197 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0218
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0218
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html
Reference: FREEBSD:FreeBSD-SA-01:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html
Reference: XF:mars-nwe-format-string(6019)
Reference: URL:http://xforce.iss.net/static/6019.php
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
Modifications:
CHANGEREF XF [canonicalize]
INFERRED ACTION: CAN-2001-0218 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:mars-nwe-format-string(6019)
======================================================
Candidate: CAN-2001-0219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0219
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: HP:HPSBUX0101-137
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
Reference: XF:hp-stm-dos
Reference: URL:http://xforce.iss.net/static/5957.php
Reference: BID:2239
Reference: URL:http://www.securityfocus.com/bid/2239
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11
and earlier allows local users to cause a denial of service.
INFERRED ACTION: CAN-2001-0219 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0221
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:19
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html
Reference: XF:ja-xklock-bo(6073)
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to
gain root privileges.
Modifications:
ADDREF XF:ja-xklock-bo(6073)
INFERRED ACTION: CAN-2001-0221 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:ja-xklock-bo(6073)
======================================================
Candidate: CAN-2001-0222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0222
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: MANDRAKE:MDKSA-2001-016
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
Reference: CALDERA:CSSA-2001-004.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
Reference: XF:linux-webmin-tmpfiles
Reference: URL:http://xforce.iss.net/static/6011.php
webmin 0.84 and earlier allows local users to overwrite and create
arbitrary files via a symlink attack.
INFERRED ACTION: CAN-2001-0222 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0230
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:22
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html
Reference: XF:dc20ctrl-port-bo(6077)
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly
other operating systems, allows local users to gain privileges.
Modifications:
ADDREF XF:dc20ctrl-port-bo(6077)
INFERRED ACTION: CAN-2001-0230 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:dc20ctrl-port-bo(6077)
======================================================
Candidate: CAN-2001-0233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0233
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
Reference: DEBIAN:DSA-012
Reference: URL:http://www.debian.org/security/2001/dsa-012
Reference: FREEBSD:FreeBSD-SA-01:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
Reference: REDHAT:RHSA-2001:005-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html
Reference: XF:micq-sprintf-remote-bo(5962)
Reference: URL:http://xforce.iss.net/static/5962.php
Buffer overflow in micq client 0.4.6 and earlier allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long Description field.
INFERRED ACTION: CAN-2001-0233 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Ziese, Frech
======================================================
Candidate: CAN-2001-0234
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0234
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570
Reference: XF:newsdaemon-gain-admin-access
Reference: URL:http://xforce.iss.net/static/6010.php
NewsDaemon before 0.21b allows remote attackers to execute arbitrary
SQL queries and gain privileges via a malformed user_username
parameter.
INFERRED ACTION: CAN-2001-0234 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Frech
NOOP(1) Ziese
======================================================
Candidate: CAN-2001-0259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0259
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
Reference: BID:2222
Reference: URL:http://www.securityfocus.com/bid/2222
Reference: XF:ssh-rpc-private-key
Reference: URL:http://xforce.iss.net/static/5963.php
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local
attackers to recover a SUN-DES-1 magic phrase generated by another
user, which the attacker can use to decrypt that user's private key
file.
Modifications:
ADDREF CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
INFERRED ACTION: CAN-2001-0259 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Cole, Bishop
NOOP(1) Wall
Voter Comments:
Frech> "SSH1 Secure RPC Vulnerability" at
http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
======================================================
Candidate: CAN-2001-0260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0260
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
Reference: XF:lotus-domino-smtp-bo
Reference: URL:http://xforce.iss.net/static/5993.php
Reference: BID:2283
Reference: URL:http://www.securityfocus.com/bid/2283
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a
remote attacker to crash the server or execute arbitrary code via a
long "RCPT TO" command.
INFERRED ACTION: CAN-2001-0260 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Frech, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0266
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBUX0102-143
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier
allows local users to gain privileges.
INFERRED ACTION: CAN-2001-0266 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0267
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-008
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-nmdebug-gain-privileges(6226)
NM debug in HP MPE/iX 6.5 and earlier does not properly handle
breakpoints, which allows local users to gain privileges.
Modifications:
ADDREF XF:hp-nmdebug-gain-privileges(6226)
INFERRED ACTION: CAN-2001-0267 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:hp-nmdebug-gain-privileges(6226)
======================================================
Candidate: CAN-2001-0268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0268
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: NETBSD:NetBSD-SA:2001-002
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
Reference: BUGTRAQ:20010219 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Reference: URL:http://www.openbsd.org/errata.html#userldt
Reference: XF:user-ldt-validation(6222)
NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, allow local users
to gain root privileges by accessing kernel memory via a segment call
gate when the USER_LDT kernel option is enabled.
Modifications:
ADDREF XF:user-ldt-validation(6222)
INFERRED ACTION: CAN-2001-0268 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:user-ldt-validation(6222)
======================================================
Candidate: CAN-2001-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0274
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010214 Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
Reference: BUGTRAQ:20010303 Re: Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html
Reference: XF:kicq-execute-commands(6112)
kicq IRC client 1.0.0, and possibly later versions, allows remote
attackers to execute arbitrary commands via shell metacharacters in a
URL.
Modifications:
ADDREF XF:kicq-execute-commands(6112)
INFERRED ACTION: CAN-2001-0274 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:kicq-execute-commands(6112)
======================================================
Candidate: CAN-2001-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0278
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBMP0102-009
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-linkeditor-gain-privileges(6223)
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local
users to gain privileges.
Modifications:
ADDREF XF:hp-linkeditor-gain-privileges(6223)
INFERRED ACTION: CAN-2001-0278 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:hp-linkeditor-gain-privileges(6223)
======================================================
Candidate: CAN-2001-0279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0279
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
Reference: MANDRAKE:MDKSA-2001:024
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
Reference: DEBIAN:DSA-031
Reference: URL:http://www.debian.org/security/2001/dsa-031
Reference: CONECTIVA:CLA-2001:381
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to
gain root privileges.
INFERRED ACTION: CAN-2001-0279 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0284
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a malformed Authentication
header (AH) IPv4 option.
INFERRED ACTION: CAN-2001-0284 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0287
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to
cause a denial of service (system panic) via the -L option to the
lltstat command.
INFERRED ACTION: CAN-2001-0287 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(2) Wall, Dik
Voter Comments:
Dik> No insight in veritas bugs
======================================================
Candidate: CAN-2001-0288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0288
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml
Cisco switches and routers running IOS 12.1 and earlier produce
predictable TCP Initial Sequence Numbers (ISNs), which allows remote
attackers to spoof or hijack TCP connections.
INFERRED ACTION: CAN-2001-0288 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0289
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Reference: MANDRAKE:MDKSA-2001:026
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
Reference: DEBIAN:DSA-041
Reference: URL:http://www.debian.org/security/2001/dsa-041
Reference: REDHAT:RHSA-2001:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html
Joe text editor 2.8 searches the current working directory (CWD) for
the .joerc configuration file, which could allow local users to gain
privileges of other users by placing a Trojan Horse .joerc file into a
directory, then waiting for users to execute joe from that directory.
INFERRED ACTION: CAN-2001-0289 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0290
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html
Vulnerability in Mailman 2.0.1 and earlier allows list administrators
to obtain user passwords.
INFERRED ACTION: CAN-2001-0290 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0295
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2
Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
Reference: BID:2444
Reference: URL:http://www.securityfocus.com/bid/2444
Directory traversal vulnerability in War FTP 1.67.04 allows remote
attackers to list directory contents and possibly read files via a
"dir *./../.." command.
INFERRED ACTION: CAN-2001-0295 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0299
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20001127 Nokia firewalls
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2
Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2
Reference: XF:nokia-ip440-bo(5640)
Reference: BID:2054
Reference: URL:http://www.securityfocus.com/bid/2054
Buffer overflow in Voyager web administration server for Nokia IP440
allows local users to cause a denial of service, and possibly execute
arbitrary commands, via a long URL.
Modifications:
ADDREF XF:nokia-ip440-bo(5640)
INFERRED ACTION: CAN-2001-0299 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Bishop
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:nokia-ip440-bo(5640)
======================================================
Candidate: CAN-2001-0301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0301
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Security advisory for analog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
Reference: CONFIRM:http://www.analog.cx/security2.html
Reference: REDHAT:RHSA-2001:017
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
Reference: DEBIAN:DSA-033
Reference: URL:http://www.debian.org/security/2001/dsa-033
Reference: BID:2377
Reference: URL:http://www.securityfocus.com/bid/2377
Reference: XF:analog-alias-bo(6105)
Buffer overflow in Analog before 4.16 allows remote attackers to
execute arbitrary commands by using the ALIAS command to construct
large strings.
Modifications:
ADDREF XF:analog-alias-bo(6105)
INFERRED ACTION: CAN-2001-0301 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:analog-alias-bo(6105)
======================================================
Candidate: CAN-2001-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0309
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html
Reference: XF:inetd-internal-socket-dos(6380)
inetd in Red Hat 6.2 does not properly close sockets for internal
services such as chargen, daytime, echo, etc., which allows remote
attackers to cause a denial of service via a series of connections to
the internal services.
Modifications:
ADDREF XF:inetd-internal-socket-dos(6380)
INFERRED ACTION: CAN-2001-0309 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:inetd-internal-socket-dos(6380)
======================================================
Candidate: CAN-2001-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0310
Final-Decision:
Interim-Decision: 20010502
Modified:
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
Reference: XF:sort-temp-file-abort
Reference: URL:http://xforce.iss.net/static/6038.php
sort in FreeBSD 4.1.1 and earlier, and possibly other operating
systems, uses predictable temporary file names and does not properly
handle when the temporary file already exists, which causes sort to
crash and possibly impacts security-sensitive scripts.
INFERRED ACTION: CAN-2001-0310 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Bishop, Ziese, Frech, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0311
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0311
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: HP:HPSBUX0102-142
Reference: HPBUG:PHSS_22914
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
Reference: HPBUG:PHSS_22915
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html
Reference: XF:omniback-unauthorized-access(6434)
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows
attackers to gain unauthorized access to an ImniBack client.
Modifications:
ADDREF XF:omniback-unauthorized-access(6434)
ADDREF HP:HPSBUX0102-142
INFERRED ACTION: CAN-2001-0311 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:omniback-unauthorized-access(6434)
In description should be "OmniBack" instead of "Imniback"
Add Reference: Hewlett-Packard Company Security Bulletin
HPSBUX0102-142
URL:http://www.securityfocus.com/advisories/3160
======================================================
Candidate: CAN-2001-0316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0316
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: XF:linux-sysctl-read-memory(6079)
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and
possibly gain privileges via a negative argument to the sysctl call.
Modifications:
ADDREF XF:linux-sysctl-read-memory(6079)
INFERRED ACTION: CAN-2001-0316 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-sysctl-read-memory(6079)
======================================================
Candidate: CAN-2001-0317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0317
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q1/0009.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: XF:linux-ptrace-modify-process(6080)
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local
users to gain privileges by using ptrace to track and modify a running
setuid process.
Modifications:
ADDREF XF:linux-ptrace-modify-process(6080)
INFERRED ACTION: CAN-2001-0317 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-ptrace-modify-process(6080)
======================================================
Candidate: CAN-2001-0318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0318
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2
Reference: BUGTRAQ:20010206 Response to ProFTPD issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: XF:proftpd-format-string(6433)
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to
execute arbitrary commands by shutting down the FTP server while using
a malformed working directory (cwd).
Modifications:
ADDREF XF:proftpd-format-string(6433)
INFERRED ACTION: CAN-2001-0318 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:proftpd-format-string(6433)
======================================================
Candidate: CAN-2001-0319
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0319
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010205 IBM NetCommerce Security
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
Reference: BID:2350
Reference: URL:http://www.securityfocus.com/bid/2350
Reference: XF:ibm-netcommerce-reveal-information(6067)
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to
execute arbitrary SQL queries by inserting them into the order_rn
option of the report capability.
Modifications:
ADDREF XF:ibm-netcommerce-reveal-information(6067)
INFERRED ACTION: CAN-2001-0319 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Bishop, Bollinger, Wall, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:ibm-netcommerce-reveal-information(6067)
======================================================
Candidate: CAN-2001-0326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0326
Final-Decision:
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20010404
Assigned: 20010404
Category: CF
Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html
Reference: XF:oracle-jvm-file-permissions(6438)
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle
Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to
read arbitrary files via the .jsp and .sqljsp file extensions when the
server is configured to use the <<ALL FILES>> FilePermission.
Modifications:
ADDREF XF:oracle-jvm-file-permissions(6438)
INFERRED ACTION: CAN-2001-0326 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Bishop, Wall, Ziese, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:oracle-jvm-file-permissions(6438)