[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-72 - 18 candidates



I am proposing cluster RECENT-72 for review and voting by the
Editorial Board.

Name: RECENT-72
Description: Candidates announced between 6/2/2001 and 7/4/2001
Size: 18

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0819
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0819
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: DEBIAN:DSA-060
Reference: URL:http://www.debian.org/security/2001/dsa-060
Reference: ENGARDE:ESA-20010620-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1451.html
Reference: MANDRAKE:MDKSA-2001:063
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1
Reference: CALDERA:CSSA-2001-022.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt
Reference: CONECTIVA:CLA-2001:403
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403
Reference: BID:2877
Reference: URL:http://www.securityfocus.com/bid/2877
Reference: XF:fetchmail-long-header-bo(6704)
Reference: URL:http://xforce.iss.net/static/6704.php

A buffer overflow in Linux fetchmail before 5.8.6 allows remote
attackers to execute arbitrary code via a large 'To:' field in an
email header.

Analysis
----------------
ED_PRI CAN-2001-0819 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0823
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010618 pmpost - another nice symlink follower
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99290754901708&w=2
Reference: BUGTRAQ:20010619 Re: pmpost - another nice symlink follower
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html
Reference: SGI:20010601-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A
Reference: XF:irix-pcp-pmpost-symlink(6724)
Reference: URL:http://xforce.iss.net/static/6724.php
Reference: BID:2887
Reference: URL:http://www.securityfocus.com/bid/2887

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows
a local user to gain privileges via a symlink attack on the NOTICES
file in the PCP log directory (PCP_LOG_DIR).

Analysis
----------------
ED_PRI CAN-2001-0823 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99201419609509&w=2
Reference: BUGTRAQ:20010629 xinetd update -- Immunix OS 7.0-beta, 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99405800403778&w=2
Reference: SUSE:SuSE-SA:2001:022
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html
Reference: CONECTIVA:CLA-2001:406
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406
Reference: REDHAT:RHSA-2001:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html
Reference: BID:2971
Reference: URL:http://www.securityfocus.com/bid/2971

Buffer overflow in internal string handling routines of xinetd before
2.3.1 allows remote attackers to execute arbitrary commands via a
length argument of zero or less, which disables the length check.

Analysis
----------------
ED_PRI CAN-2001-0825 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0804
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com
Reference: CONFIRM:http://www.valeriemates.com/story_download.html
Reference: XF:interactive-story-next-directory-traversal(6843)
Reference: URL:http://xforce.iss.net/static/6843.php
Reference: BID:3028
Reference: URL:http://www.securityfocus.com/bid/3028

Directory traversal vulnerability in story.pl in Interactive Story 1.3
allows a remote attacker to read arbitrary files via a .. (dot dot)
attack on the "next" parameter.

Analysis
----------------
ED_PRI CAN-2001-0804 2
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT:
http://www.valeriemates.com/story_download.html has a section titled
"What's new in version 1.4?" which states "In version 1.3 ... readers
could enter a specially crafted URL to view parts of any publicly
readable file on your host."  The release date for 1.4 is given as
July 9.  story.pl has been modified and commented in a way that shows
that the vulnerability has been prevented, but it does not provide
specifics.  While the description is vague, there is enough evidence
that it is addressing this particular problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0805
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com
Reference: BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com
Reference: XF:tarantella-ttawebtop-read-files(6723)
Reference: URL:http://xforce.iss.net/static/6723.php
Reference: BID:2890
Reference: URL:http://www.securityfocus.com/bid/2890

Directory traversal vulnerability in ttawebtop.cgi in Tarantella
Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary
files via a .. (dot dot) in the pg parameter.

Analysis
----------------
ED_PRI CAN-2001-0805 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0822
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0822
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99167206319643&w=2
Reference: CONFIRM:http://www.pkcrew.org/news.php
Reference: XF:linux-fpf-kernel-dos(6659)
Reference: URL:http://xforce.iss.net/static/6659.php
Reference: BID:2816
Reference: URL:http://www.securityfocus.com/bid/2816

FPF kernel module 1.0 allows a remote attacker to cause a denial of
service via fragmented packets.

Analysis
----------------
ED_PRI CAN-2001-0822 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT:
Vendor posted a fixed version of the software, acknowledging the
problem next to the fixed version: http://www.pkcrew.org/tools.php
Vendor also ack'ed problem in news items, saying "Released a new
version of fpf that fixes a remote denial of service thanks to Styx"
in http://www.pkcrew.org/news.php

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0806
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: CF
Reference: BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99358249631139&w=2
Reference: BUGTRAQ: OS X 10.1 and localized desktop folder still vulnerable
Reference: BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99436289015729&w=2
Reference: BID:2930
Reference: URL:http://www.securityfocus.com/bid/2930

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a
user's desktop folder via insecure default permissions for the Desktop
when it is created in some languages.

Analysis
----------------
ED_PRI CAN-2001-0806 3
Vendor Acknowledgement: no

There were follow up posts claiming that the problem concerns accounts
created with beta versions of the OS, that remained vulnerable despite
upgrading to new versions.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0807
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0807
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010606 security bug Internet Explorer 5
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341

Internet Explorer 5.0, and possibly other versions, may allow remote
attackers (malicious web pages) to read known text files from a
client's hard drive via a SCRIPT tag with a SRC value that points to
the text file.

Analysis
----------------
ED_PRI CAN-2001-0807 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0808
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010627 gnats update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html
Reference: CONFIRM:http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html
Reference: XF:gnatsweb-helpfile-execute-commands(6753)
Reference: URL:http://xforce.iss.net/static/6753.php

gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers
to execute arbitrary commands via certain characters in the help_file
parameter.

Analysis
----------------
ED_PRI CAN-2001-0808 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION:
The advisory is vague about the specific nature of the problem.
Examining the patch, the vulnerable statement (in Perl) was
open("$file").  This could be subject to both a directory traversal
and shell metacharacter problem, but it could be that some of the
filename is cleansed before this call is reached.  But if it's both
types of problems, then CD:SF-LOC would recommend creating separate
candidates.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0809
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0809
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011030
Category: unknown
Reference: HP:HPSBUX0106-155
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0074.html

Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX
11.0 and 11.11, when configured as a print server, allows local users
to overwrite arbitrary files by modifying certain resources.

Analysis
----------------
ED_PRI CAN-2001-0809 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

The advisory doesn't give much info, so the description is vague.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0818
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0818
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010612 Remote buffer overflow in MDBMS.
Reference: URL:http://www.securityfocus.com/archive/1/190933
Reference: BID:2867
Reference: URL:http://www.securityfocus.com/bid/2867
Reference: XF:mdbms-query-display-bo(6700)
Reference: URL:http://xforce.iss.net/static/6700.php

A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier
allows remote attackers to execute arbitrary commands by sending the
command a large amount of data.

Analysis
----------------
ED_PRI CAN-2001-0818 3
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT:
http://www.hinttech.com/mdbms, which was listed as the web site for
MDBMS, no longer exists.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0820
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0820
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010617 Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99279182704674&w=2
Reference: BUGTRAQ:20010630 Advisory Ghttp 1.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99406263214417&w=2
Reference: XF:gaztek-ghttpd-bo(6702)
Reference: URL:http://xforce.iss.net/static/6702.php
Reference: BID:2879
Reference: URL:http://www.securityfocus.com/bid/2879
Reference: BID:2965
Reference: URL:http://www.securityfocus.com/bid/2965

Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to
execute arbitrary code via long arguments that are passed to (1) the
Log function in util.c, or (2) serveconnection in protocol.c.

Analysis
----------------
ED_PRI CAN-2001-0820 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION:
CD:SF-LOC states that multiple problems of the same type in the same
software should be combined.  Thus the two separate Bugtraq posts,
while identifying different problems in different files, need to be
combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0821
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0821
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: CF
Reference: BUGTRAQ:20010618 DCShop vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcshop/44.html
Reference: BID:2889
Reference: URL:http://www.securityfocus.com/bid/2889
Reference: XF:dcshop-cgi-retrieve-information(6707)
Reference: URL:http://xforce.iss.net/static/6707.php

The default configuration of DCShop 1.002 beta places sensitive files
in the cgi-bin directory, which could allow remote attackers to read
sensitive data via an HTTP GET request for (1) orders.txt or (2)
auth_user_file.txt.

Analysis
----------------
ED_PRI CAN-2001-0821 3
Vendor Acknowledgement: yes advisory
Content Decisions: CF, EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0824
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0824
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/20010702202828.128B.TAKAGI@etl.go.jp
Reference: BID:2969
Reference: URL:http://www.securityfocus.com/bid/2969

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2
allows remote attackers to execute Javascript by inserting the
Javascript into (1) a request for a .JSP file, or (2) a request to the
webapp/examples/ directory, which inserts the Javascript into an error
page.

Analysis
----------------
ED_PRI CAN-2001-0824 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0826
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010630 cesarFTP v0.98b 'HELP' buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/20010630093621.66913.qmail@web13002.mail.yahoo.com
Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
Reference: URL:http://www.securityfocus.com/archive/1/005701c10466$2332ed80$2c001fac@qualica.com
Reference: BID:2972
Reference: URL:http://www.securityfocus.com/bid/2972

Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute
arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS,
(4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.

Analysis
----------------
ED_PRI CAN-2001-0826 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION:
CD:SF-LOC says to MERGE problems of same type within the same version.
All these commands are affected by a buffer overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0827
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0827
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
Reference: URL:http://www.securityfocus.com/archive/1/005701c10466$2332ed80$2c001fac@qualica.com
Reference: BID:2976
Reference: URL:http://www.securityfocus.com/bid/2976

Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a
denial of service (crash) via a large number of "PASV" requests.

Analysis
----------------
ED_PRI CAN-2001-0827 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0828
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0828
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194464
Reference: CONFIRM:http://www.caucho.com/products/resin/changes.xtp
Reference: BID:2981
Reference: URL:http://www.securityfocus.com/bid/2981

A cross-site scripting vulnerability in Caucho Technology Resin before
1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink
that ends in a .jsp extension, which causes an error message that does
not properly quote the Javascript.

Analysis
----------------
ED_PRI CAN-2001-0828 3
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT:
In the change log at http://www.caucho.com/products/resin/changes.xtp,
in the "1.2.4 - April 11, 2001" section, the vendor says "need to
escape < for file not found (rep by Hiromitsu Takagi)" Since Takagi
was the author of the Bugtraq article and said that he told the vendor
in March, this constitutes enough evidence for acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0829
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0829
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/20010702202828.128B.TAKAGI@etl.go.jp
Reference: MISC:http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
Reference: BID:2982
Reference: URL:http://www.securityfocus.com/bid/2982

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a
malicious webmaster to embed Javascript in a request for a .JSP file,
which causes the Javascript to be inserted into an error message.

Analysis
----------------
ED_PRI CAN-2001-0829 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007