[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster LEGACY-MISC-1998-A - 44 candidates



I am proposing cluster LEGACY-MISC-1998-A for review and voting by the
Editorial Board.

Name: LEGACY-MISC-1998-A
Description: Legacy candidates announced between 1/1/1998 and 6/30/1998
Size: 44

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2

rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary
files via a symlink attack on the /tmp/rex.$$ file.

Analysis
----------------
ED_PRI CAN-1999-1037 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1085
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher
Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote
attackers to insert arbitrary data into an existing stream between an
SSH client and server by using a known plaintext attack and computing
a valid CRC-32 checksum for the packet, aka the "SSH insertion
attack."

Analysis
----------------
ED_PRI CAN-1999-1085 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1204
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2

Check Point Firewall-1 does not properly handle certain restricted
keywords (e.g., Mail, auth, time) in user-defined objects, which could
produce a rule with a default "ANY" address and result in access to
more systems than intended by the administrator.

Analysis
----------------
ED_PRI CAN-1999-1204 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1407
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2
Reference: BID:368
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=368

ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows
local users to append text to arbitrary files via a symlink attack on
the dhcplog file.

Analysis
----------------
ED_PRI CAN-1999-1407 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19980408 AppleShare IP Mail Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89200657216213&w=2
Reference: BID:61
Reference: URL:http://www.securityfocus.com/bid/61

Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and
earlier allows a remote attacker to cause a denial of service (crash)
via a long HELO command.

Analysis
----------------
ED_PRI CAN-1999-1015 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2
Reference: BID:290
Reference: URL:http://www.securityfocus.com/bid/290

Solaris 2.6 HW3/98 installs admintool with world-writable permissions,
which allows local users to gain privileges by replacing it with a
Trojan horse program.

Analysis
----------------
ED_PRI CAN-1999-1027 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2

COPS 1.04 allows local users to overwrite or create arbitrary files
via a symlink attack on temporary files in (1) res_diff, (2) ca.src,
and (3) mail.chk.

Analysis
----------------
ED_PRI CAN-1999-1036 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION:
CD:SF-LOC suggests combining the same type of problem into the same
entry for the same affected software version.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1038
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2

Tiger 2.2.3 allows local users to overwrite arbitrary files via a
symlink attack on various temporary files in Tiger's default working
directory, as defined by the WORKDIR variable.

Analysis
----------------
ED_PRI CAN-1999-1038 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980115 pnserver exploit..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2
Reference: MISC:http://service.real.com/help/faq/serv501.html

pnserver in RealServer 5.0 and earlier allowsd remote attackers to
cause a denial of service by sending a short, malformed request.

Analysis
----------------
ED_PRI CAN-1999-1045 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980318 AIX 4.1.5 DoS attack (aka "Port 1025 problem")
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89025820612530&w=2

inetd in AIX 4.1.5 dynamically assigns a port N when starting
ttdbserver (ToolTalk server), but also inadvertently listens on port
N-1 without passing control to ttdbserver, which allows remote
attackers to cause a denial of service via a large number of
connections to port N-1, which are not properly closed by inetd.

Analysis
----------------
ED_PRI CAN-1999-1075 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980516 kde exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925954&w=2
Reference: BUGTRAQ:19980517 simple kde exploit fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925959&w=2
Reference: XF:kde-klock-home-bo(1644)
Reference: URL:http://xforce.iss.net/static/1644.php

Buffer overflow in kscreensaver in KDE klock allows local users to
gain root privileges via a long HOME environmental variable.

Analysis
----------------
ED_PRI CAN-1999-1096 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1106
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980429 Security hole in kppp
Reference: URL:http://www.securityfocus.com/archive/1/9121
Reference: XF:kde-kppp-account-bo(1643)
Reference: URL:http://xforce.iss.net/static/1643.php
Reference: BID:92
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=92

Buffer overflow in kppp in KDE allows local users to gain root access
via a long -c (account_name) command line argument.

Analysis
----------------
ED_PRI CAN-1999-1106 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980414 MacOS based buffer overflows...
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89258194718577&w=2
Reference: BID:75
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=75

Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier
on MacOS systems allows remote attackers to cause a denial of service
via a long USER command to port 106.

Analysis
----------------
ED_PRI CAN-1999-1113 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980630 Livingston Portmaster - ISN generation is loosy!
Reference: URL:http://www.securityfocus.com/archive/1/9723
Reference: XF:portmaster-fixed-isn(1882)
Reference: URL:http://xforce.iss.net/static/1882.php

Livingston Portmaster routers running ComOS use the same initial
sequence number (ISN) for TCP connections, which allows remote
attackers to conduct spoofing and hijack TCP sessions.

Analysis
----------------
ED_PRI CAN-1999-1150 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1151
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980603 Compaq/Microcom 6000 DoS + more
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90296493106214&w=2
Reference: XF:microcom-dos(2089)
Reference: URL:http://xforce.iss.net/static/2089.php

Compaq/Microcom 6000 Access Integrator does not cause a session
timeout after prompting for a username or password, which allows
remote attackers to cause a denial of service by connecting to the
integrator without providing a username or password.

Analysis
----------------
ED_PRI CAN-1999-1151 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980603 Compaq/Microcom 6000 DoS + more
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90296493106214&w=2

Compaq/Microcom 6000 Access Integrator does not disconnect a client
after a certain number of failed login attempts, which allows remote
attackers to guess usernames or passwords via a brute force attack.

Analysis
----------------
ED_PRI CAN-1999-1152 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980110 Cidentd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88466930416716&w=2
Reference: BUGTRAQ:19980911 Re: security problems with jidentd
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90554230925545&w=2
Reference: MISC:http://spisa.act.uji.es/spi/progs/codigo/www.hack.co.za/exploits/daemon/ident/cidentd.c

Buffer overflow in cidentd ident daemon allows local users to gain
root privileges via a long line in the .authlie script.

Analysis
----------------
ED_PRI CAN-1999-1176 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1178
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: XF:sambar-dump-env(3223)
Reference: URL:http://xforce.iss.net/static/3223.php
Reference: BUGTRAQ:19980610 Sambar Server Beta BUG..
Reference: URL:http://www.securityfocus.com/archive/1/9505

Sambar Server 4.1 beta allows remote attackers to obtain sensitive
information about the server via an HTTP request for the dumpenv.pl
script.

Analysis
----------------
ED_PRI CAN-1999-1178 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1179
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980515 May SysAdmin man.sh security hole
Reference: URL:http://www.securityfocus.com/archive/1/9330

Vulnerability in man.sh CGI script, included in May 1998 issue of
SysAdmin Magazine, allows remote attackers to execute arbitrary
commands.

Analysis
----------------
ED_PRI CAN-1999-1179 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1207
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.efri.hr/~crv/security/bugs/NT/netxtray.html
Reference: XF:netxray-bo(907)
Reference: URL:http://xforce.iss.net/static/907.php

Buffer overflow in web-admin tool in NetXRay 2.6 allows remote
attackers to cause a denial of service, and possibly execute arbitrary
commands, via a long HTTP request.

Analysis
----------------
ED_PRI CAN-1999-1207 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1229
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1229
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980225 Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files
Reference: URL:http://www.securityfocus.com/archive/1/8590
Reference: XF:linux-quake2(733)
Reference: URL:http://xforce.iss.net/static/733.php

Quake 2 server 3.13 on Linux does not properly check file permissions
for the config.cfg configuration file, which allows local users to
read arbitrary files via a symlink from config.cfg to the target file.

Analysis
----------------
ED_PRI CAN-1999-1229 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980206 serious security hole in KDE Beta 3
Reference: URL:http://www.securityfocus.com/archive/1/8506
Reference: XF:kde-kss-file-clobber(1641)
Reference: URL:http://xforce.iss.net/static/1641.php

Screen savers in KDE beta 3 allows local users to overwrite arbitrary
files via a symlink attack on the .kss.pid file.

Analysis
----------------
ED_PRI CAN-1999-1269 3
Vendor Acknowledgement:
Content Decisions: EX-BETA, SF-EXEC

CD:EX-BETA suggests that bugs in beta software should not be included
in CVE, unless the software has been distributed widely.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980611 Unsecure passwords in Macromedia Dreamweaver
Reference: URL:http://www.securityfocus.com/archive/1/9511
Reference: XF:dreamweaver-weak-passwords(1636)
Reference: URL:http://xforce.iss.net/static/1636.php

Macromedia Dreamweaver uses weak encryption to store FTP passwords,
which could allow local users to easily decrypt the passwords of other
users.

Analysis
----------------
ED_PRI CAN-1999-1271 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1273
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980220 Simple way to bypass squid ACLs
Reference: URL:http://www.securityfocus.com/archive/1/8551
Reference: XF:squid-regexp-acl(1627)
Reference: URL:http://xforce.iss.net/static/1627.php

Squid Internet Object Cache 1.1.20 allows users to bypass access
control lists (ACLs) by encoding the URL with hexadecimal escape
sequences.

Analysis
----------------
ED_PRI CAN-1999-1273 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1361
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980509 coke.c
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925891&w=2

Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service)
allows remote attackers to cause a denial of service (resource
exhaustion) via a flood of malformed packets, which causes the server
to slow down and fill the event logs with error messages.

Analysis
----------------
ED_PRI CAN-1999-1361 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1389
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980511 3Com/USR Total Control Chassis dialup port access filters
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925916&w=2
Reference: BID:99
Reference: URL:http://www.securityfocus.com/bid/99

US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22
and 3.7.24 does not properly enforce access filters when the "set host
prompt" setting is made for a port, which allows attackers to bypass
restrictions by providing the hostname twice at the "host: " prompt.

Analysis
----------------
ED_PRI CAN-1999-1389 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1390
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1390
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980428 [Debian 2.0] /usr/bin/suidexec gives root access
Reference: URL:http://darwin.bio.uci.edu/~mcoogan/bugtraq/msg00890.html
Reference: BID:94
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=94

suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain
root privileges by specifying a malicious program on the command line.

Analysis
----------------
ED_PRI CAN-1999-1390 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1429
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980105 Security flaw in either DIT TransferPro or Solaris
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88419633507543&w=2
Reference: BID:204
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=204

DIT TransferPro installs devices with world-readable and
world-writable permissions, which could allow local users to damage
disks through the ff device driver.

Analysis
----------------
ED_PRI CAN-1999-1429 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1439
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1439
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980102 Symlink bug with GCC 2.7.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88419592307388&w=2
Reference: BUGTRAQ:19980108 GCC Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88524071002939&w=2
Reference: BUGTRAQ:19980115 GCC 2.7.? /tmp files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492937727193&w=2
Reference: BID:146
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=146

gcc 2.7.2 allows local users to overwrite arbitrary files via a
symlink attack on temporary .i, .s, or .o files.

Analysis
----------------
ED_PRI CAN-1999-1439 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1441
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1441
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980630 Serious Linux 2.0.34 security problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103126047&w=2
Reference: BID:111
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=111

Linux 2.0.34 does not properly prevent users from sending SIGIO
signals to arbitrary processes, which allows local users to cause a
denial of service by sending SIGIO to processes that do not catch it.

Analysis
----------------
ED_PRI CAN-1999-1441 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1442
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1442
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.cs.helsinki.fi/linux/linux-kernel/Year-1998/1998-25/0816.html
Reference: MISC:http://uwsg.iu.edu/hypermail/linux/kernel/9805.3/0855.html
Reference: BID:105
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=105

Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local
users to cause a denial of service (crash) via a particular sequence
of instructions, possibly related to accessing addresses outside of
segments.

Analysis
----------------
ED_PRI CAN-1999-1442 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1443
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1443
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980602 Full Armor.... Fool Proof etc... bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125889&w=2
Reference: BUGTRAQ:19980609 Full Armor
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125869&w=2
Reference: BID:103
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=103

Micah Software Full Armor Network Configurator and Zero Administration
allow local users with physical access to bypass the desktop
protection by (1) using <CTRL><ALT><DEL> and kill the process using
the task manager, (2) booting the system from a separate disk, or (3)
interrupting certain processes that execute while the system is
booting.

Analysis
----------------
ED_PRI CAN-1999-1443 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1445
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1445
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980202 imapd/ipop3d coredump in slackware 3.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88637951600184&w=2

Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with
shadowing enabled, and possibly other operating systems, allows remote
attackers to cause a core dump via a short sequence of USER and PASS
commands that do not provide valid usernames or passwords.

Analysis
----------------
ED_PRI CAN-1999-1445 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1479
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1479
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980624 textcounter.pl SECURITY HOLE
Reference: URL:http://www.securityfocus.com/archive/1/9609
Reference: XF:http-cgi-textcounter(2052)
Reference: URL:http://xforce.iss.net/static/2052.php

The textcounter.pl by Matt Wright allows remote attackers to execute
arbitrary commands via shell metacharacters.

Analysis
----------------
ED_PRI CAN-1999-1479 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1480
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1480
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BID:429
Reference: URL:http://www.securityfocus.com/bid/429

(1) acledit and (2) aclput in AIX 4.3 allow local users to create or
modify files via a symlink attack.

Analysis
----------------
ED_PRI CAN-1999-1480 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

CD:SF-EXEC suggests combining multiple affected executables in the
same package/capability into a single entry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1498
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1498
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980406 insecure tmp file creation
Reference: BID:82
Reference: URL:http://www.securityfocus.com/bid/82

Slackware Linux 3.4 pkgtool allows local attacker to read and write to
arbitrary files via a symlink attack on the reply file.

Analysis
----------------
ED_PRI CAN-1999-1498 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1499
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1499
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980410 BIND 4.9.7 named follows symlinks, clobbers anything
Reference: URL:http://www.securityfocus.com/archive/1/8966
Reference: BID:80
Reference: URL:http://www.securityfocus.com/bid/80

named in ISC BIND 4.9 and 8.1 allows local users to destroy files via
a symlink attack on (1) named_dump.db when root kills the process with
a SIGINT, or (2) named.stats when SIGIOT is used.

Analysis
----------------
ED_PRI CAN-1999-1499 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1501
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980408 SGI O2 ipx security issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19980408184855.12506@math.princeton.edu
Reference: BID:70
Reference: URL:http://www.securityfocus.com/bid/70
Reference: BID:71
Reference: URL:http://www.securityfocus.com/bid/71

(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear
the IFS environmental variable before executing system calls, which
allows local users to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-1999-1501 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1502
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1502
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980408 QuakeI client: serious holes.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89205623028934&w=2
Reference: BID:68
Reference: URL:http://www.securityfocus.com/bid/68
Reference: BID:69
Reference: URL:http://www.securityfocus.com/bid/69

Buffer overflows in Quake 1.9 client allows remote malicious servers
to execute arbitrary commands via long (1) precache paths, (2) server
name, (3) server address, or (4) argument to the map console command.

Analysis
----------------
ED_PRI CAN-1999-1502 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1503
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1503
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BID:63
Reference: URL:http://www.securityfocus.com/bid/63

Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to
cause a denial of service in nfrd (crash) via a TCP packet with a null
header and data field.

Analysis
----------------
ED_PRI CAN-1999-1503 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1504
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1504
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980408 Re: AppleShare IP Mail Server
Reference: URL:http://www.securityfocus.com/archive/1/8951
Reference: BID:62
Reference: URL:http://www.securityfocus.com/bid/62

Stalker Internet Mail Server 1.6 allows a remote attacker to cause a
denial of service (crash) via a long HELO command.

Analysis
----------------
ED_PRI CAN-1999-1504 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1505
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980407 QW vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89200537415923&w=2
Reference: BID:60
Reference: URL:http://www.securityfocus.com/bid/60

Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary commands via
a long initial connect packet.

Analysis
----------------
ED_PRI CAN-1999-1505 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1555
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1555
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980611 Cheyenne Inoculan vulnerability on NT
Reference: URL:http://www.securityfocus.com/archive/1/9515
Reference: BID:106
Reference: XF:inoculan-bad-permissions(1536)
Reference: URL:http://xforce.iss.net/static/1536.php

Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service
Pack 2 creates an update directory with "EVERYONE FULL CONTROL"
permissions, which allows local users to cause Inoculan's antivirus
update feature to install a Trojan horse dll.

Analysis
----------------
ED_PRI CAN-1999-1555 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1556
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2
Reference: BID:109
Reference: URL:http://www.securityfocus.com/bid/109

Microsoft SQL Server 6.5 uses weak encryption for the password for the
SQLExecutiveCmdExec account and stores it in an accessible portion of
the registry, which could allow local users to gain privileges by
reading andd decrypting the CmdExecAccount value.

Analysis
----------------
ED_PRI CAN-1999-1556 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007