[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[PROPOSAL] Cluster RECENT-77 - 48 candidates
I am proposing cluster RECENT-77 for review and voting by the
Editorial Board.
Name: RECENT-77
Description: Candidates announced between 9/3/2001 and 10/18/2001
Size: 48
You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.
The candidates are listed in order of priority. Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.
If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.
- Steve
Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------
ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.
1) Please write your vote on the line that starts with "VOTE: ". If
you want to add comments or details, add them to lines after the
VOTE: line.
2) If you see any missing references, please mention them so that they
can be included. References help greatly during mapping.
3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
So if you don't have sufficient information for a candidate but you
don't want to NOOP, use a REVIEWING.
********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.
======================================================
Candidate: CAN-2001-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011206
Category: SF
Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems.
Reference: URL:http://www.securityfocus.com/archive/1/212892
Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820
Reference: CALDERA:CSSA-2001-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
Reference: CONECTIVA:CLA-2001:425
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
Reference: SUSE:SuSE-SA:2001:38
Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt
Reference: BID:3312
Reference: URL:http://www.securityfocus.com/bid/3312
Reference: XF:uucp-argument-gain-privileges(7099)
Reference: URL:http://xforce.iss.net/static/7099.php
uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain privileges by calling uux
and specifying an alternate configuration file with the --config
option.
Analysis
----------------
ED_PRI CAN-2001-0873 1
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0961
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: DEBIAN:DSA-076
Reference: URL:http://www.debian.org/security/2001/dsa-076
Reference: XF:most-file-create-bo(7149)
Reference: URL:http://xforce.iss.net/static/7149.php
Reference: BID:3347
Reference: URL:http://www.securityfocus.com/bid/3347
Buffer overflow in tab expansion capability of the most program allows
local or remote attackers to execute arbitrary code via a malformed
file that is viewed with most.
Analysis
----------------
ED_PRI CAN-2001-0961 1
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:59
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
Reference: XF:rmuser-insecure-password-file(7086)
Reference: URL:http://xforce.iss.net/static/7086.php
Reference: BID:3282
Reference: URL:http://www.securityfocus.com/bid/3282
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the
master.passwd file with world-readable permissions while updating the
original file, which could allow local users to gain privileges by
reading the copied file while rmuser is running, obtain the password
hashes, and crack the passwords.
Analysis
----------------
ED_PRI CAN-2001-1017 1
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html
Buffer overflow in ultimate_source function of man 1.5 and earlier
allows local users to gain privileges.
Analysis
----------------
ED_PRI CAN-2001-1028 1
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1035
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: DEBIAN:DSA-078
Reference: URL:http://www.debian.org/security/2001/dsa-078
Reference: BID:3364
Reference: URL:http://www.securityfocus.com/bid/3364
Reference: XF:slrn-decode-script-execution(7166)
Reference: URL:http://xforce.iss.net/static/7166.php
Binary decoding feature of slrn 0.9 and earlier allows remote
attackers to execute commands via shell scripts that are inserted into
a news post.
Analysis
----------------
ED_PRI CAN-2001-1035 1
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0907
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows
local users to cause a denial of service via a series of deeply nested
symlinks, which causes the kernel to spend extra time when trying to
access the link.
Analysis
----------------
ED_PRI CAN-2001-0907 2
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0940
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0940
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html
Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698954308436&w=2
Reference: CHECKPOINT:20010919 GUI Buffer Overflow
Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html
Buffer overflow in the GUI authentication code of Check Point
VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers
to execute arbitrary code via a long user name.
Analysis
----------------
ED_PRI CAN-2001-0940 2
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0962
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0962
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
Reference: XF:ibm-websphere-seq-predict(7153)
Reference: URL:http://xforce.iss.net/static/7153.php
IBM WebSphere Application Server 3.02 through 3.53 uses predictable
session IDs for cookies, which allows remote attackers to gain
privileges of WebSphere users via brute force guessing.
Analysis
----------------
ED_PRI CAN-2001-0962 2
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0963
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0963
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: XF:spoonftp-dot-directory-traversal(7147)
Reference: URL:http://xforce.iss.net/static/7147.php
Directory traversal vulnerability in SpoonFTP 1.1 allows local and
sometimes remote attackers to access files outside of the FTP root via
a ... (modified dot dot) in the CD (CWD) command.
Analysis
----------------
ED_PRI CAN-2001-0963 2
Vendor Acknowledgement: yes
ACKNOWLEDGEMENT: The SpoonFTP main page says "A vulnerability existed
in SponFTP 1.1 which allowed a remote user to break out of the ftp
root"
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: HPBUG:PHCO_17719
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html
Reference: HPBUG:PHCO_24454
Reference: BID:3289
Reference: URL:http://www.securityfocus.com/bid/3289
login in HP-UX 10.26 does not record failed login attempts in
/var/adm/btmp, which could allow attackers to conduct brute force
password guessing attacks without being detected or observed using the
lastb program.
Analysis
----------------
ED_PRI CAN-2001-0978 2
Vendor Acknowledgement: yes patch
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0998
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0998
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010924 HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216105
Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"
Reference: URL:http://www.securityfocus.com/archive/1/217910
Reference: AIXAPAR:IY20943
Reference: AIXAPAR:IY17630
Reference: XF:hacmp-portscan-dos(7165)
Reference: URL:http://xforce.iss.net/static/7165.php
Reference: BID:3358
Reference: URL:http://www.securityfocus.com/bid/3358
IBM HACMP 4.4 allows remote attackers to cause a denial of service via
a completed TCP connection to HACMP ports (e.g., using a port scan)
that does not send additional data, which causes a failure in snmpd.
Analysis
----------------
ED_PRI CAN-2001-0998 2
Vendor Acknowledgement: yes followup
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1016
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/211806
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp
Reference: BID:3280
Reference: URL:http://www.securityfocus.com/bid/3280
Reference: XF:pgp-invalid-key-display(7081)
Reference: URL:http://xforce.iss.net/static/7081.php
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3,
Freeware before 7.0.3, and E-Business Server before 7.1 does not
properly display when invalid userID's are used to sign a message,
which could allow an attacker to make the user believe that the
document has been signed by a trusted third party by adding a second,
invalid user ID to a key which has already been signed by the third
party, aka the "PGPsdk Key Validity Vulnerability."
Analysis
----------------
ED_PRI CAN-2001-1016 2
Vendor Acknowledgement: yes advisory
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1020
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010905 directorymanager bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589
Reference: BID:3288
Reference: URL:http://www.securityfocus.com/bid/3288
Reference: XF:directory-manager-execute-commands(7079)
Reference: URL:http://xforce.iss.net/static/7079.php
edit_image.php in Vibechild Directory Manager before 0.91 allows
remote attackers to execute arbitrary commands via shell
metacharacters in the userfile_name parameter, which is sent
unfiltered to the PHP passthru function.
Analysis
----------------
ED_PRI CAN-2001-1020 2
Vendor Acknowledgement: yes changelog
ACKNOWLEDGEMENT: in the Release Notes for version 0.91, dated
September 5, 2001, the developer states "Fixed a nasty security bug
allowing remote execution of shell commands."
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010927 CARTSA-2001-03 Meteor FTPD 1.0 Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0231.html
Reference: MISC:http://207.202.218.172/
Reference: XF:meteor-ftpd-directory-traversal(7176)
Reference: URL:http://xforce.iss.net/static/7176.php
Directory traversal vulnerability in Meteor FTP 1.0 allows remote
attackers to read arbitrary files via (1) a .. (dot dot) in the
ls/LIST command, or (2) a ... in the cd/CWD command.
Analysis
----------------
ED_PRI CAN-2001-1031 2
Vendor Acknowledgement: yes via-email
ACKNOWLEDGEMENT: In http://207.202.218.172/, apparently the "home
page" for Meteor FTP (which is otherwise available on CNET.com), the
author states "Version 1.2 adds ... important security and stability
bug fixes", which is not specific enough to be certain that the vendor
fixed this specific problem.
However, meteorsoft@hotmail.com did acknowledge the bug and fix via
email.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php
Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
Reference: BID:3387
Reference: URL:http://www.securityfocus.com/bid/3387
AWOL PHP script allows remote attackers to include arbitrary files
from remote web sites via an HTTP request that sets the includedir
variable.
Analysis
----------------
ED_PRI CAN-2001-1048 2
Vendor Acknowledgement: yes via-email
ACKNOWLEDGEMENT: There is not enough public information to be certain
if the vendor has acknowledged the problem. The AWOL changelog at
http://www.gospelcom.net/mnn/topher/awol/changelog.php says "Removed
condensed version due to security problems" for version 2.1.1, but it
does not describe the problem, nor do the original disclosers provide
sufficient detail to know whether this was the vulnerable script. A
look at the source code does not provide clues. So, there is
insufficient evidence that the vendor is aware of the problem. The
support bulletin board might indicate an attempt at notification by
the researcher that was noticed by the developer, but there is no
evidence that any detailed information was exchanged.
However, topher1kenobe@users.sourceforge.net acknowledged the problem
in an email response on January 16, 2002.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://phorecast.org/
Reference: BID:3388
Reference: URL:http://www.securityfocus.com/bid/3388
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
Phorecast PHP script before 0.40 allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.
Analysis
----------------
ED_PRI CAN-2001-1049 2
Vendor Acknowledgement: yes advisory
ACKNOWLEDGEMENT: on the home page in the News section, the news item
dated 2001-10-14 says "IMPORTANT SECURITY NEWS" and includes a link to
the Bugtraq post. The entry for 2001-12-22 says "version 0.40 ...
corrects the security flaw."
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952
Reference: BID:3392
Reference: URL:http://www.securityfocus.com/bid/3392
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
PHPAdsNew PHP script allows remote attackers to include arbitrary
files from remote web sites via an HTTP request that sets the
includedir variable.
Analysis
----------------
ED_PRI CAN-2001-1054 2
Vendor Acknowledgement: yes
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011009 Cisco CDP attacks
Reference: URL:http://www.securityfocus.com/archive/1/219257
Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP
Reference: URL:http://www.securityfocus.com/archive/1/219305
Reference: BID:3412
Reference: URL:http://www.securityfocus.com/bid/3412
Reference: XF:cisco-ios-cdp-dos(7242)
Reference: URL:http://xforce.iss.net/static/7242.php
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP)
allows remote attackers to cause a denial of service (memory
consumption) via a flood of CDP neighbor announcements.
Analysis
----------------
ED_PRI CAN-2001-1071 2
Vendor Acknowledgement: yes followup
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0956
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010911 security alert: speechd from speechio.org
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0089.html
Reference: CONFIRM:http://www.speechio.org/speechd.html
Reference: XF:speechd-execute-commands(7121)
Reference: URL:http://xforce.iss.net/static/7121.php
Reference: BID:3326
Reference: URL:http://www.securityfocus.com/bid/3326
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis
package, allows attackers to execute arbitrary commands via shell
metacharacters.
Analysis
----------------
ED_PRI CAN-2001-0956 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE
ACKNOWLEDGEMENT: The speechd home page says "There was a Bugtraq local
exploit alert for speechd versions up to 0.54" and includes a URL to
the BUGTRAQ reference associated with this CVE item.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0958
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010912 [SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0099.html
Reference: MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
Reference: XF:interscan-emanager-bo(7104)
Reference: URL:http://xforce.iss.net/static/7104.php
Reference: BID:3327
Reference: URL:http://www.securityfocus.com/bid/3327
Buffer overflows in eManager plugin for Trend Micro InterScan
VirusWall for NT 3.51 and 3.51J allow remote attackers to execute
arbitrary code via long arguments to the CGI programs (1)
register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4)
register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
Analysis
----------------
ED_PRI CAN-2001-0958 3
Vendor Acknowledgement: unknown foreign
Content Decisions: SF-EXEC
ACKNOWLEDGEMENT: The MISC reference to Trend Micro's Japanese web site
may in fact be a vendor acknowledgement of the problem, but the author
of this candidate cannot read Japanese to be certain. There did not
seem to be any equivalent page on Trend Micro's USA site.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: BID:3342
Reference: URL:http://www.securityfocus.com/bid/3342
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
creates a hidden share named ARCSERVE$, which allows remote attackers
to obtain sensitive information and overwrite critical files.
Analysis
----------------
ED_PRI CAN-2001-0959 3
Vendor Acknowledgement: unknown vague
ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it
"addresses a potential security vulnerability in ARCserve 2000 when
performing full backups," which may be a vague acknowledgement of the
problem. Followup posts to the original Bugtraq post do not say that
the patch does NOT fix the problem, so the combination of these
implicit or vague clues may be sufficient to determine that the vendor
has fixed the problem and, by extension, acknowledged it.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:http://xforce.iss.net/static/7122.php
Reference: BID:3343
Reference: URL:http://www.securityfocus.com/bid/3343
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
stores the backup agent user name and password in cleartext in the
aremote.dmp file in the ARCSERVE$ hidden share, which allows local and
remote attackers to gain privileges.
Analysis
----------------
ED_PRI CAN-2001-0960 3
Vendor Acknowledgement: unknown vague
ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it
"addresses a potential security vulnerability in ARCserve 2000 when
performing full backups," which may be a vague acknowledgement of the
problem. Followup posts to the original Bugtraq post do not say that
the patch does NOT fix the problem, so the combination of these
implicit or vague clues may be sufficient to determine that the vendor
has fixed the problem and, by extension, acknowledged it.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0964
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010920 Advisory: Half-Life remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0178.html
Reference: XF:halflife-connect-bo(7148)
Reference: URL:http://xforce.iss.net/static/7148.php
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows
malicious remote servers to execute arbitrary code via a long console
command.
Analysis
----------------
ED_PRI CAN-2001-0964 3
Vendor Acknowledgement: unknown discloser-claimed
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0979
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010903 hpux warez
Reference: URL:http://www.securityfocus.com/archive/1/211687
Reference: BID:3279
Reference: URL:http://www.securityfocus.com/bid/3279
Reference: XF:hpux-swverify-bo(7078)
Reference: URL:http://xforce.iss.net/static/7078.php
Buffer overflow in swverify in HP-UX 11.0, and possibly other
programs, allows local users to gain privileges via a long command
line argument.
Analysis
----------------
ED_PRI CAN-2001-0979 3
Vendor Acknowledgement:
Content Decisions: VAGUE
DUPLICATION: a followup claims that this problem was fixed in
PHCO_23483, but PHCO_23483 does not have sufficient details to know
for sure.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0984
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010913 leak of information in counterpane/Bruce Schneier's Password Safe program
Reference: URL:http://www.securityfocus.com/archive/1/213931
Reference: XF:counterpane-password-access(7123)
Reference: URL:http://xforce.iss.net/static/7123.php
Reference: BID:3337
Reference: URL:http://www.securityfocus.com/bid/3337
Password Safe 1.7(1) leaves cleartext passwords in memory when a user
copies the password to the clipboard and minimizes Password Safe with
the "Clear the password when minimized" and "Lock password database on
minimize and promp on restore" options enabled, which could allow an
attacker with access to the memory (e.g. an administrator) to read the
passwords.
Analysis
----------------
ED_PRI CAN-2001-0984 3
Vendor Acknowledgement:
Content Decisions: INCLUSION
INCLUSION: it is not certain whether this issue appears in Password
Safe or in the underlying OS or libraries. In addition, if the only
way to access the passwords is through memory as reported in the
Bugtraq post, then the amount of privileges required to access that
memory would normally be at an administrator or kernel level, which
would be enough to obtain the passwords through some other mechanism
(e.g. keystroke logging). So, the "exploit" may not gain any
privileges beyond the privileges that can be obtained by sysadmin, so
this may not be a vulnerability in that sense. In addition, some might
argue that the presence of cleartext in memory is not serious enough
to merit inclusion in CVE. On the other hand, if a password utility is
expected to clean passwords from memory, then Password Safe may be
keeping the passwords in cleartext for longer than necessary.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0985
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010908 Shopping Cart Version 1.23
Reference: URL:http://www.securityfocus.com/archive/1/212827
Reference: MISC:http://www.irata.com/shopver.html
Reference: BID:3308
Reference: URL:http://www.securityfocus.com/bid/3308
Reference: XF:hassan-cart-command-execution(7106)
Reference: URL:http://xforce.iss.net/static/7106.php
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote
attackers to execute arbitrary commands via shell metacharacters in
the "page" parameter.
Analysis
----------------
ED_PRI CAN-2001-0985 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC
ACKNOWLEDGEMENT: A note for version 1.34 dated 10/10/2000 says
"Various security fixes" but it cannot be certain if the security
fixes addressed the problem in here. The acknowledgement is too vague
to be certain.
ABSTRACTION: CD:SF-LOC suggests distinguishing between problems of
different types. CVE-2000-0921 is a directory traversal
vulnerability, while this isn't, therefore they should remain split.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0986
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0986
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc)
Reference: URL:http://www.securityfocus.com/archive/1/214217
Reference: XF:winnt-indexserver-sqlqhit-asp(7125)
Reference: URL:http://xforce.iss.net/static/7125.php
Reference: BID:3339
Reference: URL:http://www.securityfocus.com/bid/3339
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote
attackers to obtain sensitive information such as the physical path,
file attributes, or portions of source code by directly calling
sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2)
extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
Analysis
----------------
ED_PRI CAN-2001-0986 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0990
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem
Reference: URL:http://www.securityfocus.com/archive/1/212036
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: BID:3284
Reference: URL:http://www.securityfocus.com/bid/3284
Reference: XF:vpopmail-insecure-auth-data(7076)
Reference: URL:http://xforce.iss.net/static/7076.php
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module,
compiles authentication information in cleartext into the
libvpopmail.a library, which allows local users to obtain the MySQL
username and password by inspecting the vpopmail programs that use the
library.
Analysis
----------------
ED_PRI CAN-2001-0990 3
Vendor Acknowledgement: unknown vague
ACKNOWLEDGEMENT: the poster says that the vendor fixed the problem,
but the poster is not credited in the Change Log, and there is no
clear fix to this problem mentioned. However, the entry for August 20
(2 weeks before the poster publicized the problem) states "security
permission change on lib directory and library," which might be one
solution to this issue. This is not sufficient evidence, however, to
claim that the vendor has acknowledged the problem.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0992
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0992
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010905 ShopPlus Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html
Reference: XF:shopplus-command-execution(7077)
Reference: URL:http://xforce.iss.net/static/7077.php
shopplus.cgi in ShopPlus shopping cart allows remote attackers to
execute arbitrary commands via shell metacharacters in the "file"
parameter.
Analysis
----------------
ED_PRI CAN-2001-0992 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0994
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010904 Telnet DoS Vulnerability in Marconi ATM Switch Software
Reference: URL:http://www.securityfocus.com/archive/1/211956
Reference: XF:forethought-telnet-dos(7082)
Reference: URL:http://xforce.iss.net/static/7082.php
Reference: BID:3286
Reference: URL:http://www.securityfocus.com/bid/3286
Marconi ForeThought 7.1 allows remote attackers to cause a denial of
service by causing both telnet sessions to be locked via unusual input
(e.g., from a port scanner), which prevents others from logging into
the device.
Analysis
----------------
ED_PRI CAN-2001-0994 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-CODEBASE
ABSTRACTION: this may be a rediscovery of the problem described in
CAN-2001-0270.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0996
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010902 POP3Lite 0.2.3b minor client side DoS and message injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0436.html
Reference: XF:pop3lite-dot-message-injection(7075)
Reference: URL:http://xforce.iss.net/static/7075.php
Reference: BID:3278
Reference: URL:http://www.securityfocus.com/bid/3278
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email
message, which could allow a remote attacker to append arbitrary text
to the end of an email message, which could then be interpreted by
various mail clients as valid POP server responses or other input that
could cause clients to crash or otherwise behave unexpectedly.
Analysis
----------------
ED_PRI CAN-2001-0996 3
Vendor Acknowledgement: unknown discloser-claimed
INCLUSION: while the implications of this issue are not well
understood and likely dependent on the specific client that is being
attacked, the ability to simulate POP server responses from a remote
location is at least an exposure, so this item can be included in CVE.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0997
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0997
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010911 Textor Webmasters Ltd (listrec.pl)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html
Reference: XF:listrecpl-remote-command-execution(7117)
Reference: URL:http://xforce.iss.net/static/7117.php
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers
to execute arbitrary commands via shell metacharacters in the TEMPLATE
parameter.
Analysis
----------------
ED_PRI CAN-2001-0997 3
Vendor Acknowledgement:
Content Decisions: EX-ONLINE-SVC
INCLUSION: It is not clear whether listrec.pl is part of a service of
Textor that is solely controlled by Textor. If so, then
CD:EX-ONLINE-SVC might suggest that this be omitted from CVE. If
listrec.pl is provided to customers and it is up to customers to fix
the problem, however, then CD:EX-ONLINE-SVC suggests including this in
CVE.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-0999
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0999
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010912 FREAK SHOW: Outlook Express 6.00
Reference: URL:http://www.securityfocus.com/archive/1/213754
Reference: BUGTRAQ:20010915 Proof-Of-Concept Perl Script for Bugtraq-ID: #3334
Reference: URL:http://www.securityfocus.com/archive/1/214453
Reference: XF:outlook-express-text-script-execution(7118)
Reference: URL:http://xforce.iss.net/static/7118.php
Reference: BID:3334
Reference: URL:http://www.securityfocus.com/bid/3334
Outlook Express 6.00 allows remote attackers to execute arbitrary
script by embedding SCRIPT tags in a message whose MIME content type
is text/plain, contrary to the expected behavior that text/plain
messages will not run script.
Analysis
----------------
ED_PRI CAN-2001-0999 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1000
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010907 rlmadmin v3.8M view file symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0036.html
Reference: XF:radius-rlmadmin-help-symlink(7096)
Reference: URL:http://xforce.iss.net/static/7096.php
Reference: BID:3302
Reference: URL:http://www.securityfocus.com/bid/3302
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and
possibly other versions, allows local users to read arbitrary files
via a symlink attack on the rlmadmin.help file.
Analysis
----------------
ED_PRI CAN-2001-1000 3
Vendor Acknowledgement:
Content Decisions: INCLUSION
INCLUSION: http://www.merit.edu/michnet/dial-in/aaa/michnet.html
implies that this software is only intended for use within MichNet. If
this software is not for download or purchase to the general public,
then perhaps it should not be included in CVE.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1012
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: SUSE:SuSE-SA:2001:030
Reference: URL:http://www.suse.com/de/support/security/2001_030_screen_txt.txt
Reference: XF:screen-local-privilege-elevation(7134)
Reference: URL:http://xforce.iss.net/static/7134.php
Vulnerability in screen before 3.9.10, related toa multi-attach error,
allows local users to gain root privileges when there is a
subdirectory under /tmp/screens/.
Analysis
----------------
ED_PRI CAN-2001-1012 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: VULN-DEV:20000707 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
Reference: VULN-DEV:20000707 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
Reference: VULN-DEV:20000707 Re: apache and 404/404 status codes
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html
Reference: BUGTRAQ:20010912 Is there user Anna at your host ?
Reference: URL:http://www.securityfocus.com/archive/1/213667
Reference: XF:linux-apache-username-exists(7129)
Reference: URL:http://xforce.iss.net/static/7129.php
Reference: BID:3335
Reference: URL:http://www.securityfocus.com/bid/3335
Apache on Red Hat Linux with with the UserDir directive enabled
generates different error codes when a username exists and there is no
public_html directory and when the username does not exist, which
could allow remote attackers to determine valid usernames on the
server.
Analysis
----------------
ED_PRI CAN-2001-1013 3
Vendor Acknowledgement:
Content Decisions: INCLUSION
INCLUSION: while it could be argued that this exposure provides no
real additional information since the users on a web server will
normally advertise themselves, it still has the effect of allowing a
remote attacker to determine other users on the system who do not
happen to have web pages. Thus this should be included in CVE.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1014
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010915 advisory
Reference: URL:http://www.securityfocus.com/archive/1/214456
Reference: BID:3340
Reference: URL:http://www.securityfocus.com/bid/3340
Reference: XF:eshop-script-execute-commands(7128)
Reference: URL:http://xforce.iss.net/static/7128.php
eshop.pl in WebDiscount(e)shop allows remote attackers to execute
arbitrary commands via shell metacharacters in the seite parameter.
Analysis
----------------
ED_PRI CAN-2001-1014 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011016 [ ** Snes9x buffer overflow vulnerability ** ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html
Reference: BID:3437
Reference: URL:http://www.securityfocus.com/bid/3437
Buffer overflow in Snes9x 1.37, when installed setuid root, allows
local users to gain root privileges via a long command line argument.
Analysis
----------------
ED_PRI CAN-2001-1015 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010919 lotus domino server 5.08 is very gabby
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094373621813&w=2
Reference: BID:3350
Reference: URL:http://www.securityfocus.com/bid/3350
Reference: XF:lotus-domino-ip-reveal(7180)
Reference: URL:http://xforce.iss.net/static/7180.php
Lotus Domino web server 5.08 allows remote attackers to determine the
internal IP address of the server when NAT is enabled via a GET
request that contains a long sequence of / (slash) characters.
Analysis
----------------
ED_PRI CAN-2001-1018 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1019
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010908 sglMerchant Version 1.0
Reference: URL:http://www.securityfocus.com/archive/1/212825
Reference: BID:3309
Reference: URL:http://www.securityfocus.com/bid/3309
Reference: XF:sglmerchant-dot-directory-traversal(7100)
Reference: URL:http://xforce.iss.net/static/7100.php
Directory traversal vulnerability in view_item CGI program in
sglMerchant 1.0 allows remote attackers to read arbitrary files via a
.. (dot dot) in the HTML_FILE parameter.
Analysis
----------------
ED_PRI CAN-2001-1019 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html
Reference: XF:xcache-path-disclosure(7159)
Reference: URL:http://xforce.iss.net/static/7159.php
Reference: BID:3352
Reference: URL:http://www.securityfocus.com/bid/3352
Xcache 2.1 allows remote attackers to determine the absolute path of
web server documents by requesting a URL that is not cached by Xcache,
which returns the full pathname in the Content-PageName header.
Analysis
----------------
ED_PRI CAN-2001-1023 3
Vendor Acknowledgement: unknown discloser-claimed
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges
before verifying the capabilities for reading the copyright and
welcome files, which allows local users to bypass the capabilities
checks and read arbitrary files by specifying alternate copyright or
welcome files.
Analysis
----------------
ED_PRI CAN-2001-1029 3
Vendor Acknowledgement: unknown discloser-claimed
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html
Reference: XF:php-nuke-admin-file-overwrite(7170)
Reference: URL:http://xforce.iss.net/static/7170.php
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check
login credentials for upload operations, which allows remote attackers
to copy and upload arbitrary files and read the PHP-Nuke configuration
file by directly calling admin.php with an upload parameter and
specifying the file to copy.
Analysis
----------------
ED_PRI CAN-2001-1032 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010925 Re: HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216323
Reference: XF:trucluster-portscan-dos(7171)
Reference: URL:http://xforce.iss.net/static/7171.php
Reference: BID:3362
Reference: URL:http://www.securityfocus.com/bid/3362
Compaq TruCluster 1.5 allows remote attackers to cause a denial of
service via a port scan from a system that does not have a DNS PTR
record, which causes the cluster to enter a "split-brain" state.
Analysis
----------------
ED_PRI CAN-2001-1033 3
Vendor Acknowledgement: unknown discloser-claimed
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1034
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010923 hylafax
Reference: URL:http://www.securityfocus.com/archive/1/215984
Reference: XF:hylafax-hostname-format-string(7164)
Reference: URL:http://xforce.iss.net/static/7164.php
Reference: BID:3357
Reference: URL:http://www.securityfocus.com/bid/3357
Format string vulnerability in Hylafax on FreeBSD allows local users
to execute arbitrary code via format specifiers in the -h hostname
argument for (1) faxrm or (2) faxalter.
Analysis
----------------
ED_PRI CAN-2001-1034 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: BID:3389
Reference: URL:http://www.securityfocus.com/bid/3389
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
CCCSoftware CCC PHP script allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.
Analysis
----------------
ED_PRI CAN-2001-1050 3
Vendor Acknowledgement: no
ACKNOWLEDGEMENT: information about this product cannot be found on the
web, so acknowledgement cannot be determined.
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=440666&group_id=20971&atid=120971
Reference: BID:3390
Reference: URL:http://www.securityfocus.com/bid/3390
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
Dark Hart Portal (darkportal) PHP script allows remote attackers to
include arbitrary files from remote web sites via an HTTP request that
sets the includedir variable.
Analysis
----------------
ED_PRI CAN-2001-1051 3
Vendor Acknowledgement: unknown vague
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS:
======================================================
Candidate: CAN-2001-1052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: BID:3391
Reference: URL:http://www.securityfocus.com/bid/3391
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php
Empris PHP script allows remote attackers to include arbitrary files
from remote web sites via an HTTP request that sets the includedir
variable.
Analysis
----------------
ED_PRI CAN-2001-1052 3
Vendor Acknowledgement:
Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
HAS-INDEPENDENT-CONFIRMATION, or provide other reason.
VOTE:
ACCEPT_REASON:
COMMENTS: