[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 55 candidates from 2000



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-2000-0120	CVE-2000-0120
CAN-2000-0302	CVE-2000-0302
CAN-2000-0306	CVE-2000-0306
CAN-2000-0307	CVE-2000-0307
CAN-2000-0308	CVE-2000-0308
CAN-2000-0309	CVE-2000-0309
CAN-2000-0310	CVE-2000-0310
CAN-2000-0313	CVE-2000-0313
CAN-2000-0314	CVE-2000-0314
CAN-2000-0315	CVE-2000-0315
CAN-2000-0348	CVE-2000-0348
CAN-2000-0349	CVE-2000-0349
CAN-2000-0351	CVE-2000-0351
CAN-2000-0368	CVE-2000-0368
CAN-2000-0375	CVE-2000-0375
CAN-2000-0504	CVE-2000-0504
CAN-2000-0541	CVE-2000-0541
CAN-2000-0573	CVE-2000-0573
CAN-2000-0577	CVE-2000-0577
CAN-2000-0622	CVE-2000-0622
CAN-2000-0650	CVE-2000-0650
CAN-2000-0693	CVE-2000-0693
CAN-2000-0694	CVE-2000-0694
CAN-2000-0717	CVE-2000-0717
CAN-2000-0720	CVE-2000-0720
CAN-2000-0726	CVE-2000-0726
CAN-2000-0731	CVE-2000-0731
CAN-2000-0742	CVE-2000-0742
CAN-2000-0803	CVE-2000-0803
CAN-2000-0816	CVE-2000-0816
CAN-2000-0818	CVE-2000-0818
CAN-2000-0829	CVE-2000-0829
CAN-2000-0854	CVE-2000-0854
CAN-2000-0856	CVE-2000-0856
CAN-2000-0874	CVE-2000-0874
CAN-2000-0875	CVE-2000-0875
CAN-2000-0876	CVE-2000-0876
CAN-2000-0890	CVE-2000-0890
CAN-2000-0896	CVE-2000-0896
CAN-2000-0927	CVE-2000-0927
CAN-2000-0964	CVE-2000-0964
CAN-2000-1075	CVE-2000-1075
CAN-2000-1108	CVE-2000-1108
CAN-2000-1109	CVE-2000-1109
CAN-2000-1119	CVE-2000-1119
CAN-2000-1121	CVE-2000-1121
CAN-2000-1122	CVE-2000-1122
CAN-2000-1123	CVE-2000-1123
CAN-2000-1124	CVE-2000-1124
CAN-2000-1164	CVE-2000-1164
CAN-2000-1165	CVE-2000-1165
CAN-2000-1170	CVE-2000-1170
CAN-2000-1171	CVE-2000-1171
CAN-2000-1174	CVE-2000-1174
CAN-2000-1180	CVE-2000-1180


======================================================
Candidate: CAN-2000-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0120
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=955
Reference: XF:allaire-spectra-ras-access(4025)
Reference: URL:http://xforce.iss.net/static/4025.php

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0
allows users to bypass authentication via the bAuthenticated
parameter.


Modifications:
  ADDREF XF:allaire-spectra-ras-access(4025)

INFERRED ACTION: CAN-2000-0120 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(1) Cole
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:allaire-spectra-ras-access


======================================================
Candidate: CAN-2000-0302
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0302
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084
Reference: XF:http-indexserver-asp-source

Microsoft Index Server allows remote attackers to view the source code
of ASP files by appending a %20 to the filename in the CiWebHitsFile
argument to the null.htw URL.


Modifications:
  ADDREF XF:http-indexserver-asp-source

INFERRED ACTION: CAN-2000-0302 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Wall, Cole, Levy
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:http-indexserver-asp-source
 Christey> This is a variant of CVE-2000-0098, as mentioned in the
   Microsoft advisory: "... on March 31, 2000. This variant could
   allow the source of server-side files such as .ASP files to be
   read."
 Christey> According to Mark Burnett: "CISADV000330 [says that] IDQ files are
   vulnerable to a double-dot bug that allows files on the same
   partition as the web root to be viewed."


======================================================
Candidate: CAN-2000-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0306
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su

Buffer overflow in calserver in SCO OpenServer allows remote attackers
to gain root access via a long message.

INFERRED ACTION: CAN-2000-0306 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0307
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and
earlier allows an attacker to cause a denial of service which prevents
access to reserved port numbers below 1024.

INFERRED ACTION: CAN-2000-0307 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0308
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: CF
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a

Insecure file permissions for Netscape FastTrack Server 2.x,
Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and
2.1.3 allow an attacker to gain root privileges.

INFERRED ACTION: CAN-2000-0308 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0309
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a
local user to cause a denial of service.

INFERRED ACTION: CAN-2000-0309 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0310
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause
a denial of service by sending a large number of fragmented packets.

INFERRED ACTION: CAN-2000-0310 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0313
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia

Vulnerability in OpenBSD 2.6 allows a local user to change interface
media configurations.

INFERRED ACTION: CAN-2000-0313 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0314
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc

traceroute in NetBSD 1.3.3 and Linux systems allows local users to
flood other systems by providing traceroute with a large waittime (-w)
option, which is not parsed properly and sets the time delay for
sending packets to zero.

INFERRED ACTION: CAN-2000-0314 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0315
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged
users to modify the source address of the packets, which could be used
in spoofing attacks.

INFERRED ACTION: CAN-2000-0315 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0348
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: CF
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a

A vulnerability in the Sendmail configuration file sendmail.cf as
installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain
root privileges.

INFERRED ACTION: CAN-2000-0348 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0349
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000511
Category: unknown
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a

Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an
attacker to cause a denial of service.

INFERRED ACTION: CAN-2000-0349 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0351
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000523
Category: unknown
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b

Some packaging commands in SCO UnixWare 7.1.0 have insecure
privileges, which allows local users to add or remove software
packages.

INFERRED ACTION: CAN-2000-0351 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0368
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000523
Category: SF
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml

Classic Cisco IOS 9.1 and later allows attackers with access to the
loging prompt to obtain portions of the command history of previous
users, which may allow the attacker to access sensitive data.

INFERRED ACTION: CAN-2000-0368 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Ziese, Balinsky, Baker, Cole

Voter Comments:
 Ziese> VERIFIED-BY-MY-ORG


======================================================
Candidate: CAN-2000-0375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0375
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010214
Assigned: 20000523
Category: SF
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:04.core.asc

The kernel in FreeBSD 3.2 follows symbolic links when it creates core
dump files, which allows local attackers to modify arbitrary files.

INFERRED ACTION: CAN-2000-0375 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Cole


======================================================
Candidate: CAN-2000-0504
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0504
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20001010-1
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369
Reference: XF:linux-libice-dos

libICE in XFree86 allows remote attackers to cause a denial of service
by specifying a large value which is not properly checked by the
SKIP_STRING macro.


Modifications:
  ADDREF XF:linux-libice-dos
  ADDREF CONFIRM:http://www.xfree86.org/security/

INFERRED ACTION: CAN-2000-0504 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(5) Collins, Armstrong, Levy, Ozancin, Cole
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Christey> XF:linux-libice-dos
 Frech> XF:linux-libice-dos(4761)
 Christey> CONFIRM:http://www.xfree86.org/security/
   Fix for 4.0.1 says "Fixed recently publicized security issues in some
   of the X libraries, including: a possible libICE DoS, a possible xdmcp
   DoS, and some potentially exploitable integer overflows."
 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0541
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359

The Panda Antivirus console on port 2001 allows local users to execute
arbitrary commands without authentication via the CMD command.


Modifications:
  ADDREF XF:panda-antivirus-remote-admin(4707)

INFERRED ACTION: CAN-2000-0541 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Collins, Levy, Baker
   MODIFY(1) Frech
   NOOP(4) Armstrong, Ozancin, Christey, Cole

Voter Comments:
 Christey> XF:panda-antivirus-remote-admin
 Frech> XF:panda-antivirus-remote-admin(4707)
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0573
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0573
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2
Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2
Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2
Reference: BUGTRAQ:20000623 ftpd: the advisory version
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com
Reference: AUSCERT:AA-2000.02
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
Reference: CERT:CA-2000-13
Reference: URL:http://www.cert.org/advisories/CA-2000-13.html
Reference: DEBIAN:20000622 wu-ftp: remote root exploit in wu-ftp
Reference: URL:http://www.debian.org/security/2000/20000623
Reference: CALDERA:CSSA-2000-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
Reference: REDHAT:RHSA-2000:039-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039-02.html
Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
Reference: FREEBSD:FreeBSD-SA-00:29
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
Reference: NETBSD:NetBSD-SA2000-009
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-010.txt.asc
Reference: XF:wuftp-format-string-stack-overwrite
Reference: BID:1387
Reference: URL:http://www.securityfocus.com/bid/1387
Reference: XF:wuftp-format-string-stack-overwrite(4773)

The lreply function in wu-ftpd 2.6.0 and earlier does not properly
cleanse an untrusted format string, which allows remote attackers to
execute arbitrary commands via the SITE EXEC command.


Modifications:
  ADDREF BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
  ADDREF XF:wuftp-format-string-stack-overwrite(4773)

INFERRED ACTION: CAN-2000-0573 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Levy, Wall, Magdych, Cole
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Christey

Voter Comments:
 Frech> XF:wuftp-format-string-stack-overwrite(4773)
 Christey> CD:SF-CODEBASE may apply here.  Does the SITE EXEC problem
   documented by HP come from the same codebase as wu-ftpd?
   If so, then ADDREF HP:HPSBUX0007-117 and ADDREF BID:1505.
   URL:http://www.securityfocus.com/templates/advisory.html?id=2404
   URL:http://www.securityfocus.com/bid/1505
 Christey> ADDREF BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
   http://archives.neohapsis.com/archives/bugtraq/2000-09/0348.html
 CHANGE> [Christey changed vote from REVIEWING to NOOP]
 Christey> I'm withdrawing my REVIEWING vote so that this candidate can
   be ACCEPTed.  The HP reference should stay removed until there
   is some assurance that it is related to this problem.


======================================================
Candidate: CAN-2000-0577
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0577
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :>
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl
Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html
Reference: BID:1411
Reference: URL:http://www.securityfocus.com/bid/1411
Reference: XF:netscape-ftpserver-chroot

Netscape Professional Services FTP Server 1.3.6 allows remote
attackers to read arbitrary files via a .. (dot dot) attack.

INFERRED ACTION: CAN-2000-0577 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Levy, Frech, Magdych, Cole
   NOOP(1) LeBlanc
   REVIEWING(1) Wall


======================================================
Candidate: CAN-2000-0622
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0622
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Reference: URL:http://www.pgp.com/research/covert/advisories/043.asp
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: XF:website-webfind-bo(4962)
Reference: URL:http://xforce.iss.net/static/4962.php
Reference: BID:1487
Reference: URL:http://www.securityfocus.com/bid/1487

Buffer overflow in Webfind CGI program in O'Reilly WebSite
Professional web server 2.x allows remote attackers to execute
arbitrary commands via a URL containing a long "keywords" parameter.


Modifications:
  ADDREF XF:website-webfind-bo(4962)

INFERRED ACTION: CAN-2000-0622 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) LeBlanc
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:website-webfind-bo(4962)
   Suggest that the canonical NAI reference is housed at
   http://www.nai.com/nai_labs/asp_set/advisory/42_Advisory.asp


======================================================
Candidate: CAN-2000-0650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0650
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20000803
Assigned: 20000802
Category: CF
Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
Reference: BID:1458
Reference: URL:http://www.securityfocus.com/bid/1458
Reference: XF:nai-virusscan-netshield-autoupgrade(5177)

The default installation of VirusScan 4.5 and NetShield 4.5 has
insecure permissions for the registry key that identifies the
AutoUpgrade directory, which allows local users to execute arbitrary
commands by replacing SETUP.EXE in that directory with a Trojan Horse.


Modifications:
  ADDREF XF:nai-virusscan-netshield-autoupgrade(5177)

INFERRED ACTION: CAN-2000-0650 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Levy, Cole
   MODIFY(1) Frech
   NOOP(1) LeBlanc
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:nai-virusscan-netshield-autoupgrade(5177)


======================================================
Candidate: CAN-2000-0693
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0693
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: BID:1563
Reference: URL:http://www.securityfocus.com/bid/1563

pgxconfig in the Raptor GFX configuration tool uses a relative path
name for a system call to the "cp" program, which allows local users
to execute arbitrary commands by modifying their path to point to an
alternate "cp" program.

INFERRED ACTION: CAN-2000-0693 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Levy, Dik, Baker
   NOOP(2) Wall, Cole

Voter Comments:
 Dik> Unfortunately, there have been many different versions of the
   tool, and when it came to confirmation it turned out that
   the program had long since been superceded by a non-setuid
   version.  It was, however, reproducable in much older
   versions of the software.


======================================================
Candidate: CAN-2000-0694
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0694
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html

pgxconfig in the Raptor GFX configuration tool allows local users to
gain privileges via a symlink attack.


Modifications:
  DESC Remove "may"

INFERRED ACTION: CAN-2000-0694 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Levy, Dik, Baker
   NOOP(2) Wall, Cole

Voter Comments:
 Dik> as  CAN-2000-0693


======================================================
Candidate: CAN-2000-0717
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0717
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram
Reference: BID:1619
Reference: URL:http://www.securityfocus.com/bid/1619
Reference: XF:ftp-goodtech-rnto-dos(5166)

GoodTech FTP server allows remote attackers to cause a denial of
service via a large number of RNTO commands.


Modifications:
  ADDREF XF:ftp-goodtech-rnto-dos(5166)

INFERRED ACTION: CAN-2000-0717 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:ftp-goodtech-rnto-dos(5166)

   The original poster said that a patch has been made available.
 Frech> XF:ftp-goodtech-rnto-dos(5166)


======================================================
Candidate: CAN-2000-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0720
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4
Reference: BID:1621
Reference: URL:http://www.securityfocus.com/bid/1621
Reference: XF:news-publisher-add-author(5169)
Reference: URL:http://xforce.iss.net/static/5169.php

news.cgi in GWScripts News Publisher does not properly authenticate
requests to add an author to the author index, which allows remote
attackers to add new authors by directly posting an HTTP request to
the new.cgi program with an addAuthor parameter, and setting the
Referer to the news.cgi program.


Modifications:
  CHANGEREF BUGTRAQ [correct date]
  ADDREF XF:news-publisher-add-author(5169)

INFERRED ACTION: CAN-2000-0720 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> Change date on Bugtraq post to 20000829.
 Christey> ADDREF XF:news-publisher-add-author
   URL:http://xforce.iss.net/static/5169.php
 Christey> Change Bugtraq date to 20000829
 Frech> XF:news-publisher-add-author(5169)


======================================================
Candidate: CAN-2000-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0726
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com
Reference: BID:1623
Reference: URL:http://www.securityfocus.com/bid/1623
Reference: XF:mailers-cgimail-spoof(5165)

CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote
attackers to read arbitrary files by specifying the file in the
$Attach$ hidden form variable.


Modifications:
  ADDREF XF:mailers-cgimail-spoof(5165)

INFERRED ACTION: CAN-2000-0726 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:mailers-cgimail-spoof
 Frech> XF:mailers-cgimail-spoof(5165)


======================================================
Candidate: CAN-2000-0731
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0731
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: XF:wormhttp-dir-traverse(5148)
Reference: URL:http://xforce.iss.net/static/5148.php

Directory traversal vulnerability in Worm HTTP server allows remote
attackers to read arbitrary files via a .. (dot dot) attack.


Modifications:
  DESC Add "directory traversal" term
  ADDREF XF:wormhttp-dir-traverse(5148)

INFERRED ACTION: CAN-2000-0731 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Levy
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Christey> XF:wormhttp-dir-traverse
   http://xforce.iss.net/static/5148.php
 Frech> XF:wormhttp-dir-traverse(5148)


======================================================
Candidate: CAN-2000-0742
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0742
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000602 ipx storm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120
Reference: MS:MS00-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-054.asp
Reference: BID:1544
Reference: URL:http://www.securityfocus.com/bid/1544
Reference: XF:win-ipx-ping-packet(5079)
Reference: URL:http://xforce.iss.net/static/5079.php

The IPX protocol implementation in Microsoft Windows 95 and 98 allows
remote attackers to cause a denial of service by sending a ping packet
with a source IP address that is a broadcast address, aka the
"Malformed IPX Ping Packet" vulnerability.


Modifications:
  ADDREF XF:win-ipx-ping-packet(5079)
  DESC Add "aka"

INFERRED ACTION: CAN-2000-0742 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Cole, Levy, LeBlanc
   NOOP(1) Christey
   REVIEWING(1) Wall

Voter Comments:
 Christey> Include Microsoft's name as an "aka".
 Christey> XF:win-ipx-ping-packet
   http://xforce.iss.net/static/5079.php


======================================================
Candidate: CAN-2000-0803
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0803
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20001129
Assigned: 20000922
Category: SF
Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory
Reference: XF:gnu-groff-utilities(5280)

GNU Groff uses the current working directory to find a device
description file, which allows a local user to gain additional
privileges by including a malicious postpro directive in the
description file, which is executed when another user runs groff.


Modifications:
  ADDREF XF:gnu-groff-utilities(5280)

INFERRED ACTION: CAN-2000-0803 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Cole, Collins
   MODIFY(1) Frech
   NOOP(2) Mell, Wall

Voter Comments:
 Frech> XF:gnu-groff-utilities(5280)


======================================================
Candidate: CAN-2000-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0816
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20001129
Assigned: 20000929
Category: SF
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
Reference: URL:http://xforce.iss.net/alerts/advise64.php
Reference: REDHAT:RHSA-2000:080-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080-01.html
Reference: MANDRAKE:MDKSA-2000:056
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1
Reference: BID:1785
Reference: URL:http://www.securityfocus.com/bid/1785
Reference: XF:linux-tmpwatch-fuser(5320)

Linux tmpwatch --fuser option allows local users to execute arbitrary
commands by creating files whose names contain shell metacharacters.


Modifications:
  ADDREF XF:linux-tmpwatch-fuser(5320)

INFERRED ACTION: CAN-2000-0816 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:linux-tmpwatch-fuser(5320)


======================================================
Candidate: CAN-2000-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0818
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20001129
Assigned: 20001013
Category: CF
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
Reference: URL:http://xforce.iss.net/alerts/advise66.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
Reference: XF:oracle-listener-connect-statements(5380)

The default installation for the Oracle listener program 7.3.4, 8.0.6,
and 8.1.6 allows an attacker to cause logging information to be
appended to arbitrary files and execute commands via the SET TRC_FILE
or SET LOG_FILE commands.


Modifications:
  ADDREF XF:oracle-listener-connect-statements(5380)

INFERRED ACTION: CAN-2000-0818 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Cole, Mell
   MODIFY(1) Frech
   NOOP(1) Armstrong

Voter Comments:
 Frech> XF:oracle-listener-connect-statements(5380)


======================================================
Candidate: CAN-2000-0829
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0829
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
Reference: URL:http://www.securityfocus.com/archive/1/81364
Reference: BID:1664
Reference: URL:http://www.securityfocus.com/bid/1664
Reference: XF:linux-tmpwatch-fork-dos
Reference: URL:http://xforce.iss.net/static/5217.php

The tmpwatch utility in Red Hat Linux forks a new process for each
directory level, which allows local users to cause a denial of service
by creating deeply nested directories in /tmp or /var/tmp/.

INFERRED ACTION: CAN-2000-0829 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Cole, Collins
   NOOP(2) Magdych, Wall

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0854
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0854
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0118.html
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
Reference: BID:1699
Reference: URL:http://www.securityfocus.com/bid/1699
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
Reference: XF:office-dll-execution(5263)
Reference: URL:URL:http://xforce.iss.net/static/5263.php

When a Microsoft Office 2000 document is launched, the directory of
that document is first used to locate DLL's such as riched20.dll and
msi.dll, which could allow an attacker to execute arbitrary commands
by inserting a Trojan Horse DLL into the same directory as the
document.


Modifications:
  ADDREF XF:office-dll-execution(5263)

INFERRED ACTION: CAN-2000-0854 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(6) Baker, Cole, Collins, Armstrong, Wall, LeBlanc
   MODIFY(1) Frech
   NOOP(2) Magdych, Christey

Voter Comments:
 Cole> HAS-INDEPENDENT-CONFIRMATION
 Christey> ADDREF XF:office-dll-execution
   URL:http://xforce.iss.net/static/5263.php
 Frech> XF:office-dll-execution(5263)
 Collins> http://www.guninski.com/officedll.html
 CHANGE> [Collins changed vote from MODIFY to ACCEPT]
 Collins> http://www.guninski.com/officedll.html


======================================================
Candidate: CAN-2000-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0856
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html
Reference: BID:1638
Reference: URL:http://www.securityfocus.com/bid/1638

Buffer overflow in SunFTP build 9(1) allows remote attackers to cause
a denial of service or possibly execute arbitrary commands via a long
GET request.

INFERRED ACTION: CAN-2000-0856 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Baker, Cole, Collins
   NOOP(2) Armstrong, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0874
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000907 Eudora disclosure
Reference: URL:http://www.securityfocus.com/archive/1/80888
Reference: BID:1653
Reference: URL:http://www.securityfocus.com/bid/1653
Reference: XF:eudora-path-disclosure
Reference: URL:http://xforce.iss.net/static/5206.php

Eudora mail client includes the absolute path of the sender's host
within a virtual card (VCF).

INFERRED ACTION: CAN-2000-0874 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Baker, Cole, Collins, Armstrong
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0875
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010430-01
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm
Reference: XF:wftpd-long-string-dos
Reference: URL:http://xforce.iss.net/static/5194.php

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a
denial of service by sending a long string of unprintable characters.


Modifications:
  ADDREF CONFIRM:http://www.wftpd.com/bug_gpf.htm

INFERRED ACTION: CAN-2000-0875 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(4) Baker, Cole, Collins, Armstrong
   NOOP(1) Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Collins> http://www.wftpd.com/bug_gpf.htm "Fixed in 2.41 RC13: Why would anyone do that?"


======================================================
Candidate: CAN-2000-0876
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0876
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: XF:wftpd-path-disclosure
Reference: URL:http://xforce.iss.net/static/5196.php

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the
full pathname of the server via a "%C" command, which generates an
error message that includes the pathname.

INFERRED ACTION: CAN-2000-0876 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Baker, Cole, Collins
   NOOP(2) Armstrong, Wall

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2000-0890
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0890
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20010202
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: CERT-VN:VU#626919
Reference: URL:http://www.kb.cert.org/vuls/id/626919
Reference: FREEBSD:FreeBSD-SA-01:12
Reference: XF:periodic-temp-file-symlink(6047)
Reference: BID:2325
Reference: URL:http://www.securityfocus.com/bid/2325

periodic in FreeBSD 4.1.1 and earlier, and possibly other operating
systems, allows local users to overwrite arbitrary files via a symlink
attack.


Modifications:
  ADDREF XF:periodic-temp-file-symlink(6047)
  ADDREF FREEBSD:FreeBSD-SA-01:12
  ADDREF BID:2325
  Add version numbers to description.

INFERRED ACTION: CAN-2000-0890 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Ziese, Baker
   MODIFY(1) Frech
   NOOP(3) Christey, Cole, Wall

Voter Comments:
 Frech> XF:periodic-temp-file-symlink(6047)
 Christey> FREEBSD:FreeBSD-SA-01:12
   BID:2325


======================================================
Candidate: CAN-2000-0896
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0896
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20010202
Assigned: 20001114
Category: SF
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: XF:watchguard-soho-fragmented-packets
Reference: URL:http://xforce.iss.net/static/5749.php
Reference: BID:2113
Reference: URL:http://www.securityfocus.com/bid/2113

WatchGuard SOHO firewall allows remote attackers to cause a denial of
service via a flood of fragmented IP packets, which causes the
firewall to drop connections and stop forwarding packets.

INFERRED ACTION: CAN-2000-0896 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Ziese, Frech, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0927
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0927
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html
Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html
Reference: BID:1724
Reference: URL:http://www.securityfocus.com/bid/1724
Reference: XF:quotaadvisor-quota-bypass
Reference: URL:http://xforce.iss.net/static/5302.php

WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they
are stored in alternative data streams, which allows users to bypass
quota restrictions.

INFERRED ACTION: CAN-2000-0927 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Mell, Collins
   NOOP(2) Cole, Wall


======================================================
Candidate: CAN-2000-0964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0964
Final-Decision: 20010507
Interim-Decision: 20010502
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 Another thingy.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html
Reference: BID:1727
Reference: URL:http://www.securityfocus.com/bid/1727
Reference: XF:hinet-ipphone-get-bo
Reference: URL:http://xforce.iss.net/static/5298.php

Buffer overflow in the web administration service for the HiNet LP5100
IP-phone allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a long GET request.

INFERRED ACTION: CAN-2000-0964 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Mell, Collins
   NOOP(2) Cole, Wall


======================================================
Candidate: CAN-2000-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1075
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010417-01
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html
Reference: BID:1839
Reference: URL:http://www.securityfocus.com/bid/1839
Reference: XF:iplanet-netscape-directory-traversal
Reference: URL:http://xforce.iss.net/static/5421.php

Directory traversal vulnerability in iPlanet Certificate Management
System 4.2 and Directory Server 4.12 allows remote attackers to read
arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or
Administrator services.


Modifications:
  ADDREF CONFIRM:http://www.iplanet.com/downloads/patches/0122.html

INFERRED ACTION: CAN-2000-1075 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Frech, Baker, Mell
   NOOP(2) Christey, Cole

Voter Comments:
 Christey> CONFIRM:http://www.iplanet.com/downloads/patches/0122.html
   "Security fix - Prohibit access to files outside of document
   root [#515951] (Problem on Windows NT Only)"


======================================================
Candidate: CAN-2000-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1108
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-02
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 Problems with cons.saver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
Reference: DEBIAN:20001125 mc: local DoS
Reference: URL:http://www.debian.org/security/2000/20001125
Reference: MANDRAKE:MDKSA-2000:078
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3
Reference: BID:1945
Reference: URL:http://www.securityfocus.com/bid/1945
Reference: XF:midnight-commander-conssaver-symlink(5519)

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not
properly verify if an output file descriptor is a TTY, which allows
local users to corrupt files by creating a symbolic link to the target
file, calling mc, and specifying that link as a TTY argument.


Modifications:
  ADDREF MANDRAKE:MDKSA-2000:078
  ADDREF XF:midnight-commander-conssaver-symlink(5519)

INFERRED ACTION: CAN-2000-1108 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Baker, Armstrong
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> ADDREF MANDRAKE:MDKSA-2000:078
 Frech> XF:midnight-commander-conssaver-symlink(5519)


======================================================
Candidate: CAN-2000-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1109
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001127 Midnight Commander
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
Reference: DEBIAN:DSA-036
Reference: URL:http://www.debian.org/security/2001/dsa-036
Reference: SUSE:SuSE-SA:2001:11
Reference: URL:http://www.suse.com/de/support/security/2001_011_mc.txt
Reference: BID:2016
Reference: URL:http://www.securityfocus.com/bid/2016
Reference: XF:midnight-commander-elevate-privileges(5929)

Midnight Commander (mc) 4.5.51 and earlier does not properly process
malformed directory names when a user opens a directory, which allows
other local users to gain privileges by creating directories that
contain special characters followed by the commands to be executed.


Modifications:
  ADDREF XF:midnight-commander-elevate-privileges(5929)
  ADDREF DEBIAN:DSA-036
  ADDREF SUSE:SuSE-SA:2001:11

INFERRED ACTION: CAN-2000-1109 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Frech> XF:midnight-commander-elevate-privileges(5929)
 Christey> ADDREF DEBIAN:DSA-036
   ADDREF SUSE:SuSE-SA:2001:11


======================================================
Candidate: CAN-2000-1119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1119
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08812
Reference: AIXAPAR:IY10721
Reference: BID:2032
Reference: URL:http://www.securityfocus.com/bid/2032
Reference: XF:aix-setsenv-bo(5621)

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows
local users to execute arbitrary commands via a long "x=" argument.


Modifications:
  ADDREF AIXAPAR:IY08812
  ADDREF AIXAPAR:IY10721
  ADDREF XF:aix-setsenv-bo(5621)

INFERRED ACTION: CAN-2000-1119 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Bollinger, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Bollinger> Fixed by APARs IY10721 (4.2.x) and IY08812 (4.3.x).
 Christey> XF:aix-setsenv-bo
   URL:http://xforce.iss.net/static/5621.php
 Frech> XF:aix-setsenv-bo(5621)


======================================================
Candidate: CAN-2000-1121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1121
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY08143
Reference: AIXAPAR:IY08287
Reference: BID:2034
Reference: URL:http://www.securityfocus.com/bid/2034
Reference: XF:aix-enq-bo(5619)

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow
local users to execute arbitrary commands via a long -M argument.


Modifications:
  ADDREF XF:aix-enq-bo(5619)

INFERRED ACTION: CAN-2000-1121 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Bollinger, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> XF:aix-enq-bo
   URL:http://xforce.iss.net/static/5619.php
 Frech> XF:aix-enq-bo(5619)


======================================================
Candidate: CAN-2000-1122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1122
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY07831
Reference: AIXAPAR:IY07790
Reference: BID:2035
Reference: URL:http://www.securityfocus.com/bid/2035

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may
allow local users to execute arbitrary commands via a long argument.


Modifications:
  ADDREF AIXAPAR:IY07831
  ADDREF AIXAPAR:IY07790

INFERRED ACTION: CAN-2000-1122 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Bollinger, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Bollinger> Fixed in APARs IY07790 (4.2.x) and IY07831 (4.3.x).
 Christey> XF:aix-setclock-bo
   URL:http://xforce.iss.net/static/5618.php
 Frech> XF:aix-setclock-bo(5618)


======================================================
Candidate: CAN-2000-1123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1123
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY12638
Reference: BID:2036
Reference: URL:http://www.securityfocus.com/bid/2036
Reference: XF:aix-pioout-bo
Reference: URL:http://xforce.iss.net/static/5617.php

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may
allow local users to execute arbitrary commands.


Modifications:
  ADDREF XF:aix-pioout-bo

INFERRED ACTION: CAN-2000-1123 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Bollinger, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> XF:aix-pioout-bo
   URL:http://xforce.iss.net/static/5617.php
 Frech> XF:aix-pioout-bo(5617)


======================================================
Candidate: CAN-2000-1124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1124
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2
Reference: AIXAPAR:IY12638
Reference: BID:2037
Reference: URL:http://www.securityfocus.com/bid/2037
Reference: XF:aix-piobe-bo(5616)
Reference: URL:http://xforce.iss.net/static/5616.php

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users
to gain privileges via long environmental variables.


Modifications:
  ADDREF XF:aix-piobe-bo(5616)

INFERRED ACTION: CAN-2000-1124 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Bollinger, Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Christey> XF:aix-piobe-bo
   URL:http://xforce.iss.net/static/5616.php
 Frech> XF:aix-piobe-bo(5616)


======================================================
Candidate: CAN-2000-1164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1164
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001118 WinVNC 3.3.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html
Reference: BID:1961
Reference: URL:http://www.securityfocus.com/bid/1961
Reference: XF:winvnc-modify-registry(5545)

WinVNC installs the WinVNC3 registry key with permissions that give
Special Access (read and modify) to the Everybody group, which allows
users to read and modify sensitive information such as passwords and
gain access to the system.


Modifications:
  ADDREF XF:winvnc-modify-registry(5545)

INFERRED ACTION: CAN-2000-1164 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Armstrong, Wall, Baker
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:winvnc-modify-registry(5545)


======================================================
Candidate: CAN-2000-1165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1165
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html
Reference: FREEBSD:FreeBSD-SA-01:02
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc
Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/
Reference: BID:1981
Reference: URL:http://www.securityfocus.com/bid/1981
Reference: XF:balabit-syslog-ng-dos(5576)

Balabit syslog-ng allows remote attackers to cause a denial of service
(application crash) via a malformed log message that does not have a
closing > in the priority specifier.


Modifications:
  ADDREF XF:balabit-syslog-ng-dos(5576)
  ADDREF

INFERRED ACTION: CAN-2000-1165 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Frech> XF:balabit-syslog-ng-dos(5576)
 Christey> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc


======================================================
Candidate: CAN-2000-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1170
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2
Reference: CONFIRM:http://www.netsnap.com/new.htm
Reference: BID:1956
Reference: URL:http://www.securityfocus.com/bid/1956
Reference: XF:netsnap-remote-bo(5534)

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows
remote attackers to execute arbitrary commands via a long GET request.


Modifications:
  ADDREF XF:netsnap-remote-bo(5534)

INFERRED ACTION: CAN-2000-1170 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Armstrong, Wall, Cole

Voter Comments:
 Frech> XF:netsnap-remote-bo(5534)


======================================================
Candidate: CAN-2000-1171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1171
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
Reference: XF:cgiforum-view-files(5553)
Reference: BID:1963
Reference: URL:http://www.securityfocus.com/bid/1963

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0
allows remote attackers to ready arbitrary files via a .. (dot dot)
attack in the "thesection" parameter.


Modifications:
  ADDREF XF:cgiforum-view-files(5553)

INFERRED ACTION: CAN-2000-1171 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(2) Armstrong, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cgiforum-view-files(5553)


======================================================
Candidate: CAN-2000-1174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1174
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010501-02
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html
Reference: DEBIAN:20001121 ethereal: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001122a
Reference: CONECTIVA:CLSA-2000:342
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342
Reference: REDHAT:RHSA-2000:116-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html
Reference: FREEBSD:FreeBSD-SA-00:81
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc
Reference: XF:ethereal-afs-bo(5557)
Reference: BID:1972
Reference: URL:http://www.securityfocus.com/bid/1972

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and
earlier allows remote attackers to execute arbitrary commands via a
packet with a long username.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-00:81
  ADDREF XF:ethereal-afs-bo(5557)

INFERRED ACTION: CAN-2000-1174 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(3) Armstrong, Baker, Cole
   MODIFY(1) Frech
   NOOP(1) Christey
   REVIEWING(1) Wall

Voter Comments:
 Christey> FREEBSD:FreeBSD-SA-00:81
 Frech> XF:ethereal-afs-bo(5557)


======================================================
Candidate: CAN-2000-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1180
Final-Decision: 20010507
Interim-Decision: 20010502
Modified: 20010425-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2
Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
Reference: BID:1968
Reference: URL:http://www.securityfocus.com/bid/1968
Reference: XF:oracle-cmctl-bo(5551)

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control
allows local users to gain privileges via a long command line argument.


Modifications:
  ADDREF XF:oracle-cmctl-bo(5551)
  ADDREF BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control

INFERRED ACTION: CAN-2000-1180 FINAL (Final Decision 20010507)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Cole

Voter Comments:
 Frech> XF:oracle-cmctl-bo(5551)
 Christey> Acknowledged by Oracle:
   BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
   URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0316.html
 Christey> It appears that this is confirmed by Oracle in:
   BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
   http://archives.neohapsis.com/archives/bugtraq/2001-01/0316.html

Page Last Updated or Reviewed: May 22, 2007