[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 98 candidates (Final 9/14)
I have made an Interim Decision to ACCEPT the following 98 candidates,
most of which are from various RECENT-XX clusters.
I will make a Final Decision on September 14.
I don't think I've ever seen such a large set of different voters.
Thanks to everyone for contributing!
Voters:
Renaud ACCEPT(18) NOOP(8)
Ozancin NOOP(4)
LeBlanc NOOP(4)
Magdych ACCEPT(11) NOOP(7)
Cole ACCEPT(71) NOOP(19)
Balinsky ACCEPT(13) MODIFY(1) NOOP(3)
Blake ACCEPT(2)
Foat ACCEPT(6) NOOP(1)
Williams ACCEPT(25) MODIFY(1)
Oliver ACCEPT(11) NOOP(6)
Christey NOOP(17)
Wall ACCEPT(23) NOOP(61)
Ziese ACCEPT(65) NOOP(20)
Levy ACCEPT(6)
Dik ACCEPT(3)
Frech ACCEPT(25) MODIFY(69)
Mell ACCEPT(2)
Stracener ACCEPT(7)
Bollinger ACCEPT(1) NOOP(1)
Baker ACCEPT(81)
Collins ACCEPT(5)
Lawler ACCEPT(10) NOOP(1)
Bishop ACCEPT(2)
Prosser ACCEPT(2)
Armstrong ACCEPT(2) NOOP(6)
ACCEPT --> 94
ACCEPT_ACK --> 4
======================================================
Candidate: CAN-1999-0756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0756
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos(2207)
Reference: URL:http://xforce.iss.net/static/2207.php
ColdFusion Administrator with Advanced Security enabled allows remote
users to stop the ColdFusion server via the Start/Stop utility.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-1999-0756 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Frech
NOOP(1) Cole
Voter Comments:
Frech> XF:coldfusion-admin-dos
======================================================
Candidate: CAN-2000-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0243
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:http://xforce.iss.net/static/4189.php
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to
cause a denial of service via a short GET request to cgi-bin.
Modifications:
DESC Remove "buffer overflow"
CHANGEREF [normalize] XF:simpleserver-exception-dos(4189)
INFERRED ACTION: CAN-2000-0243 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Levy, Baker
NOOP(3) Cole, Magdych, Christey
Voter Comments:
Christey> Change description: this is a buffer *underflow*, now overflow.
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-0568
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0568
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se
Reference: XF:sybergen-routing-table-modify
Reference: BID:1417
Reference: URL:http://www.securityfocus.com/bid/1417
Sybergen Secure Desktop 2.1 does not properly protect against false
router advertisements (ICMP type 9), which allows remote attackers to
modify default routes.
INFERRED ACTION: CAN-2000-0568 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Baker, Frech
NOOP(6) Wall, Cole, Armstrong, Magdych, LeBlanc, Ozancin
Voter Comments:
CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-0569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0569
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
Reference: BID:1420
Reference: URL:http://www.securityfocus.com/bid/1420
Reference: XF:sygate-udp-packet-dos(5049)
Reference: URL:http://xforce.iss.net/static/5049.php
Sybergen Sygate allows remote attackers to cause a denial of service
by sending a malformed DNS UDP packet to its internal interface.
Modifications:
CHANGEREF Change MISC reference to WIN2KSEC
ADDREF XF:sygate-udp-packet-dos(5049)
INFERRED ACTION: CAN-2000-0569 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Levy, Baker, Cole
MODIFY(1) Frech
NOOP(5) Wall, Armstrong, Magdych, LeBlanc, Ozancin
Voter Comments:
Frech> XF:sygate-udp-packet-dos(5049)
CHANGE> [Cole changed vote from NOOP to ACCEPT]
CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0576
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows
remote attackers to cause a denial of service via a malformed URL.
INFERRED ACTION: CAN-2000-0576 ACCEPT (6 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(5) Levy, Baker, Cole, Blake, Collins
MODIFY(1) Frech
NOOP(6) Wall, Bollinger, Armstrong, Magdych, LeBlanc, Ozancin
Voter Comments:
Frech> XF:oracle-web-listener-dos(4874)
CHANGE> [Cole changed vote from NOOP to ACCEPT]
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-0620
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0620
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409
Reference: XF:libx11-infinite-loop-dos(4996)
Reference: URL:http://xforce.iss.net/static/4996.php
libX11 X library allows remote attackers to cause a denial of service
via a resource mask of 0, which causes libX11 to go into an infinite
loop.
Modifications:
ADDREF BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
ADDREF XF:libx11-infinite-loop-dos(4996)
INFERRED ACTION: CAN-2000-0620 ACCEPT (7 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(6) Levy, Baker, Cole, Armstrong, Blake, Collins
MODIFY(1) Frech
NOOP(4) Wall, Magdych, LeBlanc, Ozancin
Voter Comments:
Frech> XF:libx11-infinite-loop-dos(4996)
See also
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-22%26msg%3DPine.LNX.4.21.0006192251480.9945-100000@ferret.lmh.ox.ac.uk, specifically flaw #2.
CHANGE> [Cole changed vote from NOOP to ACCEPT]
CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]
CHANGE> [Magdych changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-0799
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0799
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: BID:1530
Reference: URL:http://www.securityfocus.com/bid/1530
Reference: XF:irix-inpview-symlink(5065)
Reference: URL:http://xforce.iss.net/static/5065.php
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local
users to gain privileges via a symlink attack on the .ilmpAAA
temporary file.
Modifications:
ADDREF XF:irix-inpview-symlink(5065)
ADDREF SGI:20001101-01-I
Add "InPerson" to facilitate search; add details for affected file.
INFERRED ACTION: CAN-2000-0799 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Levy, Baker
NOOP(3) Wall, Cole, Christey
Voter Comments:
Christey> XF:irix-inpview-symlink
http://xforce.iss.net/static/5065.php
Christey> ADDREF SGI:20001101-01-I
URL:http://archives.neohapsis.com/archives/vendor/2000-q4/0072.html
Christey> Add "InPerson" to description to facilitate search, and
describe the affected file as ".ilmpAAA"
A brief allusion to this problem is also in:
BUGTRAQ:19970507 Irix: misc
http://www.securityfocus.com/archive/1/6702
======================================================
Candidate: CAN-2000-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0877
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: XF:mailform-attach-file
Reference: URL:http://xforce.iss.net/static/5224.php
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read
arbitrary files by specifying the file name in the XX-attach_file
parameter, which MailForm then sends to the attacker.
INFERRED ACTION: CAN-2000-0877 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Frech, Collins, Baker
NOOP(4) Wall, Cole, Armstrong, Magdych
======================================================
Candidate: CAN-2000-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0897
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20001219
Assigned: 20001114
Category: SF
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941
Reference: XF:small-http-nofile-dos(5524)
Reference: URL:http://xforce.iss.net/static/5524.php
Small HTTP Server 2.03 and earlier allows remote attackers to cause a
denial of service by repeatedly requesting a URL that references a
directory that does not contain an index.html file, which consumes
memory that is not released after the request is completed.
Modifications:
ADDREF XF:small-http-nofile-dos(5524)
ADDREF CONFIRM:http://home.lanck.net/mf/srv/index.htm
DESC Change version to "before 2.03" based on vendor acknowledgement.
INFERRED ACTION: CAN-2000-0897 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Balinsky
MODIFY(1) Frech
NOOP(3) Wall, Cole, Armstrong
Voter Comments:
Frech> XF:small-http-nofile-dos(5524)
Balinsky> Vendor acknowledges problem in version 2.03 comments at this URL:
http://home.lanck.net/mf/srv/index.htm
======================================================
Candidate: CAN-2000-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0945
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: URL:http://xforce.iss.net/static/5415.php
Reference: BID:1846
Reference: URL:http://www.securityfocus.com/bid/1846
The web configuration interface for Catalyst 3500 XL switches allows
remote attackers to execute arbitrary commands without authentication
when the enable password is not set, via a URL containing the /exec/
directory.
Modifications:
CHANGEREF [normalize] XF:cisco-catalyst-remote-commands
ADDREF BID:1846
ADDREF BUGTRAQ:20001113 Re: 3500XL
DESC added "when enable password is not set" based on Cisco followup
INFERRED ACTION: CAN-2000-0945 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(6) Cole, Frech, Ziese, Renaud, Mell, Baker
NOOP(2) Christey, Balinsky
Voter Comments:
Christey> See Cisco's response at:
http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
It also references BID:1846
CHANGE> [Balinsky changed vote from REVIEWING to NOOP]
======================================================
Candidate: CAN-2000-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1047
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server
Reference: URL:http://www.securityfocus.com/archive/1/143071
Reference: BID:1905
Reference: URL:http://www.securityfocus.com/bid/1905
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier
allows remote attackers to cause a denial of service and possibly
execute arbitrary commands via a long ENVID keyword in the "MAIL FROM"
command.
INFERRED ACTION: CAN-2000-1047 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Mell, Baker, Collins
NOOP(2) Cole, Wall
Voter Comments:
Collins> SPR CDOY4GFP35 @ http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=CDOY4GFP35&SearchMax=0&Start=1&Count=25
======================================================
Candidate: CAN-2001-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0004
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-02
Proposed: 20010202
Assigned: 20010104
Category: SF
Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2
Reference: MS:MS01-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
Reference: BID:2313
Reference: URL:http://www.securityfocus.com/bid/2313
Reference: XF:iis-read-files(5903)
Reference: URL:http://xforce.iss.net/static/5903.php
IIS 5.0 and 4.0 allows remote attackers to read the source code for
executable web server programs by appending "%3F+.htr" to the
requested URL, which causes the files to be parsed by the .HTR ISAPI
extension, aka a variant of the "File Fragment Reading via .HTR"
vulnerability.
Modifications:
ADDREF XF:iis-read-files(5903)
ADDREF BID:2313
INFERRED ACTION: CAN-2001-0004 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Baker, Cole, Collins, Ziese, Wall
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:microsoft-iis-read-files(5903)
Christey> Change XF:microsoft-iis-read-files to XF:iis-read-files
Christey> XF:iis-read-files(5903)
BID:2313
Christey> XF:iis-isapi-obtain-code
URL:http://xforce.iss.net/static/6032.php
Christey> OK, the proper XF reference to use is iis-read-files(5903).
======================================================
Candidate: CAN-2001-0020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0020
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010131
Category: SF
Reference: ATSTAKE:A013101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt
Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
Reference: XF:cisco-ccs-file-access(6031)
Reference: URL:http://xforce.iss.net/static/6031.php
Reference: BID:2331
Reference: URL:http://www.securityfocus.com/bid/2331
Directory traversal vulnerability in Arrowpoint (aka Cisco Content
Services, or CSS) allows local unprivileged users to read arbitrary
files via a .. (dot dot) attack.
Modifications:
ADDREF XF:cisco-ccs-file-access(6031)
ADDREF BID:2331
INFERRED ACTION: CAN-2001-0020 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Cole, Ziese
MODIFY(1) Frech
NOOP(2) Christey, Wall
Voter Comments:
Frech> XF:cisco-ccs-file-access(6031)
Christey> XF:cisco-ccs-file-access
Christey> BID:2331
URL:http://www.securityfocus.com/bid/2331
======================================================
Candidate: CAN-2001-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0077
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category:
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:clustmon-no-authentication(6123)
Reference: URL:http://xforce.iss.net/static/6123.php
The clustmon service in Sun Cluster 2.x does not require
authentication, which allows remote attackers to obtain sensitive
information such as system logs and cluster configurations.
Modifications:
ADDREF XF:clustmon-no-authentication(6123)
INFERRED ACTION: CAN-2001-0077 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Dik
MODIFY(1) Frech
NOOP(3) Cole, Ziese, Wall
Voter Comments:
Frech> XF:clustmon-no-authentication(6123)
======================================================
Candidate: CAN-2001-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0078
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:ha-nfs-symlink(6125)
Reference: URL:http://xforce.iss.net/static/6125.php
in.mond in Sun Cluster 2.x allows local users to read arbitrary files
via a symlink attack on the status file of a host running HA-NFS.
Modifications:
ADDREF XF:ha-nfs-symlink(6125)
INFERRED ACTION: CAN-2001-0078 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Dik
MODIFY(1) Frech
NOOP(3) Cole, Ziese, Wall
Voter Comments:
Frech> XF:ha-nfs-symlink(6125)
======================================================
Candidate: CAN-2001-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0095
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
Reference: SUNBUG:4392144
Reference: XF:solaris-catman-symlink(5788)
Reference: URL:http://xforce.iss.net/static/5788.php
catman in Solaris 2.7 and 2.8 allows local users to overwrite
arbitrary files via a symlink attack on the sman_PID temporary file.
Modifications:
ADDREF SUNBUG:4392144
CHANGEREF [normalize] XF:solaris-catman-symlink(5788)
INFERRED ACTION: CAN-2001-0095 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Frech, Dik
NOOP(3) Cole, Ziese, Wall
Voter Comments:
Dik> Sun bug 4392144
======================================================
Candidate: CAN-2001-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0108
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://www.securityfocus.com/archive/1/156202
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: XF:php-htaccess-unauth-access(5940)
Reference: URL:http://xforce.iss.net/static/5940.php
Reference: BID:2206
Reference: URL:http://www.securityfocus.com/bid/2206
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass
.htaccess access restrictions via a malformed HTTP request on an
unrestricted page that causes PHP to use those access controls on the
next page that is requested.
Modifications:
ADDREF MANDRAKE:MDKSA-2001:013
ADDREF CONECTIVA:CLA-2001:373
ADDREF DEBIAN:DSA-020
ADDREF XF:php-htaccess-unauth-access(5940)
INFERRED ACTION: CAN-2001-0108 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Oliver
MODIFY(1) Frech
NOOP(3) Wall, Cole, Christey
Voter Comments:
Christey> ADDREF MANDRAKE:MDKSA-2001:013
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Note that a second PHP problem is described here, but I don't
think it's been given a CAN yet.
CONECTIVA:CLA-2001:373
DEBIAN:DSA-020
http://www.debian.org/security/2001/dsa-020
XF:php-htaccess-unauth-access
http://xforce.iss.net/static/5940.php
Frech> XF:php-htaccess-unauth-access(5940)
Oliver> Multiple vendor acknowledgement
======================================================
Candidate: CAN-2001-0121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0121
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html
Reference: XF:storagesoft-imagecast-dos(5901)
Reference: URL:http://xforce.iss.net/static/5901.php
Reference: BID:2174
Reference: URL:http://www.securityfocus.com/bid/2174
ImageCast Control Center 4.1.0 allows remote attackers to cause a
denial of service (resource exhaustion or system crash) via a long
string to port 12002.
Modifications:
ADDREF XF:storagesoft-imagecast-dos(5901)
INFERRED ACTION: CAN-2001-0121 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Baker, Oliver
MODIFY(1) Frech
NOOP(4) Wall, Cole, Magdych, Christey
Voter Comments:
Frech> XF:storagesoft-imagecast-dos(5901)
Christey> XF:storagesoft-imagecast-dos
URL:http://xforce.iss.net/static/5901.php
Baker> An email to Storagesoft technical support resulted in an answer,
confirming the existance of the vulnerability, and that it has not
yet been patched, and it is unknown if the newer version 4.5, due for
release will address it either.
Subject: ImageCast IC3 v 4.1 [Incident:main 010420-0020]
Date: Fri, 20 Apr 2001 15:42:55 -0600 (Mountain Daylight Time)
From: support@storagesoft.com
To: bakerd@mitre.org
Recently you requested personal assistance from our on-line
support center. Below is a summary of your request and our
response.
If we do not hear from you within 3 business days we will
assume your issue has been resolved.
Thank you for allowing us to be of service to you.
-------------------------------------------------------------
Summary: ImageCast IC3 v 4.1
Suggested Solution:
At 04/20/2001 03:38 PM we wrote -
Has this been fixed in release 4.2?
No, the 4.2 control console is very similiar(in code) to 4.1.
We are currently releasing 4.5 version - this is re-written code. It
is available for evaluation on our downloads section, heres a link:
http://www.storagesoft.com/support/updates.asp
This (Security Issue) has not been tested however on 4.5.
Keith J.
STorageSoft technical Services
Incident Details:
Reference #: 010420-0020
Product (R): ImageCast
Sub-Product: Control Center
Category (R): General
Contact: bakerd@mitre.org
Date Created: 04/20/2001 10:15 AM
Last Updated: 04/20/2001 03:42 PM
Elapsed Time: 5 Hours, 27 Minutes
Status: Unresolved
Description: ImageCast IC3 is subject to a denial of service. By sending
unusually long strings to the ICCC service listening on port 12002, the
program will consume all available CPU usage refusing any new connections.
Additionally, sending multiple packets containing long strings to port
8081 will cause the ICCC service (ICCC.exe) to crash completely. A
restart of the application is required in order to gain normal functionality.
Has this been fixed in release 4.2? I have reviewed the change notes
on your site at :
http://www.storagesoft.com/support/docs/currentversion/ReleaseNotes.htm
but it does not mention the fix for these problems. Can you either
confirm that this has been repaired or tell me when the problem will be repaired
in a released version of the product?
======================================================
Candidate: CAN-2001-0136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0136
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service
Reference: URL:http://www.securityfocus.com/archive/1/152206
Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: XF:proftpd-size-memory-leak
Reference: URL:http://xforce.iss.net/static/5801.php
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a
denial of service via a series of USER commands, and possibly SIZE
commands if the server has been improperly installed.
Modifications:
ADDREF MANDRAKE:MDKSA-2001:021
ADDREF DEBIAN:DSA-029
ADDREF CONECTIVA:CLA-2001:380
ADDREF BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
INFERRED ACTION: CAN-2001-0136 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Magdych, Frech
NOOP(3) Wall, Cole, Christey
Voter Comments:
Christey> ADDREF MANDRAKE:MDKSA-2001:021
ADDREF DEBIAN:DSA-029
ADDREF CONECTIVA:CLA-2001:380
Christey> BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
======================================================
Candidate: CAN-2001-0155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0155
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010216
Category: SF
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier
allows remote attackers to execute arbitrary commands via a user name
that contains format string specifiers.
Modifications:
ADDREF CONFIRM:http://www.vandyke.com/products/vshell/security102.html
DESC Change "long user name," which implies an overflow.
INFERRED ACTION: CAN-2001-0155 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Baker
MODIFY(1) Frech
NOOP(2) Cole, Ziese
Voter Comments:
Frech> XF:vshell-username-bo(6146)
CONFIRM:http://www.vandyke.com/products/vshell/security102.html
======================================================
Candidate: CAN-2001-0164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0164
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010307
Category: SF
Reference: ATSTAKE:A030701-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt
Reference: XF:netscape-directory-server-bo(6233)
Reference: URL:http://xforce.iss.net/static/6233.php
Buffer overflow in Netscape Directory Server 4.12 and earlier allows
remote attackers to cause a denial of service or execute arbitrary
commands via a malformed recipient field.
Modifications:
ADDREF XF:netscape-directory-server-bo(6233)
INFERRED ACTION: CAN-2001-0164 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Lawler, Baker, Cole, Ziese
MODIFY(1) Frech
Voter Comments:
CHANGE> [Frech changed vote from REVIEWING to MODIFY]
Frech> XF:netscape-directory-server-bo(6233)
======================================================
Candidate: CAN-2001-0174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0174
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html
Reference: XF:virusbuster-mua-bo(6034)
Reference: URL:http://xforce.iss.net/static/6034.php
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a large "To" address.
Modifications:
CHANGEREF [normalize] XF:virusbuster-mua-bo(6034)
INFERRED ACTION: CAN-2001-0174 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Baker, Frech
NOOP(1) Ziese
Voter Comments:
Lawler> Upgrade to 8.01 or later.
======================================================
Candidate: CAN-2001-0175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0175
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2273
Reference: URL:http://www.securityfocus.com/bid/2273
Reference: XF:netscape-fasttrack-cache-dos(5985)
Reference: URL:http://xforce.iss.net/static/5985.php
The caching module in Netscape Fasttrack Server 4.1 allows remote
attackers to cause a denial of service (resource exhaustion) by
requesting a large number of non-existent URLs.
Modifications:
DESC Fix typo: "URL's" should be "URLs"
CHANGEREF [normalize] XF:netscape-fasttrack-cache-dos(5985)
INFERRED ACTION: CAN-2001-0175 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Baker, Frech
NOOP(1) Ziese
Voter Comments:
Frech> In description, consider changing possessive "URL's" to plural
"URLs".
======================================================
Candidate: CAN-2001-0176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0176
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
Reference: BID:2125
Reference: URL:http://www.securityfocus.com/bid/2125
Reference: XF:sonata-command-execute(5787)
Reference: URL:http://xforce.iss.net/static/5787.php
The setuid doroot program in Voyant Sonata 3.x executes arbitrary
command line arguments, which allows local users to gain root
privileges.
Modifications:
ADDREF XF:sonata-command-execute(5787)
INFERRED ACTION: CAN-2001-0176 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Baker
MODIFY(1) Frech
NOOP(1) Ziese
Voter Comments:
Lawler> This doroot command appears to be a "feature" to the vendor.
Frech> XF:sonata-command-execute(5787)
======================================================
Candidate: CAN-2001-0182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0182
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
Reference: XF:fw1-limited-license-dos
Reference: URL:http://xforce.iss.net/static/5966.php
Reference: BID:2238
Reference: URL:http://www.securityfocus.com/bid/2238
FireWall-1 4.1 with a limited-IP license allows remote attackers to
cause a denial of service by sending a large number of spoofed IP
packets with various source addresses to the inside interface, which
floods the console with warning messages and consumes CPU resources.
Modifications:
DESC Fix typo
INFERRED ACTION: CAN-2001-0182 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Baker, Frech
NOOP(1) Ziese
Voter Comments:
Lawler> Checkpoint is fixing this in the next service release. A work
around is available.
Frech> In description, product name is FireWall-1.
======================================================
Candidate: CAN-2001-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0189
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
Reference: BID:2268
Reference: URL:http://www.securityfocus.com/bid/2268
Reference: XF:localweb2k-directory-traversal
Reference: URL:http://xforce.iss.net/static/5982.php
Directory traversal vulnerability in LocalWEB2000 HTTP server allows
remote attackers to read arbitrary commands via a .. (dot dot) attack
in an HTTP GET request.
INFERRED ACTION: CAN-2001-0189 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Baker, Frech
NOOP(1) Ziese
Voter Comments:
Lawler> Will be fixed in a future release.
======================================================
Candidate: CAN-2001-0203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0203
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
Reference: BID:2284
Reference: URL:http://www.securityfocus.com/bid/2284
Reference: XF:watchguard-firebox-obtain-passphrase
Reference: URL:http://xforce.iss.net/static/5979.php
Watchguard Firebox II firewall allows users with read-only access to
gain read-write access, and administrative privileges, by accessing a
file that contains hashed passphrases, and using the hashes during
authentication.
INFERRED ACTION: CAN-2001-0203 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Frech, Oliver
NOOP(1) Ziese
Voter Comments:
Oliver> Vendor acknowledged and commented in hotfix
======================================================
Candidate: CAN-2001-0207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0207
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010119 Buffer overflow in bing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0333.html
Reference: XF:linux-bing-bo
Reference: URL:http://xforce.iss.net/static/6036.php
Reference: BID:2279
Reference: URL:http://www.securityfocus.com/bid/2279
Buffer overflow in bing allows remote attackers to execute arbitrary
commands via a long hostname, which is copied to a small buffer after
a reverse DNS lookup using the gethostbyaddr function.
Modifications:
DESC Fix typo: "toe xecute"
INFERRED ACTION: CAN-2001-0207 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Oliver
NOOP(2) Lawler, Ziese
Voter Comments:
Frech> In description, normalize spelling of "toe xecute"
======================================================
Candidate: CAN-2001-0215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0215
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html
Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
Reference: XF:roads-search-view-files(6097)
Reference: URL:http://xforce.iss.net/static/6097.php
Reference: BID:2371
Reference: URL:http://www.securityfocus.com/bid/2371
ROADS search.pl program allows remote attackers to read arbitrary
files by specifying the file name in the form parameter and
terminating the filename with a null byte.
Modifications:
ADDREF XF:roads-search-view-files(6097)
ADDREF CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
INFERRED ACTION: CAN-2001-0215 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Lawler, Baker
MODIFY(1) Frech
NOOP(3) Cole, Christey, Ziese
Voter Comments:
Frech> XF:roads-search-view-files(6097)
CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
Christey> CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
======================================================
Candidate: CAN-2001-0235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0235
Final-Decision:
Interim-Decision: 20010911
Modified: 20010430-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: DEBIAN:DSA-024
Reference: URL:http://www.debian.org/security/2001/dsa-024
Reference: FREEBSD:FreeBSD-SA-01:09
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
Reference: XF:crontab-read-files(6225)
Vulnerability in crontab allows local users to read crontab files of
other users by replacing the temporary file that is being edited while
crontab is running.
Modifications:
ADDREF XF:crontab-read-files(6225)
INFERRED ACTION: CAN-2001-0235 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Lawler, Baker, Ziese
MODIFY(1) Frech
Voter Comments:
Lawler> Recommend maintaining reference to CVE-2000-0972
Frech> XF:crontab-read-files(6225)
======================================================
Candidate: CAN-2001-0237
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0237
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2
Reference: MS:MS01-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp
Reference: CIAC:L-079
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml
Reference: XF:win2k-kerberos-dos(6506)
Reference: URL:http://xforce.iss.net/static/6506.php
Reference: BID:2707
Reference: URL:http://www.securityfocus.com/bid/2707
Memory leak in Microsoft 2000 domain controller allows remote
attackers to cause a denial of service by repeatedly connecting to the
Kerberos service and then disconnecting without sending any data.
Modifications:
ADDREF XF:win2k-kerberos-dos(6506)
ADDREF CIAC:L-079
ADDREF BID:2707
INFERRED ACTION: CAN-2001-0237 ACCEPT (9 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Balinsky> Although Microsoft does not specify that the memory leak is in the LSA subsystem, the behavior they describe is identical to that in the Bugtraq post.
Frech> XF:win2k-kerberos-dos(6506)
Christey> BID:2707
URL:http://www.securityfocus.com/bid/2707
======================================================
Candidate: CAN-2001-0238
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0238
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-022.asp
Reference: CIAC:L-074
Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml
Reference: XF:ms-dacipp-webdav-access(6405)
Reference: URL:http://xforce.iss.net/static/6405.php
Microsoft Data Access Component Internet Publishing Provider
8.103.2519.0 and earlier allows remote attackers to bypass Security
Zone restrictions via WebDAV requests.
Modifications:
ADDREF XF:ms-dacipp-webdav-access(6405)
ADDREF CIAC:L-074
INFERRED ACTION: CAN-2001-0238 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Wall, Renaud, Baker, Cole, Williams, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:ms-dacipp-webdav-access(6405)
======================================================
Candidate: CAN-2001-0239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0239
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/176912
Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/179986
Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/177160
Reference: MS:MS01-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-021.asp
Reference: CIAC:L-073
Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml
Reference: BID:2600
Reference: URL:http://www.securityfocus.com/bid/2600
Reference: XF:isa-web-proxy-dos(6383)
Reference: URL:http://xforce.iss.net/static/6383.php
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web
Proxy allows remote attackers to cause a denial of service via a long
web request with a specific type.
Modifications:
DESC Remove "possibly execute arbitrary commands"
ADDREF XF:isa-web-proxy-dos(6383)
ADDREF CIAC:L-073
INFERRED ACTION: CAN-2001-0239 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Renaud, Baker, Cole, Ziese
MODIFY(2) Williams, Frech
Voter Comments:
Frech> XF:isa-web-proxy-dos(6383)
Williams> get rid of "execute arbitrary commands" part of description. preliminary analyis initially suggested that an exploitable overflow may have been present. subsequent source code analysis by Microsoft indicated that only a heap overflow is present, and therefore that this vulnerability is not exploitable beyond DoS.
======================================================
Candidate: CAN-2001-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0240
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp
Reference: XF:word-rtf-macro-execution(6571)
Reference: URL:http://xforce.iss.net/static/6571.php
Reference: BID:2753
Reference: URL:http://www.securityfocus.com/bid/2753
Microsoft Word before Word 2002 allows attackers to automatically
execute macros without warning the user via a Rich Text Format (RTF)
document that links to a template with the embedded macro.
Modifications:
ADDREF XF:word-rtf-macro-execution(6571)
ADDREF BID:2753
INFERRED ACTION: CAN-2001-0240 ACCEPT (7 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
NOOP(2) Renaud, Christey
Voter Comments:
Frech> XF:word-rtf-macro-execution(6571)
Christey> BID:2753
URL:http://www.securityfocus.com/bid/2753
======================================================
Candidate: CAN-2001-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0241
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Reference: MS:MS01-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Reference: CERT:CA-2001-10
Reference: URL:http://www.cert.org/advisories/CA-2001-10.html
Reference: BID:2674
Reference: URL:http://www.securityfocus.com/bid/2674
Reference: XF:iis-isapi-printer-bo(6485)
Reference: URL:http://xforce.iss.net/static/6485.php
Buffer overflow in Internet Printing ISAPI extension in Windows 2000
allows remote attackers to gain root privileges via a long print
request that is passed to the extension through IIS 5.0.
Modifications:
ADDREF XF:iis-isapi-printer-bo(6485)
ADDREF CERT:CA-2001-10
INFERRED ACTION: CAN-2001-0241 ACCEPT (9 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
Voter Comments:
Balinsky> The advisory authors reference the vendor acknowledgement, and agree with its accuracy.
Frech> XF:iis-isapi-printer-bo(6485)
======================================================
Candidate: CAN-2001-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0243
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp
Reference: XF:mediaplayer-html-shortcut(6584)
Reference: URL:http://xforce.iss.net/static/6584.php
Reference: BID:2765
Reference: URL:http://www.securityfocus.com/bid/2765
Windows Media Player 7 and earlier stores Internet shortcuts in a
user's Temporary Files folder with a fixed filename instead of in the
Internet Explorer cache, which causes the HTML in those shortcuts to
run in the Local Computer Zone instead of the Internet Zone, which
allows remote attackers to read certain files.
Modifications:
ADDREF XF:mediaplayer-html-shortcut(6584)
ADDREF BID:2765
INFERRED ACTION: CAN-2001-0243 ACCEPT (7 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(6) Wall, Baker, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
NOOP(2) Renaud, Christey
Voter Comments:
Frech> XF:mediaplayer-html-shortcut(6584)
Christey> BID:2765
URL:http://www.securityfocus.com/bid/2765
======================================================
Candidate: CAN-2001-0244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0244
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: BID:2709
Reference: URL:http://www.securityfocus.com/bid/2709
Reference: XF:winnt-indexserver-search-bo(6517)
Reference: URL:http://xforce.iss.net/static/6517.php
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers
to execute arbitrary commands via a long search parameter.
Modifications:
ADDREF XF:winnt-indexserver-search-bo(6517)
ADDREF BID:2709
INFERRED ACTION: CAN-2001-0244 ACCEPT (9 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:winnt-indexserver-search-bo(6517)
======================================================
Candidate: CAN-2001-0245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0245
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010319
Category: SF
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: XF:win-indexserver-view-files(6518)
Reference: URL:http://xforce.iss.net/static/6518.php
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in
Windows 2000, allows remote attackers to read server-side include
files via a malformed search request, aka a new variant of the
"Malformed Hit-Highlighting" vulnerability.
Modifications:
ADDREF XF:win-indexserver-view-files(6518)
INFERRED ACTION: CAN-2001-0245 ACCEPT (9 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(8) Wall, Renaud, Baker, Balinsky, Cole, Magdych, Williams, Ziese
MODIFY(1) Frech
Voter Comments:
Frech> XF:win-indexserver-view-files(6518)
======================================================
Candidate: CAN-2001-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0248
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010322
Category: SF
Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp
Reference: CERT:CA-2001-07
Reference: URL:http://www.cert.org/advisories/CA-2001-07.html
Reference: BID:2552
Reference: URL:http://www.securityfocus.com/bid/2552
Reference: XF:ftp-glob-expansion(6332)
Reference: URL:http://xforce.iss.net/static/6332.php
Buffer overflow in FTP server in HPUX 11 allows remote attackers to
execute arbitrary commands by creating a long pathname and calling the
STAT command, which uses glob to generate long strings.
Modifications:
ADDREF XF:ftp-glob-expansion(6332)
CONTENT-DECISIONS: SF-LOC, SF-CODEBASE
INFERRED ACTION: CAN-2001-0248 ACCEPT (5 accept, 2 ack, 0 review) HAS_CDS
Current Votes:
ACCEPT(4) Renaud, Baker, Cole, Ziese
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ftp-glob-expansion(6332)
======================================================
Candidate: CAN-2001-0249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0249
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010322
Category: SF
Reference: NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
Reference: URL:http://www.pgp.com/research/covert/advisories/048.asp
Reference: CERT:CA-2001-07
Reference: URL:http://www.cert.org/advisories/CA-2001-07.html
Reference: BID:2550
Reference: URL:http://www.securityfocus.com/bid/2550
Reference: XF:ftp-glob-expansion(6332)
Reference: URL:http://xforce.iss.net/static/6332.php
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to
execute arbitrary commands by creating a long pathname and calling the
LIST command, which uses glob to generate long strings.
Modifications:
ADDREF XF:ftp-glob-expansion(6332)
CONTENT-DECISIONS: SF-LOC, SF-CODEBASE
INFERRED ACTION: CAN-2001-0249 ACCEPT (5 accept, 2 ack, 0 review) HAS_CDS
Current Votes:
ACCEPT(4) Renaud, Baker, Cole, Ziese
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ftp-glob-expansion(6332)
======================================================
Candidate: CAN-2001-0330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0330
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010427
Category: SF
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2671
Reference: URL:http://www.securityfocus.com/bid/2671
Reference: XF:bugzilla-gobalpl-gain-information(6489)
Reference: URL:http://xforce.iss.net/static/6489.php
Bugzilla 2.10 allows remote attackers to access sensitive information,
including the database username and password, via an HTTP request for
the globals.pl file, which is normally returned by the web server
without being executed.
Modifications:
ADDREF XF:bugzilla-gobalpl-gain-information(6489)
INFERRED ACTION: CAN-2001-0330 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Renaud, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Oliver
Voter Comments:
Frech> XF:bugzilla-gobalpl-gain-information(6489)
======================================================
Candidate: CAN-2001-0331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0331
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010508
Category: SF
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: SGI:20010501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P
Reference: XF:irix-espd-bo(6502)
Reference: URL:http://xforce.iss.net/static/6502.php
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in
IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary
commands.
Modifications:
ADDREF XF:irix-espd-bo(6502)
INFERRED ACTION: CAN-2001-0331 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Renaud, Baker, Cole, Magdych, Williams
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:irix-espd-bo(6502)
======================================================
Candidate: CAN-2001-0333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0333
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: CERT:CA-2001-12
Reference: URL:http://www.cert.org/advisories/CA-2001-12.html
Reference: XF:iis-url-decoding(6534)
Reference: URL:http://xforce.iss.net/static/6534.php
Reference: BID:2708
Reference: URL:http://www.securityfocus.com/bid/2708
Directory traversal vulnerability in IIS 5.0 and earlier allows remote
attackers to execute arbitrary commands by encoding .. (dot dot) and
"\" characters twice.
Modifications:
ADDREF XF:iis-url-decoding(6534)
ADDREF BID:2708
ADDREF CERT:CA-2001-12
INFERRED ACTION: CAN-2001-0333 ACCEPT (8 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:iis-url-decoding(6534)
Christey> BID:2708
URL:http://www.securityfocus.com/bid/2708
======================================================
Candidate: CAN-2001-0334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0334
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-wildcard-dos(6535)
Reference: URL:http://xforce.iss.net/static/6535.php
FTP service in IIS 5.0 and earlier allows remote attackers to cause a
denial of service via a wildcard sequence that generates a long string
when it is expanded.
Modifications:
ADDREF XF:iis-ftp-wildcard-dos(6535)
INFERRED ACTION: CAN-2001-0334 ACCEPT (8 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
MODIFY(1) Frech
Voter Comments:
Frech> XF:iis-ftp-wildcard-dos(6535)
======================================================
Candidate: CAN-2001-0335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0335
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-domain-authentication(6545)
Reference: URL:http://xforce.iss.net/static/6545.php
Reference: BID:2719
Reference: URL:http://www.securityfocus.com/bid/2719
FTP service in IIS 5.0 and earlier allows remote attackers to
enumerate Guest accounts in trusted domains by preceding the username
with a special sequence of characters.
Modifications:
ADDREF XF:iis-ftp-domain-authentication(6545)
INFERRED ACTION: CAN-2001-0335 ACCEPT (8 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(7) Ziese, Wall, Renaud, Baker, Cole, Magdych, Williams
MODIFY(1) Frech
NOOP(1) Christey
Voter Comments:
Frech> XF:iis-ftp-domain-authentication(6545)
Christey> BID:2719
URL:http://www.securityfocus.com/bid/2719
======================================================
Candidate: CAN-2001-0336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0336
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-crosssitescripting-patch-dos(6858)
Reference: URL:http://xforce.iss.net/static/6858.php
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an
error which allows attackers to cause a denial of service via a
malformed request.
Modifications:
ADDREF XF:iis-crosssitescripting-patch-dos(6858)
INFERRED ACTION: CAN-2001-0336 ACCEPT (7 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Wall, Renaud, Baker, Cole, Williams
MODIFY(1) Frech
Voter Comments:
Frech> XF:iis-crosssitescripting-patch-dos(6858)
======================================================
Candidate: CAN-2001-0338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0338
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-crl-certificate-spoofing(6555)
Reference: URL:http://xforce.iss.net/static/6555.php
Reference: BID:2735
Reference: URL:http://www.securityfocus.com/bid/2735
Internet Explorer 5.5 and earlier does not properly validate digital
certificates when Certificate Revocation List (CRL) checking is
enabled, which could allow remote attackers to spoof trusted web
sites, aka the "Server certificate validation vulnerability."
Modifications:
ADDREF XF:ie-crl-certificate-spoofing(6555)
ADDREF BID:2735
ADDREF CIAC:L-087
INFERRED ACTION: CAN-2001-0338 ACCEPT (6 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Wall, Baker, Balinsky, Cole, Williams
MODIFY(1) Frech
NOOP(2) Ziese, Renaud
Voter Comments:
Frech> XF:ie-crl-certificate-spoofing(6555)
======================================================
Candidate: CAN-2001-0339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0339
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010510
Category: SF
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-html-url-spoofing(6556)
Reference: URL:http://xforce.iss.net/static/6556.php
Reference: BID:2737
Reference: URL:http://www.securityfocus.com/bid/2737
Internet Explorer 5.5 and earlier allows remote attackers to display a
URL in the address bar that is different than the URL that is actually
being displayed, which could be used in web site spoofing attacks, aka
the "Web page spoofing vulnerability."
Modifications:
ADDREF XF:ie-html-url-spoofing(6556)
ADDREF BID:2737
ADDREF CIAC:L-087
INFERRED ACTION: CAN-2001-0339 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Wall, Baker, Balinsky, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Renaud, Cole
Voter Comments:
Frech> XF:ie-html-url-spoofing(6556)
======================================================
Candidate: CAN-2001-0340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0340
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010510
Category: SF
Reference: MS:MS01-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp
Reference: CIAC:L-091
Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml
Reference: XF:exchange-owa-script-execution(6652)
Reference: URL:http://xforce.iss.net/static/6652.php
An interaction between the Outlook Web Access (OWA) service in
Microsoft Exchange 2000 Server and Internet Explorer allows attackers
to execute malicious script code against a user's mailbox via a
message attachment that contains HTML code, which is executed
automatically.
Modifications:
ADDREF XF:exchange-owa-script-execution(6652)
ADDREF CIAC:L-091
INFERRED ACTION: CAN-2001-0340 ACCEPT (8 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(7) Ziese, Prosser, Stracener, Wall, Balinsky, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:exchange-owa-script-execution(6652)
Prosser> MS01-030
======================================================
Candidate: CAN-2001-0341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0341
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20010829
Assigned: 20010510
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2
Reference: MS:MS01-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
Reference: BID:2906
Reference: URL:http://www.securityfocus.com/bid/2906
Buffer overflow in Microsoft Visual Studio RAD Support sub-component
of FrontPage Server Extensions allows remote attackers to execute
arbitrary commands via a long registration request (URL) to
fp30reg.dll.
INFERRED ACTION: CAN-2001-0341 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Bishop, Ziese, Wall, Cole
NOOP(1) Armstrong
======================================================
Candidate: CAN-2001-0344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0344
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp
Reference: CIAC:L-095
Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml
Reference: XF:mssql-cached-connection-access(6684)
Reference: URL:http://xforce.iss.net/static/6684.php
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using
Mixed Mode allows local database users to gain privileges by reusing a
cached connection of the sa administrator account.
Modifications:
ADDREF XF:mssql-cached-connection-access(6684)
ADDREF CIAC:L-095
INFERRED ACTION: CAN-2001-0344 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:mssql-cached-connection-access(6684)
======================================================
Candidate: CAN-2001-0345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0345
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: BID:2843
Reference: URL:http://www.securityfocus.com/bid/2843
Reference: XF:win2k-telnet-idle-sessions-dos(6667)
Reference: URL:http://xforce.iss.net/static/6667.php
Microsoft Windows 2000 telnet service allows attackers to prevent idle
Telnet sessions from timing out, causing a denial of service by
creating a large number of idle sessions.
Modifications:
ADDREF XF:win2k-telnet-idle-sessions-dos(6667)
ADDREF BID:2843
INFERRED ACTION: CAN-2001-0345 ACCEPT (7 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:win2k-telnet-idle-sessions-dos(6667)
======================================================
Candidate: CAN-2001-0346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0346
Final-Decision:
Interim-Decision: 20010911
Modified:
Proposed: 20010829
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Handle leak in Microsoft Windows 2000 telnet service allows attackers
to cause a denial of service by starting a large number of sessions
and terminating them.
INFERRED ACTION: CAN-2001-0346 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Bishop, Ziese, Wall, Cole, Armstrong
======================================================
Candidate: CAN-2001-0347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0347
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: BID:2847
Reference: URL:http://www.securityfocus.com/bid/2847
Reference: XF:win2k-telnet-domain-authentication(6665)
Reference: URL:http://xforce.iss.net/static/6665.php
Information disclosure vulnerability in Microsoft Windows 2000 telnet
service allows remote attackers to determine the existence of user
accounts such as Guest, or log in to the server without specifying the
domain name, via a malformed userid.
Modifications:
ADDREF XF:win2k-telnet-domain-authentication(6665)
DESC Added details.
INFERRED ACTION: CAN-2001-0347 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Ziese, Stracener, Wall, Foat, Cole
MODIFY(2) Balinsky, Frech
Voter Comments:
Balinsky> Instead of "determine Guest accounts" say "access accounts, such as Guest, for which they know the password"
Frech> XF:win2k-telnet-domain-authentication(6665)
======================================================
Candidate: CAN-2001-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0348
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: XF:win2k-telnet-username-dos(6666)
Reference: URL:http://xforce.iss.net/static/6666.php
Microsoft Windows 2000 telnet service allows attackers to cause a
denial of service (crash) via a long logon command that contains a
backspace.
Modifications:
ADDREF XF:win2k-telnet-username-dos(6666)
ADDREF BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
ADDREF CIAC:L-092
INFERRED ACTION: CAN-2001-0348 ACCEPT (7 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:win2k-telnet-username-dos(6666)
======================================================
Candidate: CAN-2001-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0351
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010516
Category: SF
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: XF:win2k-telnet-system-call-dos(6669)
Reference: URL:http://xforce.iss.net/static/6669.php
Reference: BID:2846
Reference: URL:http://www.securityfocus.com/bid/2846
Microsoft Windows 2000 telnet service allows a local user to make a
certain system call that allows the user to terminate a Telnet session
and cause a denial of service.
Modifications:
ADDREF XF:win2k-telnet-system-call-dos(6669)
ADDREF BID:2846
ADDREF CIAC:L-092
INFERRED ACTION: CAN-2001-0351 ACCEPT (7 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(6) Ziese, Stracener, Wall, Balinsky, Foat, Cole
MODIFY(1) Frech
Voter Comments:
Frech> XF:win2k-telnet-system-call-dos(6669)
======================================================
Candidate: CAN-2001-0353
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0353
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010727
Assigned: 20010523
Category: SF
Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
Reference: URL:http://xforce.iss.net/alerts/advise80.php
Reference: SUN:00206
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206
Reference: CERT:CA-2001-15
Reference: URL:http://www.cert.org/advisories/CA-2001-15.html
Reference: XF:solaris-lpd-bo(6718)
Reference: URL:http://xforce.iss.net/static/6718.php
Reference: BID:2894
Reference: URL:http://www.securityfocus.com/bid/2894
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and
earlier allows local and remote attackers to gain root privileges via
a "transfer job" routine.
Modifications:
ADDREF XF:solaris-lpd-bo(6718)
ADDREF BID:2894
ADDREF CERT:CA-2001-15
ADDREF SUN:00206
INFERRED ACTION: CAN-2001-0353 ACCEPT (3 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Stracener, Cole
MODIFY(1) Frech
NOOP(3) Wall, Foat, Christey
Voter Comments:
Frech> XF:solaris-lpd-bo(6718)
Christey> BID:2894
http://www.securityfocus.com/bid/2894
Christey> CERT:CA-2001-15
URL:http://www.cert.org/advisories/CA-2001-15.html
SUN:00206
======================================================
Candidate: CAN-2001-0361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0361
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2
Reference: CIAC:L-047
Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml
Reference: FREEBSD:FreeBSD-SA-01:24
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
Reference: DEBIAN:DSA-027
Reference: URL:http://www.debian.org/security/2001/dsa-027
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: URL:http://www.cisc.com/warp/public/707/SSH-multiple-pub.html
Reference: SUSE:SuSE-SA:2001:04
Reference: URL:http://www.suse.de/de/support/security/adv004_ssh.txt
Reference: XF:ssh-session-key-recovery(6082)
Reference: URL:http://xforce.iss.net/static/6082.php
Reference: BID:2344
Reference: URL:http://www.securityfocus.com/bid/2344
Implementations of SSH version 1.5, including (1) OpenSSH up to
version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in
certain configurations, allow a remote attacker to decrypt and/or
alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Modifications:
DESC Shortened (slightly)
ADDREF XF:ssh-session-key-recovery(6082)
CHANGEREF [fix] BUGTRAQ
ADDREF DEBIAN:DSA-027
ADDREF CIAC:L-047
ADDREF FREEBSD:FreeBSD-SA-01:24
ADDREF CISCO:20010627 Multiple SSH Vulnerabilities
ADDREF SUSE:SuSE-SA:2001:04
INFERRED ACTION: CAN-2001-0361 ACCEPT (4 accept, 5 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Oliver
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ssh-session-key-recovery(6082)
======================================================
Candidate: CAN-2001-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0368
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
Reference: URL:http://www.securityfocus.com/archive/1/180644
Reference: BID:2672
Reference: URL:http://www.securityfocus.com/bid/2672
Reference: XF:bearshare-dot-download-files(6481)
Reference: URL:http://xforce.iss.net/static/6481.php
Directory traversal vulnerability in BearShare 2.2.2 and earlier
allows a remote attacker to read certain files via a URL containing a
series of . characters, a variation of the .. (dot dot) attack.
Modifications:
ADDREF XF:bearshare-dot-download-files(6481)
INFERRED ACTION: CAN-2001-0368 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Renaud, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Oliver
Voter Comments:
Frech> XF:bearshare-dot-download-files(6481)
======================================================
Candidate: CAN-2001-0377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0377
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
Reference: XF:inframail-post-dos(6297)
Reference: URL:http://xforce.iss.net/static/6297.php
Infradig Inframail prior to 3.98a allows a remote attacker to create a
denial of service via a malformed POST request which includes a space
followed by a large string.
Modifications:
CHANGEREF [normalize] XF:inframail-post-dos(6297)
INFERRED ACTION: CAN-2001-0377 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Cole, Frech
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0378
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0378
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
Reference: XF:bsd-readline-permissions(6586)
Reference: URL:http://xforce.iss.net/static/6586.php
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history
files with insecure permissions, which allows a local attacker to
recover potentially sensitive information via readline history files.
Modifications:
DELREF BUGTRAQ
ADDREF XF:bsd-readline-permissions(6586)
INFERRED ACTION: CAN-2001-0378 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Ziese, Cole
MODIFY(1) Frech
NOOP(2) Wall, Oliver
Voter Comments:
Frech> XF:bsd-readline-permissions(6586)
BUGTRAQ reference is actually from OpenBSD-Security mailing
list.
======================================================
Candidate: CAN-2001-0379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0379
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0103-147
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html
Reference: XF:hp-newgrp-additional-privileges(6282)
Reference: URL:http://xforce.iss.net/static/6282.php
Vulnerability in the newgrp program included with HP9000 servers
running HP-UX 11.11 allows a local attacker to obtain higher access
rights.
Modifications:
ADDREF XF:hp-newgrp-additional-privileges(6282)
INFERRED ACTION: CAN-2001-0379 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:hp-newgrp-additional-privileges(6282)
======================================================
Candidate: CAN-2001-0383
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0383
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010401 Php-nuke exploit...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes
Reference: XF:php-nuke-url-redirect(6342)
Reference: URL:http://xforce.iss.net/static/6342.php
Reference: BID:2544
Reference: URL:http://www.securityfocus.com/bid/2544
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to
modify banner ad URLs by directly calling the Change operation, which
does not require authentication.
Modifications:
DESC fix typo: "URL's"
ADDREF XF:php-nuke-url-redirect(6342)
ADDREF BID:2544
INFERRED ACTION: CAN-2001-0383 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(2) Wall, Christey
Voter Comments:
Frech> XF:php-nuke-url-redirect(6342)
In description, URL's should be URLs (it is not possessive).
Christey> I'll "own up" to the URL's typo (pun intended).
======================================================
Candidate: CAN-2001-0387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0387
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010412 HylaFAX vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/175963
Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html
Reference: FREEBSD:FreeBSD-SA-01:34
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html
Reference: SUSE:SuSE-SA:2001:15
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html
Reference: MANDRAKE:MDKSA-2001:041
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3
Reference: BID:2574
Reference: URL:http://www.securityfocus.com/bid/2574
Reference: XF:hylafax-hfaxd-format-string(6377)
Reference: URL:http://xforce.iss.net/static/6377.php
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows
local users to gain privileges via the -q command line argument.
Modifications:
ADDREF XF:hylafax-hfaxd-format-string(6377)
INFERRED ACTION: CAN-2001-0387 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(2) Wall, Renaud
Voter Comments:
Frech> XF:hylafax-hfaxd-format-string(6377)
======================================================
Candidate: CAN-2001-0388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0388
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:28
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
Reference: MANDRAKE:MDKSA-2001:034
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
Reference: SUSE:SuSE-SA:2001:07
Reference: URL:http://www.suse.de/de/support/security/2001_007_nkitserv.txt
Reference: XF:timed-remote-dos(6228)
Reference: URL:http://xforce.iss.net/static/6228.php
time server daemon timed allows remote attackers to cause a denial of
service via malformed packets.
Modifications:
CHANGEREF [normalize] XF:timed-remote-dos(6228)
INFERRED ACTION: CAN-2001-0388 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Ziese, Baker, Cole, Frech, Oliver
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0402
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2
Reference: FREEBSD:FreeBSD-SA-01:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html
Reference: XF:ipfilter-access-ports(6331)
Reference: URL:http://xforce.iss.net/static/6331.php
IPFilter 3.4.16 and earlier does not include sufficient session
information in its cache, which allows remote attackers to bypass
access restrictions by sending fragmented packets to a restricted port
after sending unfragmented packets to an unrestricted port.
Modifications:
ADDREF XF:ipfilter-access-ports(6331)
INFERRED ACTION: CAN-2001-0402 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ipfilter-access-ports(6331)
======================================================
Candidate: CAN-2001-0405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0405
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
Reference: REDHAT:RHSA-2001:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html
Reference: MANDRAKE:MDKSA-2001:071
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
Reference: BID:2602
Reference: URL:http://www.securityfocus.com/bid/2602
Reference: XF:linux-netfilter-iptables(6390)
Reference: URL:http://xforce.iss.net/static/6390.php
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote
attackers to bypass access restrictions for an FTP server via a PORT
command that lists an arbitrary IP address and port number, which is
added to the RELATED table and allowed by the firewall.
Modifications:
ADDREF XF:linux-netfilter-iptables(6390)
ADDREF MANDRAKE:MDKSA-2001:071
INFERRED ACTION: CAN-2001-0405 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Ziese, Prosser, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-netfilter-iptables(6390)
Prosser> http://www.linux-mandrake.com/en/security/mdk-updates.php3?dis=8.0
Additional reference: http://www.tempest.com.br/advisories/01-2001.html
======================================================
Candidate: CAN-2001-0408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0408
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:035
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
Reference: REDHAT:RHSA-2001:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: BUGTRAQ:20010329 Immunix OS Security update for vim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2
Reference: BID:2510
Reference: URL:http://www.securityfocus.com/bid/2510
Reference: XF:vim-elevate-privileges(6259)
Reference: URL:http://xforce.iss.net/static/6259.php
vim (aka gvim) processes VIM control codes that are embedded in a
file, which could allow attackers to execute arbitrary commands when
another user opens a file containing malicious VIM control codes.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0408 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0409
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.suse.de/de/support/security/2001_012_vim.txt
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: XF:vim-tmp-symlink(6628)
Reference: URL:http://xforce.iss.net/static/6628.php
vim (aka gvim) allows local users to modify files being edited by
other users via a symlink attack on the backup and swap files, when
the victim is editing the file in a world writable directory.
Modifications:
ADDREF XF:vim-tmp-symlink(6628)
DESC fix typo
INFERRED ACTION: CAN-2001-0409 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:vim-tmp-symlink(6628)
In description, writeable should be writable.
======================================================
Candidate: CAN-2001-0412
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0412
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml
Reference: BID:2559
Reference: URL:http://www.securityfocus.com/bid/2559
Reference: XF:cisco-css-elevate-privileges(6322)
Reference: URL:http://xforce.iss.net/static/6322.php
Cisco Content Services (CSS) switch products 11800 and earlier, aka
Arrowpoint, allows local users to gain privileges by entering debug
mode.
Modifications:
ADDREF XF:cisco-css-elevate-privileges(6322)
ADDREF BID:2559
INFERRED ACTION: CAN-2001-0412 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:cisco-css-elevate-privileges(6322)
======================================================
Candidate: CAN-2001-0413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0413
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2
Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2
Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
Reference: BUGTRAQ:20010409 BINTEC X1200
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2
Reference: XF:bintec-x4000-nmap-dos(6323)
Reference: URL:http://xforce.iss.net/static/6323.php
BinTec X4000 Access router, and possibly other versions, allows remote
attackers to cause a denial of service via a SYN port scan, which
causes the router to hang.
Modifications:
ADDREF XF:bintec-x4000-nmap-dos(6323)
INFERRED ACTION: CAN-2001-0413 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:bintec-x4000-nmap-dos(6323)
======================================================
Candidate: CAN-2001-0414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0414
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2
Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2
Reference: REDHAT:RHSA-2001:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html
Reference: CALDERA:CSSA-2001-013
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
Reference: MANDRAKE:MDKSA-2001:036
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
Reference: DEBIAN:DSA-045
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2
Reference: NETBSD:NetBSD-SA2001-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
Reference: SUSE:SuSE-SA:2001:10
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
Reference: CONECTIVA:CLA-2001:392
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
Reference: FREEBSD:FreeBSD-SA-01:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
Reference: SCO:SSE073
Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr
Reference: SCO:SSE074
Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr
Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2
Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2
Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2
Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2
Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
Reference: BID:2540
Reference: URL:http://www.securityfocus.com/bid/2540
Reference: XF:ntpd-remote-bo(6321)
Reference: URL:http://xforce.iss.net/static/6321.php
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and
xntp3) allows remote attackers to cause a denial of service and
possibly execute arbitrary commands via a long readvar argument.
Modifications:
ADDREF XF:ntpd-remote-bo(6321)
INFERRED ACTION: CAN-2001-0414 ACCEPT (5 accept, 6 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Baker, Bollinger, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:ntpd-remote-bo(6321)
======================================================
Candidate: CAN-2001-0427
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0427
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Reference: XF:cisco-vpn-telnet-dos(6298)
Reference: URL:http://xforce.iss.net/static/6298.php
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote
attackers to cause a denial of service via a flood of invalid login
requests to (1) the SSL service, or (2) the telnet service, which do
not properly disconnect the user after several failed login attempts.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0427 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0428
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0428
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
Reference: BID:2573
Reference: URL:http://www.securityfocus.com/bid/2573
Reference: XF:cisco-vpn-ip-dos(6360)
Reference: URL:http://xforce.iss.net/static/6360.php
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote
attackers to cause a denial of service via an IP packet with an
invalid IP option.
Modifications:
ADDREF XF:cisco-vpn-ip-dos(6360)
INFERRED ACTION: CAN-2001-0428 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:cisco-vpn-ip-dos(6360)
======================================================
Candidate: CAN-2001-0429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0429
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
Reference: CIAC:L-072
Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml
Reference: BID:2604
Reference: URL:http://www.securityfocus.com/bid/2604
Reference: XF:cisco-catalyst-8021x-dos(6379)
Reference: URL:http://xforce.iss.net/static/6379.php
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an
802.1x frame on a Spanning Tree Protocol (STP) blocked port, which
causes a network storm and a denial of service.
Modifications:
ADDREF XF:cisco-catalyst-8021x-dos(6379)
ADDREF CIAC:L-072
INFERRED ACTION: CAN-2001-0429 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:cisco-catalyst-8021x-dos(6379)
======================================================
Candidate: CAN-2001-0430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0430
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-046
Reference: URL:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html
Reference: XF:exuberant-ctags-symlink(6388)
Reference: URL:http://xforce.iss.net/static/6388.php
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates
temporary files.
Modifications:
ADDREF XF:exuberant-ctags-symlink(6388)
DESC slight rewording
INFERRED ACTION: CAN-2001-0430 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:exuberant-ctags-symlink(6388)
In description, a more proper grammar would be "insecurely
creates temporary files."
======================================================
Candidate: CAN-2001-0434
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0434
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: COMPAQ:SSRT0716
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml
Reference: XF:compaq-activex-dos(6355)
Reference: URL:http://xforce.iss.net/static/6355.php
The LogDataListToFile ActiveX function used in (1) Knowledge Center
and (2) Back web components of Compaq Presario computers allows remote
attackers to modify arbitrary files and cause a denial of service.
Modifications:
ADDREF XF:compaq-activex-dos(6355)
INFERRED ACTION: CAN-2001-0434 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:compaq-activex-dos(6355)
======================================================
Candidate: CAN-2001-0436
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0436
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
Reference: CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html
Reference: XF:dcforum-az-expr(6392)
Reference: URL:http://xforce.iss.net/static/6392.php
Reference: BID:2611
Reference: URL:http://www.securityfocus.com/bid/2611
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute
arbitrary commands by uploading a Perl program to the server and using
a .. (dot dot) in the AZ parameter to reference the program.
Modifications:
ADDREF XF:dcforum-az-expr(6392)
CONTENT-DECISIONS: SF-LOC
INFERRED ACTION: CAN-2001-0436 ACCEPT_ACK (2 accept, 1 ack, 0 review) HAS_CDS
Current Votes:
ACCEPT(1) Baker
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Cole
Voter Comments:
Frech> XF:dcforum-az-expr(6392)
======================================================
Candidate: CAN-2001-0437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0437
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
Reference: CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html
Reference: BID:2611
Reference: URL:http://www.securityfocus.com/bid/2611
Reference: XF:dcforum-az-file-upload(6393)
Reference: URL:http://xforce.iss.net/static/6393.php
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload
arbitrary files without authentication by setting the az parameter to
upload_file.
Modifications:
ADDREF XF:dcforum-az-file-upload(6393)
CONTENT-DECISIONS: SF-LOC
INFERRED ACTION: CAN-2001-0437 ACCEPT (4 accept, 1 ack, 0 review) HAS_CDS
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:dcforum-az-file-upload(6393)
======================================================
Candidate: CAN-2001-0439
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0439
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: XF:licq-url-execute-commands(6261)
Reference: URL:http://xforce.iss.net/static/6261.php
licq before 1.0.3 allows remote attackers to execute arbitrary
commands via shell metacharacters in a URL.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0439 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0440
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: XF:licq-logging-bo(6645)
Reference: URL:http://xforce.iss.net/static/6645.php
Buffer overflow in logging functions of licq before 1.0.3 allows
remote attackers to cause a denial of service, and possibly execute
arbitrary commands.
Modifications:
ADDREF XF:licq-logging-bo(6645)
ADDREF REDHAT:RHSA-2001:022
INFERRED ACTION: CAN-2001-0440 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:licq-logging-bo(6645)
======================================================
Candidate: CAN-2001-0455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0455
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
Reference: XF:cisco-aironet-web-access(6200)
Reference: URL:http://xforce.iss.net/static/6200.php
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly
disable access to the web interface, which allows remote attackers to
modify its configuration.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0455 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(2) Oliver, Wall
======================================================
Candidate: CAN-2001-0456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0456
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: DEBIAN:DSA-032
Reference: URL:http://www.debian.org/security/2001/dsa-032
Reference: XF:proftpd-postinst-root(6208)
Reference: URL:http://xforce.iss.net/static/6208.php
postinst installation script for Proftpd in Debian 2.2 does not
properly change the "run as uid/gid root" configuration when the user
enables anonymous access, which causes the server to run at a higher
privilege than intended.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0456 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0457
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category:
Reference: DEBIAN:DSA-035
Reference: URL:http://www.debian.org/security/2001/dsa-035
Reference: XF:man2html-remote-dos(6211)
Reference: URL:http://xforce.iss.net/static/6211.php
man2html before 1.5-22 allows remote attackers to cause a denial of
service (memory exhaustion).
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0457 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0462
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for perl webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
Reference: XF:perl-webserver-directory-traversal(6451)
Reference: URL:http://xforce.iss.net/static/6451.php
Reference: BID:2648
Reference: URL:http://www.securityfocus.com/bid/2648
Directory traversal vulnerability in Perl web server 0.3 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot) in
the URL.
Modifications:
ADDREF XF:perl-webserver-directory-traversal(6451)
INFERRED ACTION: CAN-2001-0462 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Balinsky
Voter Comments:
Frech> XF:perl-webserver-directory-traversal(6451)
======================================================
Candidate: CAN-2001-0465
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0465
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010405
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2
Reference: CONFIRM:http://www.turbotax.com/atr/update/
Reference: XF:turbotax-save-passwords(6622)
Reference: URL:http://xforce.iss.net/static/6622.php
TurboTax saves passwords in a temporary file when a user imports
investment tax information from a financial institution, which could
allow local users to obtain sensitive information.
Modifications:
ADDREF XF:turbotax-save-passwords(6622)
INFERRED ACTION: CAN-2001-0465 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:turbotax-save-passwords(6622)
======================================================
Candidate: CAN-2001-0467
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0467
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category:
Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server
Reference: URL:http://www.securityfocus.com/archive/1/178935
Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
Reference: BID:2643
Reference: URL:http://www.securityfocus.com/bid/2643
Reference: XF:viking-dot-directory-traversal(6450)
Reference: URL:http://xforce.iss.net/static/6450.php
Directory traversal vulnerability in RobTex Viking Web server before
1.07-381 allows remote attackers to read arbitrary files via a \...
(modified dot dot) in an HTTP URL request.
Modifications:
ADDREF CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
ADDREF XF:viking-dot-directory-traversal(6450)
INFERRED ACTION: CAN-2001-0467 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Baker, Balinsky, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Cole
Voter Comments:
Balinsky> http://www.robtex.com/files/viking/beta/chglog.txt
Beta change logs acknowledge the exploit (and its author).
Frech> XF:viking-dot-directory-traversal(6450)
CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
(specifically: "-382 \...\-exploit fix (thanks to Joe Testa
http://hogs.rit.edu/~joet )")
======================================================
Candidate: CAN-2001-0469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0469
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:29
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
Reference: BID:2473
Reference: URL:http://www.securityfocus.com/bid/2473
Reference: XF:rwhod-remote-dos(6229)
Reference: URL:http://xforce.iss.net/static/6229.php
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other
operating systems, allows remote attackers to cause a denial of
service via malformed packets with a short length.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0469 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(2) Oliver, Wall
======================================================
Candidate: CAN-2001-0473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0473
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001-031
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
Reference: REDHAT:RHSA-2001:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html
Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2
Reference: CONECTIVA:CLA-2001:385
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
Reference: XF:mutt-imap-format-string(6235)
Reference: URL:http://xforce.iss.net/static/6235.php
Format string vulnerability in Mutt before 1.2.5 allows a remote
malicious IMAP server to execute arbitrary commands.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0473 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Frech, Oliver, Ziese, Baker, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0474
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0474
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:029
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
Reference: XF:mesa-utahglx-symlink(6231)
Reference: URL:http://xforce.iss.net/static/6231.php
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local
users to overwrite arbitrary files via a symlink attack on the
/tmp/glxmemory file.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0474 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Ziese, Baker, Cole
NOOP(2) Oliver, Wall
======================================================
Candidate: CAN-2001-0475
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0475
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Reference: BID:2474
Reference: URL:http://www.securityfocus.com/bid/2474
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Reference: XF:vbulletin-php-elevate-privileges(6237)
Reference: URL:http://xforce.iss.net/static/6237.php
index.php in Jelsoft vBulletin does not properly initialize a PHP
variable that is used to store template information, which allows
remote attackers to execute arbitrary PHP code via special characters
in the templatecache parameter.
Modifications:
CHANGEREF [normalize] XF
INFERRED ACTION: CAN-2001-0475 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Frech, Oliver, Ziese, Cole
NOOP(1) Wall
======================================================
Candidate: CAN-2001-0481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0481
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: MANDRAKE:MDKSA-2001:043
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3
Reference: XF:linux-rpmdrake-temp-file(6494)
Reference: URL:http://xforce.iss.net/static/6494.php
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure
temporary file handling.
Modifications:
ADDREF XF:linux-rpmdrake-temp-file(6494)
INFERRED ACTION: CAN-2001-0481 ACCEPT (6 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(5) Ziese, Renaud, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:linux-rpmdrake-temp-file(6494)
======================================================
Candidate: CAN-2001-0482
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0482
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0485.html
Reference: XF:pitbull-lx-modify-kernel(6623)
Reference: URL:http://xforce.iss.net/static/6623.php
Configuration error in Argus PitBull LX allows root users to bypass
specified access control restrictions and cause a denial of service or
execute arbitrary commands by modifying kernel variables such as
MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to
sysctl.
Modifications:
ADDREF XF:pitbull-lx-modify-kernel(6623)
INFERRED ACTION: CAN-2001-0482 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Ziese, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:pitbull-lx-modify-kernel(6623)
======================================================
Candidate: CAN-2001-0486
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0486
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: VULN-DEV:20010402 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html
Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2
Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html
Reference: BID:2623
Reference: URL:http://www.securityfocus.com/bid/2623
Reference: XF:bordermanager-vpn-syn-dos(6429)
Reference: URL:http://xforce.iss.net/static/6429.php
Remote attackers can cause a denial of service in Novell BorderManager
3.6 and earlier by sending TCP SYN flood to port 353.
Modifications:
ADDREF XF:bordermanager-vpn-syn-dos(6429)
INFERRED ACTION: CAN-2001-0486 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Ziese, Baker, Cole
MODIFY(1) Frech
NOOP(1) Wall
Voter Comments:
Frech> XF:bordermanager-vpn-syn-dos(6429)
======================================================
Candidate: CAN-2001-0488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0488
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: HP:HPSBUX0104-149
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0018.html
Reference: BID:2646
Reference: URL:http://www.securityfocus.com/bid/2646
Reference: XF:hp-pcltotiff-insecure-permissions(6447)
Reference: URL:http://xforce.iss.net/static/6447.php
pcltotiff in HP-UX 10.x has unnecessary set group id permissions,
which allows local users to cause a denial of service.
Modifications:
ADDREF XF:hp-pcltotiff-insecure-permissions(6447)
INFERRED ACTION: CAN-2001-0488 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(3) Wall, Renaud, Balinsky
Voter Comments:
Balinsky> Ziese already voted for Cisco, but the bugtraq link is a vendor acknowledgement.
Frech> XF:hp-pcltotiff-insecure-permissions(6447)
======================================================
Candidate: CAN-2001-0489
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0489
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: VULN-DEV:20010417 gftp exploitable?
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
Reference: REDHAT:RHSA-2001:053
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
Reference: MANDRAKE:MDKSA-2001-044
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0509.html
Reference: DEBIAN:DSA-057
Reference: URL:http://www.debian.org/security/2001/dsa-057
Reference: BID:2657
Reference: URL:http://www.securityfocus.com/bid/2657
Reference: XF:gftp-format-string(6478)
Reference: URL:http://xforce.iss.net/static/6478.php
Format string vulnerability in gftp prior to 2.0.8 allows remote
malicious FTP servers to execute arbitrary commands.
Modifications:
ADDREF XF:gftp-format-string(6478)
ADDREF DEBIAN:DSA-057
ADDREF BID:2657
ADDREF VULN-DEV:20010417 gftp exploitable?
INFERRED ACTION: CAN-2001-0489 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(3) Wall, Renaud, Christey
Voter Comments:
Christey> Add VULN-DEV reference?
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
Frech> XF:gftp-format-string(6478)
======================================================
Candidate: CAN-2001-0494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0494
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html
Reference: XF:ipswitch-imail-smtp-bo(6445)
Reference: URL:http://xforce.iss.net/static/6445.php
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior
versions allows remote attackers to execute arbitrary code via a long
From: header.
Modifications:
ADDREF XF:ipswitch-imail-smtp-bo(6445)
INFERRED ACTION: CAN-2001-0494 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) Oliver, Renaud, Baker, Williams
MODIFY(1) Frech
NOOP(3) Ziese, Wall, Cole
Voter Comments:
Oliver> Identified in news section of vendor's home page.
Frech> XF:ipswitch-imail-smtp-bo(6445)
======================================================
Candidate: CAN-2001-0495
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0495
Final-Decision:
Interim-Decision: 20010911
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
Reference: BID:2660
Reference: URL:http://www.securityfocus.com/bid/2660
Reference: XF:webxq-dot-directory-traversal(6466)
Reference: URL:http://xforce.iss.net/static/6466.php
Directory traversal in DataWizard WebXQ server 1.204 allows remote
attackers to view files outside of the web root via a .. (dot dot)
attack.
Modifications:
ADDREF XF:webxq-dot-directory-traversal(6466)
INFERRED ACTION: CAN-2001-0495 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(4) Ziese, Baker, Cole, Williams
MODIFY(1) Frech
NOOP(2) Wall, Renaud
Voter Comments:
Frech> XF:webxq-dot-directory-traversal(6466)