[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-74 - 29 candidates



I am proposing cluster RECENT-74 for review and voting by the
Editorial Board.

Name: RECENT-74
Description: Candidates announced between 11/1/2001 and 11/20/2001
Size: 29

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0719
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0719
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: MS:MS01-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-056.asp

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote
attackers to execute arbitrary code via a malformed Advanced Streaming
Format (ASF) file.

Analysis
----------------
ED_PRI CAN-2001-0719 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0722
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0722
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100527618108521&w=2
Reference: BUGTRAQ:20011019 Minor IE vulnerability: about: URLs
Reference: URL:http://www.securityfocus.com/archive/1/221612
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp

Internet Explorer 5.5 and 6.0 allows remote attackers to read and
modify user cookies via Javascript in an about: URL.

Analysis
----------------
ED_PRI CAN-2001-0722 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0801
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0801
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011025
Category: SF
Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2
Reference: SGI:20011003-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P

lpstat in IRIX 6.5.13f and earlier allows local users to gain root
privileges by specifying a Trojan Horse nettype shared library

Analysis
----------------
ED_PRI CAN-2001-0801 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0803
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0803
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011029
Category: SF
Reference: ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
Reference: URL:http://xforce.iss.net/alerts/advise101.php
Reference: CERT:CA-2001-31
Reference: URL:http://www.cert.org/advisories/CA-2001-31.html
Reference: CERT-VN:VU#172583
Reference: URL:http://www.kb.cert.org/vuls/id/172583
Reference: HP:HPSBUX0111-175
Reference: URL:http://www.securityfocus.com/advisories/3651
Reference: CALDERA:CSSA-2001-SCO.30
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
Reference: BID:3517
Reference: URL:http://www.securityfocus.com/bid/3517

Buffer overflow in the client connection routine of libDtSvc.so.1 in
CDE Subprocess Control Service (dtspcd) allows remote attackers to
execute arbitrary commands

Analysis
----------------
ED_PRI CAN-2001-0803 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0817
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0817
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011115
Category: SF
Reference: ISS:20011120 Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise102.php
Reference: HP:HPSBUX0111-176
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0047.html
Reference: XF:hpux-rlpdaemon-logic-flaw(7234)
Reference: URL:http://xforce.iss.net/static/7234.php

Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01
through 11.11 allows remote attackers to modify arbitrary files and
gain root privileges via a certain print request.

Analysis
----------------
ED_PRI CAN-2001-0817 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0850
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CALDERA:CSSA-2001-037.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt

A configuration error in the libdb1 package in OpenLinux 3.1 uses
insecure versions of the snprintf and vsnprintf functions, which could
allow local or remote users to exploit those functions with a buffer
overflow.

Analysis
----------------
ED_PRI CAN-2001-0850 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0851
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: ENGARDE:ESA-20011106-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1683.html
Reference: CALDERA:CSSA-2001-38.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
Reference: SUSE:SuSE-SA:2001:039
Reference: URL:http://www.suse.de/de/support/security/2001_039_kernel2_txt.txt

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote
attackers to bypass firewall rules by brute force guessing the cookie.

Analysis
----------------
ED_PRI CAN-2001-0851 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0852
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011105 RH Linux Tux HTTPD DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498100112191&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tux-list&m=100584714702328&w=2
Reference: REDHAT:RHSA-2001:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to
cause a denial of service via sending a malformed header.

Analysis
----------------
ED_PRI CAN-2001-0852 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT:
While REDHAT:RHSA-2001:142 appears to be focused on the syncookie
problem, one paragraph says "these packages fix a remote denial of
service attack against the TUX web server" and credits the researcher
who posted to Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0859
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: REDHAT:RHSA-2001:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-148.html

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets
the setting default umask for init to 000, which installs files with
world-writeable permissions.

Analysis
----------------
ED_PRI CAN-2001-0859 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0861
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier
allows remote attackers to cause a denial of service (CPU consumption)
by flooding the router with traffic that generates a large number of
ICMP Unreachable replies.

Analysis
----------------
ED_PRI CAN-2001-0861 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0862
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
block non-initial packet fragments, which allows remote attackers to
bypass the ACL.

Analysis
----------------
ED_PRI CAN-2001-0862 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0863
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
handle the "fragment" keyword in a compiled ACL (Turbo ACL) for
packets that are sent to the router, which allows remote attackers to
cause a denial of service via a flood of fragments.

Analysis
----------------
ED_PRI CAN-2001-0863 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0864
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
properly handle the implicit "deny ip any any" rule in an outgoing ACL
when the ACL contains exactly 448 entries, which can allow some
outgoing packets to bypass access restrictions.

Analysis
----------------
ED_PRI CAN-2001-0864 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0865
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
support the "fragment" keyword in an outgoing ACL, which could allow
fragmented packets in violation of the intended access.

Analysis
----------------
ED_PRI CAN-2001-0865 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0866
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0866
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not
properly handle an outbound ACL when an input ACL is not configured on
all the interfaces of a multi port line card, which could allow remote
attackers to bypass the intended access controls.

Analysis
----------------
ED_PRI CAN-2001-0866 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0867
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
properly filter does not properly filter packet fragments even when
the "fragment" keyword is used in an ACL, which allows remote
attackers to bypass the intended access controls.

Analysis
----------------
ED_PRI CAN-2001-0867 1
Vendor Acknowledgement: yes advisory

ABSTRACTION:
This sounds like a duplicate of several other issues included in this
advisory, but Cisco used a different bug ID (CSCdt69741) than the
others, and slightly different IOS versions are affected, so this is a
different problem and should be separated from the others.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0857
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0857
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2
Reference: BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6
and earlier allows remote attackers to gain access to the e-mail of
other users by hijacking session cookies via the message parameter.

Analysis
----------------
ED_PRI CAN-2001-0857 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0721
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0721
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20011101 Three Windows XP UPNP DOS attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100467787323377&w=2
Reference: BUGTRAQ:20011109 Important Information Regarding MS01-054 and WindowsME
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100528449024158&w=2
Reference: MS:MS01-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-054.asp

Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows
remote attackers to cause a denial of service (memory consumption or
crash) via a malformed UPnP request.

Analysis
----------------
ED_PRI CAN-2001-0721 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION:

Several different types of DoS problems are included in the original
Bugtraq posts, so this CAN should probably be SPLIT.  At least one
problem deals with a malformed header, and a different one deals with
handling a flood of incoming requests.  From the CVE perspective,
these are at lest 2 different types of problems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0799
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0799
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011025
Category: SF
Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
Reference: SGI:20011003-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P

Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote
attackers to execute arbitrary commands via a long argument.

Analysis
----------------
ED_PRI CAN-2001-0799 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

CD:SF-LOC says to distinguish between vulnerabilities of different
types, so the buffer overflow is separated from the shell
metacharacter problem (CAN-2001-0800).

In addition, the SGI advisory and LSD description both imply that
multiple buffer overflows are involved.  Since the problems are fixed
in the same version, CD:SF-LOC says to combine the overflows into a
single item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0800
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0800
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011025
Category: SF/CF/MP/SA/AN/unknown
Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
Reference: SGI:20011003-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P

lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute
arbitrary commands via shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0800 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

CD:SF-LOC says to distinguish between vulnerabilities of different
types, so the shell metacharacter problem is separated from the buffer
overflow (CAN-2001-0799).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0815
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0815
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011113
Category: SF
Reference: BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100583978302585&w=2
Reference: CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062
Reference: BID:3526
Reference: URL:http://www.securityfocus.com/bid/3526

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and
earlier allows remote attackers to exute arbitrary code via an HTTP
request for a long filename that ends in a .pl extension.

Analysis
----------------
ED_PRI CAN-2001-0815 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0848
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0848
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011101 Fuse Talk vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100463832209281&w=2

join.cfm in e-Zone Media Fuse Talk allows a local user to execute
arbitrary SQL code via a semi-colon (;) in a form variable.

Analysis
----------------
ED_PRI CAN-2001-0848 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0849
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0849
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011101 Vulnerability in Viralator proxy extension
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100463639800515&w=2
Reference: MISC:http://viralator.loddington.com/changes.html

viralator CGI script in Viralator 0.9pre1 and earlier allows remote
attackers to execute arbitrary code via a URL for a file being
downloaded, which is insecurely passed to a call to wget.

Analysis
----------------
ED_PRI CAN-2001-0849 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT:
In the change log at http://viralator.loddington.com/changes.html, the
"0.9pre1 to 0.9pre2" section says "Security fixes - viralator now runs
with taint checking turned on," which would address the problem being
described here.  However, it's not specific enough to be sure.  At
http://viralator.loddington.com/about.html, 0.9pre2 is dated
05/11/2001, which is likely November 5 (and not May 11), which is
shortly after the date of the Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0853
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0853
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: CF
Reference: BUGTRAQ:20011105 New getAccess[tm] Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498111712723&w=2
Reference: BUGTRAQ:20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html

Directory traversal vulnerability in Entrust GetAccess allows remote
attackers to read arbitrary files via a .. (dot dot) in the locale
parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.

Analysis
----------------
ED_PRI CAN-2001-0853 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0854
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0854
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011105 Copying and Deleting Files Using PHP-Nuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100525739116093&w=2

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary
files by calling case.filemanager.php with admin.php as an argument,
which sets the $PHP_SELF variable and makes it appear that
case.filemanager.php is being called by admin.php instead of the user.

Analysis
----------------
ED_PRI CAN-2001-0854 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0855
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0855
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011109 ClearCase db_loader TERM environment variable buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100528623328037&w=2

Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local
users to gain root privileges via a long TERM environment variable.

Analysis
----------------
ED_PRI CAN-2001-0855 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0856
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011109 Extracting a 3DES key from an IBM 4758
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100533053219673&w=2
Reference: MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/
Reference: MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/attack.html

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker
with physical access to the system and Combine_Key_Parts permissions,
to steal DES and 3DES keys by using a brute force attack to create a
3DES exporter key.

Analysis
----------------
ED_PRI CAN-2001-0856 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0858
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0858
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011113 Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100562386012917&w=2
Reference: CALDERA:CSSA-2001-SCO.32
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/

Buffer overflow in pppattach and other linked PPP utilities in Caldera
Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2001-0858 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0860
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100578220002083&w=2

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client
Address (IP address) that is provided by the client instead of
obtaining it from the packet headers, which allows clients to spoof
their public IP address, e.g. through a Network Address Translation
(NAT).

Analysis
----------------
ED_PRI CAN-2001-0860 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007