[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 428 candidates (Final March 8)



Sorry for this large email, but it's long overdue and I didn't want to
lose another day just to package things more cleanly.

I have made an Interim Decision to ACCEPT the following 428
candidates.  If these candidates make it through Final Decision, then
the CVE List will exceed 2000 entries.

166 of these candidates are from the 500+ legacy candidates that were
proposed in fall 2001 (I haven't investigated why more aren't ready
yet).

Normally I break things down statistically by cluster and divide
things into multiple emails, but this is such a large set of
candidates that I'll take a different approach.  Following is a
breakdown of when the CANs were proposed.

   1 Proposed: 19990726
   4 Proposed: 19991222
   3 Proposed: 20000111
   1 Proposed: 20000322
   2 Proposed: 20000426
   1 Proposed: 20000518
   1 Proposed: 20000615
   1 Proposed: 20000712
   5 Proposed: 20000719
   1 Proposed: 20000803
  10 Proposed: 20000921
   5 Proposed: 20001018
   2 Proposed: 20001219
   2 Proposed: 20010202
   1 Proposed: 20010214
   4 Proposed: 20010309
   6 Proposed: 20010404
  18 Proposed: 20010524
  56 Proposed: 20010727
  31 Proposed: 20010829
 170 Proposed: 20010912
  33 Proposed: 20011012
  36 Proposed: 20011122
  34 Proposed: 20020131

Note: the 34 that were proposed on 1/31/2002 are very safe to accept,
even though some regular voters haven't necessarily voted on them yet.

Here's the summary of votes:

  Renaud ACCEPT(5) NOOP(1)
  Ozancin ACCEPT(9) NOOP(1) REVIEWING(1)
  Green ACCEPT(32) MODIFY(1)
  Magdych ACCEPT(2) NOOP(7)
  LeBlanc ACCEPT(6) NOOP(8)
  Cole ACCEPT(380) NOOP(46)
  Balinsky ACCEPT(8) MODIFY(2) NOOP(2)
  Blake ACCEPT(5) NOOP(1)
  Meunier MODIFY(1)
  Foat ACCEPT(242) MODIFY(1) NOOP(117)
  Williams ACCEPT(20) MODIFY(1) NOOP(6)
  Oliver ACCEPT(9) NOOP(5)
  Christey NOOP(75) RECAST(1)
  Wall ACCEPT(117) NOOP(258) REVIEWING(4)
  Ziese ACCEPT(89) NOOP(22) REVIEWING(6)
  Dik ACCEPT(30)
  Levy ACCEPT(23) REVIEWING(8)
  Frech ACCEPT(141) MODIFY(239)
  Stracener ACCEPT(132) NOOP(4)
  Landfield ACCEPT(3) NOOP(2)
  Bollinger ACCEPT(6) NOOP(1)
  Baker ACCEPT(192) MODIFY(3) NOOP(1)
  Collins ACCEPT(11)
  Lawler ACCEPT(4)
  Bishop ACCEPT(74) NOOP(26) REVIEWING(2)
  Prosser ACCEPT(16) MODIFY(1)
  Armstrong ACCEPT(113) MODIFY(1) NOOP(33)


I will make a Final Decision on March 8.


- Steve



======================================================
Candidate: CAN-1999-0380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0380
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-02
Proposed: 19990726
Assigned: 19990607
Category: SF
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91999015212415&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92006416928093&w=2
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2
Reference: BID:497
Reference: URL:http://www.securityfocus.com/bid/497
Reference: XF:slmail-ras-ntfs-bypass(5392)
Reference: URL:http://xforce.iss.net/static/5392.php

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS
file system when the Remote Administration Service (RAS) is enabled by
setting a user's Finger File to point to the target file, then running
finger on the user.


Modifications:
  ADDREF NTBUGTRAQ:199909225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
  CHANGEREF NTBUGTRAQ [change date]
  ADDREF NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
  DESC Added finger details.
  ADDREF XF:slmail-ras-ntfs-bypass(5392)

INFERRED ACTION: CAN-1999-0380 ACCEPT (10 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(8) Wall, Cole, Armstrong, Bishop, Collins, Ozancin, Levy, Blake
   MODIFY(2) Baker, Frech
   NOOP(2) Landfield, Christey

Voter Comments:
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Baker> Vulnerability Reference (HTML)	Reference Type
   http://www.securityfocus.com/archive/1/12704	Misc Defensive Info
 Christey> Fix date in NTBUGTRAQ reference
 Christey> NTBUGTRAQ:19990310 SLmail 3.2 Build 3113 (Web Administration Security Fix)
   http://marc.theaimsgroup.com/?l=ntbugtraq&m=92110501504997&w=2
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:slmail-ras-ntfs-bypass(5392)


======================================================
Candidate: CAN-1999-0801
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0801
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-frames(2075)
Reference: URL:http://www.iss.net/security_center/static/2075.php

BMC Patrol allows remote attackers to gain access to an agent by
spoofing frames.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-1999-0801 ACCEPT_REV (8 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(8) Wall, Baker, Landfield, Cole, Frech, Collins, Ozancin, Stracener
   NOOP(1) Armstrong
   REVIEWING(1) Levy

Voter Comments:
 Wall> found by ISS X-Force
 CHANGE> [Cole changed vote from NOOP to ACCEPT]


======================================================
Candidate: CAN-1999-0815
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0815
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 19991125
Category: SF
Reference: MSKB:Q196270
Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp
Reference: XF:nt-snmpagent-leak(1974)
Reference: URL:http://xforce.iss.net/static/1974.php

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote
attackers to conduct a denial of service (memory exhaustion) via a
large number of queries.


Modifications:
  ADDREF XF:nt-snmpagent-leak(1974)

INFERRED ACTION: CAN-1999-0815 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-snmpagent-leak(1974)


======================================================
Candidate: CAN-1999-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0921
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-udp-dos(4291)
Reference: URL:http://www.iss.net/security_center/static/4291.php
Reference: BID:1879
Reference: URL:http://www.securityfocus.com/bid/1879

BMC Patrol allows any remote attacker to flood its UDP port, causing a
denial of service.


Modifications:
  ADDREF XF:bmc-patrol-udp-dos(4291)
  ADDREF BID:1879

INFERRED ACTION: CAN-1999-0921 ACCEPT_REV (8 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Landfield, Cole, Collins, Ozancin, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, Armstrong
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:bmc-patrol-udp-dos
 Christey> BID:1879
   URL:http://www.securityfocus.com/bid/1879


======================================================
Candidate: CAN-1999-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0930
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml
Reference: XF:http-cgi-wwwboard(2344)
Reference: URL:http://xforce.iss.net/static/2344.php
Reference: BID:1795
Reference: URL:http://www.securityfocus.com/bid/1795

wwwboard allows a remote attacker to delete message board articles via
a malformed argument.


Modifications:
  ADDREF XF:http-cgi-wwwboard(2344)
  ADDREF BID:1795
  ADDREF CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml

INFERRED ACTION: CAN-1999-0930 ACCEPT_REV (6 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(5) Stracener, Wall, Baker, Cole, Ozancin
   MODIFY(1) Frech
   NOOP(3) Christey, Landfield, Armstrong
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:http-cgi-wwwboard(2344)
 Christey> CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml.
   The comments only appear to address a followup post which describes a
   different vulnerability.  However, it also says: "Also requires that
   each followup number is in fact a number, to prevent message
   clobbering."  The suggested patch does appear to address the problem.
 Christey> BID:1795
   URL:http://www.securityfocus.com/bid/1795


======================================================
Candidate: CAN-1999-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0968
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19981226 bnc exploit
Reference: URL:http://www.securityfocus.com/archive/1/11711
Reference: XF:bnc-proxy-bo(1546)
Reference: URL:http://xforce.iss.net/static/1546.php
Reference: BID:1927
Reference: URL:http://www.securityfocus.com/bid/1927

Buffer overflow in BNC IRC proxy allows remote attackers to gain
privileges.


Modifications:
  ADDREF XF:bnc-proxy-bo(1546)
  ADDREF BID:1927

INFERRED ACTION: CAN-1999-0968 ACCEPT_REV (7 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(6) Stracener, Wall, Baker, Landfield, Cole, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, Armstrong
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:bnc-proxy-bo
 Christey> Possible acknowledgement in http://bnc.ircadmin.net/bnc2.6.2.tar.gz
   Under the 2.6.0 entry, it states "(8) Fixed a lot of potential string
   based overflows.  Reduced memory requirements for users."  Entry for
   2.4.4 says "(3) Moved some large varibles out of stack space for speed
   and securety."
   Version 2.4.4 was reported as being vulnerable.  Looking
   in cmds.c, line 200 has a call to some sockprint() function
   which includes the USER name.  The sockprint() function in server.c
   calls vsnprintf with a size limit of PACKETBUFF, and the original
   buffer is allocated as PACKETBUFF+1 bytes, so there probably isn't an
   overflow anymore.  But there's no comment indicating a fix - however,
   this could have been the fix.
 Christey> BID:1927


======================================================
Candidate: CAN-1999-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1014
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2
Reference: SUNBUG:4276509
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: URL:http://xforce.iss.net/static/3297.php
Reference: BID:672
Reference: URL:http://www.securityfocus.com/bid/672

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local
users to gain privileges via a long -m argument.


Modifications:
  ADDREF SUNBUG:4276509

INFERRED ACTION: CAN-1999-1014 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Dik
   NOOP(2) Wall, Foat

Voter Comments:
 Dik> sun bug: 4276509


======================================================
Candidate: CAN-1999-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1019
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2
Reference: BID:495
Reference: URL:http://www.securityfocus.com/bid/495

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a
directory tree with insecure permissions, which allows local users to
replace a privileged executable (processd) with a Trojan horse,
facilitating a root or Administrator compromise.

INFERRED ACTION: CAN-1999-1019 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1021
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1992-15
Reference: URL:http://www.cert.org/advisories/CA-1992-15.html
Reference: SUN:00117
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba
Reference: BID:47
Reference: URL:http://www.securityfocus.com/bid/47
Reference: XF:nfs-uid(82)
Reference: URL:http://xforce.iss.net/static/82.php

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32
bit UID, which allows a local user to gain root access if the lower 16
bits are set to 0, as fixed by the NFS jumbo patch upgrade.


Modifications:
  ADDREF XF:nfs-uid(82)

INFERRED ACTION: CAN-1999-1021 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:nfs-uid(82)
 Dik> sun bug: 1095935


======================================================
Candidate: CAN-1999-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1027
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925880&w=2
Reference: SUNBUG:4178998
Reference: XF:solaris-admintool-world-writable(7296)
Reference: URL:http://xforce.iss.net/static/7296.php
Reference: BID:290
Reference: URL:http://www.securityfocus.com/bid/290

Solaris 2.6 HW3/98 installs admintool with world-writable permissions,
which allows local users to gain privileges by replacing it with a
Trojan horse program.


Modifications:
  ADDREF XF:solaris-admintool-world-writable(7296)
  ADDREF SUNBUG:4178998

INFERRED ACTION: CAN-1999-1027 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Dik
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:solaris-admintool-world-writable(7296)
 Dik> sun bug: 4178998


======================================================
Candidate: CAN-1999-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1028
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2
Reference: BID:288
Reference: URL:http://www.securityfocus.com/bid/288
Reference: XF:pcanywhere-dos(2256)
Reference: URL:http://www.iss.net/security_center/static/2256.php

Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of
service (CPU utilization) via a large amount of data to port 5631.


Modifications:
  ADDREF XF:pcanywhere-dos(2256)

INFERRED ACTION: CAN-1999-1028 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Prosser, Baker, Cole
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-1999-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1032
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CERT:CA-1991-11
Reference: URL:http://www.cert.org/advisories/CA-1991-11.html
Reference: CIAC:B-36
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml
Reference: BID:26
Reference: URL:http://www.securityfocus.com/bid/26
Reference: XF:ultrix-telnet(584)
Reference: URL:http://xforce.iss.net/static/584.php

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2
allows attackers to gain root privileges.


Modifications:
  ADDREF XF:ultrix-telnet(584)
  ADDREF CIAC:B-36
  DESC add lattelnet to facilitate search.

INFERRED ACTION: CAN-1999-1032 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ultrix-telnet(584)


======================================================
Candidate: CAN-1999-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1034
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1991-08
Reference: URL:http://www.cert.org/advisories/CA-1991-08.html
Reference: CIAC:B-28
Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml
Reference: BID:23
Reference: URL:http://www.securityfocus.com/bid/23
Reference: XF:sysv-login(583)
Reference: URL:http://xforce.iss.net/static/583.php

Vulnerability in login in AT&T System V Release 4 allows local users
to gain privileges.


Modifications:
  ADDREF XF:sysv-login(583)
  ADDREF CIAC:B-28

INFERRED ACTION: CAN-1999-1034 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:sysv-login(583)


======================================================
Candidate: CAN-1999-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1035
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-019.asp
Reference: MSKB:Q192296
Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp
Reference: XF:iis-get-dos(1823)
Reference: URL:http://xforce.iss.net/static/1823.php

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a
denial of service (hang) via a malformed GET request, aka the IIS
"GET" vulnerability.


Modifications:
  ADDREF XF:iis-get-dos(1823)

INFERRED ACTION: CAN-1999-1035 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-get-dos(1823)


======================================================
Candidate: CAN-1999-1037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1037
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125976&w=2
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125986&w=2
Reference: XF:satan-rexsatan-symlink(7167)
Reference: URL:http://www.iss.net/security_center/static/7167.php

rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary
files via a symlink attack on the /tmp/rex.$$ file.


Modifications:
  ADDREF XF:satan-rexsatan-symlink(7167)

INFERRED ACTION: CAN-1999-1037 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:satan-rexsatan-symlink(7167)


======================================================
Candidate: CAN-1999-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1044
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: COMPAQ:SSRT0495U
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: CIAC:I-050
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: XF:dgux-advfs-softlinks(7431)
Reference: URL:http://www.iss.net/security_center/static/7431.php

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX
4.0 through 4.0d allows local users to gain privileges.


Modifications:
  ADDREF XF:dgux-advfs-softlinks(7431)

INFERRED ACTION: CAN-1999-1044 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Stracener
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:dgux-advfs-softlinks(7431)


======================================================
Candidate: CAN-1999-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1045
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980115 pnserver exploit..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88492978527261&w=2
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88490880523890&w=2
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90338245305236&w=2
Reference: MISC:http://service.real.com/help/faq/serv501.html
Reference: XF:realserver-pnserver-remote-dos(7297)
Reference: URL:http://www.iss.net/security_center/static/7297.php

pnserver in RealServer 5.0 and earlier allows remote attackers to
cause a denial of service by sending a short, malformed request.


Modifications:
  ADDREF XF:realserver-pnserver-remote-dos(7297)
  DESC [typo]

INFERRED ACTION: CAN-1999-1045 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:realserver-pnserver-remote-dos(7297)


======================================================
Candidate: CAN-1999-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1047
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2
Reference: XF:gauntlet-bsdi-bypass(3397)
Reference: URL:http://www.iss.net/security_center/static/3397.php

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular
order, Gauntlet allows remote attackers to bypass firewall access
restrictions, and does not log the activities.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-1999-1047 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall

Voter Comments:
 Frech> Normalize: XF:gauntlet-bsdi-bypass(3397)


======================================================
Candidate: CAN-1999-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1048
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Reference: URL:http://www.securityfocus.com/archive/1/10542
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: URL:http://www.debian.org/security/1998/19980909
Reference: XF:linux-bash-bo(3414)
Reference: URL:http://xforce.iss.net/static/3414.php

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local
attackers to gain privileges by creating an extremely large directory
name, which is inserted into the password prompt via the \w option in
the PS1 environmental variable when another user changes into that
directory.

INFERRED ACTION: CAN-1999-1048 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1055
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-018.asp
Reference: BID:179
Reference: URL:http://www.securityfocus.com/bid/179
Reference: XF:excel-call(1737)
Reference: URL:http://xforce.iss.net/static/1737.php

Microsoft Excel 97 does not warn the user before executing worksheet
functions, which could allow attackers to execute arbitrary commands
by using the CALL function to execute a malicious DLL, aka the Excel
"CALL Vulnerability."

INFERRED ACTION: CAN-1999-1055 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1057
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1990-07
Reference: URL:http://www.cert.org/advisories/CA-1990-07.html
Reference: CIAC:B-04
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml
Reference: BID:12
Reference: URL:http://www.securityfocus.com/bid/12
Reference: XF:vms-analyze-processdump-privileges(7137)
Reference: URL:http://www.iss.net/security_center/static/7137.php

VMS 4.0 through 5.3 allows local users to gain privileges via the
ANALYZE/PROCESS_DUMP dcl command.


Modifications:
  ADDREF XF:vms-analyze-processdump-privileges(7137)

INFERRED ACTION: CAN-1999-1057 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:vms-analyze-processdump-privileges(7137)


======================================================
Candidate: CAN-1999-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1059
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1992-04
Reference: URL:http://www.cert.org/advisories/CA-1992-04.html
Reference: BID:36
Reference: URL:http://www.securityfocus.com/bid/36
Reference: XF:att-rexecd(3159)
Reference: URL:http://www.iss.net/security_center/static/3159.php

Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various
SVR4 systems allows remote attackers to execute arbitrary commands.


Modifications:
  ADDREF XF:att-rexecd(3159)

INFERRED ACTION: CAN-1999-1059 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:att-rexecd(3159)


======================================================
Candidate: CAN-1999-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1074
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/9138
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html
Reference: BID:98
Reference: URL:http://www.securityfocus.com/bid/98

Webmin before 0.5 does not restrict the number of invalid passwords
that are entered for a valid username, which could allow remote
attackers to gain privileges via brute force password cracking.

INFERRED ACTION: CAN-1999-1074 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF;webmin-password-brute-force(7216)


======================================================
Candidate: CAN-1999-1085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1085
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125884&w=2
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/SSH-multiple-pub.html
Reference: CERT-VN:VU#13877
Reference: URL:http://www.kb.cert.org/vuls/id/13877
Reference: XF:ssh-insert(1126)
Reference: URL:http://www.iss.net/security_center/static/1126.php

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher
Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote
attackers to insert arbitrary data into an existing stream between an
SSH client and server by using a known plaintext attack and computing
a valid CRC-32 checksum for the packet, aka the "SSH insertion
attack."


Modifications:
  ADDREF XF:ssh-insert(1126)
  ADDREF CISCO:20010627 Multiple SSH Vulnerabilities
  ADDREF CERT-VN:VU#13877

INFERRED ACTION: CAN-1999-1085 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Christey

Voter Comments:
 Frech> XF:ssh-insert(1126)
 Christey> CISCO:20010627 Multiple SSH Vulnerabilities
   http://www.cisco.com/warp/public/707/SSH-multiple-pub.html


======================================================
Candidate: CAN-1999-1087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1087
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-016.asp
Reference: MSKB:Q168617
Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: XF:ie-dotless(2209)
Reference: URL:http://xforce.iss.net/static/2209.php

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in
the a URL as the hostname instead of an IP address, which causes IE to
apply Local Intranet Zone settings to the resulting web page, allowing
remote malicious web servers to conduct unauthorized activities by
using URLs that contain the dotless IP address for their server.

INFERRED ACTION: CAN-1999-1087 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1090
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1991-15
Reference: URL:http://www.cert.org/advisories/CA-1991-15.html
Reference: XF:ftp-ncsa(1844)
Reference: URL:http://xforce.iss.net/static/1844.php

The default configuration of NCSA Telnet package for Macintosh and PC
enables FTP, even though it does not include an "ftp=yes" line, which
allows remote attackers to read and modify arbitrary files.

INFERRED ACTION: CAN-1999-1090 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1093
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS98-011.asp
Reference: MSKB:Q191200
Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp
Reference: XF:java-script-patch(1276)
Reference: URL:http://www.iss.net/security_center/static/1276.php

Buffer overflow in the Window.External function in the JScript
Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows
remote attackers to execute arbitrary commands via a malicious web
page.


Modifications:
  ADDREF XF:java-script-patch(1276)
  ADDREF MSKB:Q191200

INFERRED ACTION: CAN-1999-1093 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:java-script-patch(1276)


======================================================
Candidate: CAN-1999-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1094
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88480839506155&w=2
Reference: XF:iemk-bug(917)
Reference: URL:http://xforce.iss.net/static/917.php

Buffer overflow in Internet Explorer 4.01 and earlier allows remote
attackers to execute arbitrary commands via a long URL with the "mk:"
protocol, aka the "MK Overrun security issue."

INFERRED ACTION: CAN-1999-1094 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1098
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1995-03
Reference: URL:http://www.cert.org/advisories/CA-1995-03.html
Reference: CIAC:F-12
Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml
Reference: XF:bsd-telnet(516)
Reference: URL:http://www.iss.net/security_center/static/516.php

Vulnerability in BSD Telnet client with encryption and Kerberos 4
authentication allows remote attackers to decrypt the session via
sniffing.


Modifications:
  ADDREF XF:bsd-telnet(516)

INFERRED ACTION: CAN-1999-1098 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bsd-telnet(516)


======================================================
Candidate: CAN-1999-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1099
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2
Reference: XF:kerberos-user-grab(65)
Reference: URL:http://xforce.iss.net/static/65.php

Kerberos 4 allows remote attackers to obtain sensitive information via
a malformed UDP packet that generates an error string that
inadvertently includes the realm name and the last user.


Modifications:
  DESC [grammar]

INFERRED ACTION: CAN-1999-1099 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech

Voter Comments:
 Frech> In description, fix grammar: "generates an error string that
   inadvertently..."


======================================================
Candidate: CAN-1999-1100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1100
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml
Reference: CIAC:I-056
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
Reference: XF:cisco-pix-parse-error(1579)
Reference: URL:http://xforce.iss.net/static/1579.php

Cisco PIX Private Link 4.1.6 and earlier does not properly process
certain commands in the configuration file, which reduces the
effective key length of the DES key to 48 bits instead of 56 bits,
which makes it easier for an attacker to find the proper key via a
brute force attack.


Modifications:
  ADDREF CIAC:I-056

INFERRED ACTION: CAN-1999-1100 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Foat, Cole, Armstrong, Frech, Stracener, Balinsky
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1102
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Reference: CIAC:E-25a
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating
systems allows local users to create or overwrite arbitrary files via
a symlink attack that is triggered after invoking lpr 1000 times.

INFERRED ACTION: CAN-1999-1102 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bsd-lpr-symlink(7209)


======================================================
Candidate: CAN-1999-1103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1103
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:VB-96.05
Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec
Reference: CIAC:G-18
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml
Reference: MISC:http://www.tao.ca/fire/bos/0209.html
Reference: XF:osf-dxconsole-gain-privileges(7138)
Reference: URL:http://www.iss.net/security_center/static/7138.php

dxconsole in DEC OSF/1 3.2C and earlier allows local users to read
arbitrary files by specifying the file with the -file parameter.


Modifications:
  ADDREF XF:osf-dxconsole-gain-privileges(7138)

INFERRED ACTION: CAN-1999-1103 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:osf-dxconsole-gain-privileges(7138)


======================================================
Candidate: CAN-1999-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1104
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418931&w=2
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=88540877601866&w=2
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88536273725787&w=2
Reference: MSKB:Q140557
Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp
Reference: XF:win95-nbsmbpwl(71)
Reference: URL:http://www.iss.net/security_center/static/71.php

Windows 95 uses weak encryption for the password list (.pwl) file used
when password caching is enabled, which allows local users to gain
privileges by decrypting the passwords.


Modifications:
  ADDREF XF:win95-nbsmbpwl(71)

INFERRED ACTION: CAN-1999-1104 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Wall, Cole
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:win95-nbsmbpwl(71)


======================================================
Candidate: CAN-1999-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1105
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html
Reference: XF:win95-netware-hidden-share(7231)
Reference: URL:http://www.iss.net/security_center/static/7231.php

Windows 95, when Remote Administration and File Sharing for NetWare
Networks is enabled, creates a share (C$) when an administrator logs
in remotely, which allows remote attackers to read arbitrary files by
mapping the network drive.


Modifications:
  DESC [spelling]
  ADDREF XF:win95-netware-hidden-share(7231)

INFERRED ACTION: CAN-1999-1105 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:win95-netware-hidden-share(7231)
   In description, Netware should be NetWare.


======================================================
Candidate: CAN-1999-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1109
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2
Reference: BID:904
Reference: URL:http://www.securityfocus.com/bid/904
Reference: XF:sendmail-etrn-dos(7760)
Reference: URL:http://www.iss.net/security_center/static/7760.php

Sendmail before 8.10.0 allows remote attackers to cause a denial of
service by sending a series of ETRN commands then disconnecting from
the server, while Sendmail continues to process the commands after the
connection has been terminated.


Modifications:
  ADDREF XF:sendmail-etrn-dos(7760)

INFERRED ACTION: CAN-1999-1109 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:sendmail-etrn-dos(7760)


======================================================
Candidate: CAN-1999-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1111
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2
Reference: BID:786
Reference: URL:http://www.securityfocus.com/bid/786
Reference: XF:immunix-stackguard-bo(3524)
Reference: URL:http://xforce.iss.net/static/3524.php

Vulnerability in StackGuard before 1.21 allows remote attackers to
bypass the Random and Terminator Canary security mechanisms by using a
non-linear attack which directly modifies a pointer to a return
address instead of using a buffer overflow to reach the return address
entry itself.

INFERRED ACTION: CAN-1999-1111 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1114
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:H-15A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml
Reference: AUSCERT:AA-96.17
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul
Reference: SGI:19980405-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: URL:http://xforce.iss.net/static/2100.php
Reference: BID:467
Reference: URL:http://www.securityfocus.com/bid/467

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and
earlier, and possibly other operating systems, allows local users to
gain root privileges.

INFERRED ACTION: CAN-1999-1114 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1115
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1990-04
Reference: URL:http://www.cert.org/advisories/CA-1990-04.html
Reference: CIAC:A-30
Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml
Reference: BID:7
Reference: URL:http://www.securityfocus.com/bid/7
Reference: XF:apollo-suidexec-unauthorized-access(6721)
Reference: URL:http://www.iss.net/security_center/static/6721.php

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS
sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).


Modifications:
  ADDREF XF:apollo-suidexec-unauthorized-access(6721)

INFERRED ACTION: CAN-1999-1115 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:apollo-suidexec-unauthorized-access(6721)


======================================================
Candidate: CAN-1999-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1116
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SGI:19970503-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX
Reference: BID:462
Reference: URL:http://www.securityfocus.com/bid/462
Reference: XF:sgi-runpriv(2108)
Reference: URL:http://xforce.iss.net/static/2108.php

Vulnerability in runpriv in Indigo Magic System Administration
subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root
privileges.

INFERRED ACTION: CAN-1999-1116 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1117
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961124
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: BID:455
Reference: URL:http://www.securityfocus.com/bid/455
Reference: XF:ibm-lquerypv(1752)
Reference: URL:http://xforce.iss.net/static/1752.php

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files
by specifying the file in the -h command line parameter.

INFERRED ACTION: CAN-1999-1117 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1118
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00165
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba
Reference: BID:433
Reference: URL:http://www.securityfocus.com/bid/433
Reference: XF:sun-ndd(817)
Reference: URL:http://xforce.iss.net/static/817.php

ndd in Solaris 2.6 allows local users to cause a denial of service by
modifying certain TCP/IP parameters.

INFERRED ACTION: CAN-1999-1118 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Dik, Stracener

Voter Comments:
 Dik> sun bug: 4069630


======================================================
Candidate: CAN-1999-1119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1119
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CERT:CA-1992-09
Reference: URL:http://www.cert.org/advisories/CA-1992-09.html
Reference: BID:41
Reference: URL:http://www.securityfocus.com/bid/41
Reference: XF:aix-anon-ftp(3154)
Reference: URL:http://xforce.iss.net/static/3154.php

FTP installation script anon.ftp in AIX insecurely configures
anonymous FTP, which allows remote attackers to execute arbitrary
commands.

INFERRED ACTION: CAN-1999-1119 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1120
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970104 Irix: netprint story
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2
Reference: SGI:19961203-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: BID:395
Reference: URL:http://www.securityfocus.com/bid/395
Reference: XF:sgi-netprint(2107)
Reference: URL:http://xforce.iss.net/static/2107.php

netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental
variable for finding and executing the disable program, which allows
local users to gain privileges.

INFERRED ACTION: CAN-1999-1120 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1121
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CERT:CA-1992-06
Reference: URL:http://www.cert.org/advisories/CA-1992-06.html
Reference: BID:38
Reference: URL:http://www.securityfocus.com/bid/38
Reference: XF:ibm-uucp(554)
Reference: URL:http://xforce.iss.net/static/554.php

The default configuration for UUCP in AIX before 3.2 allows local
users to gain root privileges.

INFERRED ACTION: CAN-1999-1121 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1122
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1989-02
Reference: URL:http://www.cert.org/advisories/CA-1989-02.html
Reference: CIAC:CIAC-08
Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml
Reference: SUNBUG:1019265
Reference: BID:3
Reference: URL:http://www.securityfocus.com/bid/3
Reference: XF:sun-restore-gain-privileges(6695)
Reference: URL:XF:sun-restore-gain-privileges(6695)

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users
to gain privileges.


Modifications:
  ADDREF XF:sun-restore-gain-privileges(6695)
  ADDREF CIAC:CIAC-08
  ADDREF SUNBUG:1019265

INFERRED ACTION: CAN-1999-1122 ACCEPT (5 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sun-restore-gain-privileges(6695)
 Dik> sun bug: 1019265


======================================================
Candidate: CAN-1999-1127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1127
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-017.asp
Reference: MSKB:Q195733
Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp
Reference: XF:nt-spoolss(523)
Reference: URL:http://www.iss.net/security_center/static/523.php

Windows NT 4.0 does not properly shut down invalid named pipe RPC
connections, which allows remote attackers to cause a denial of
service (resource exhaustion) via a series of connections containing
malformed data, aka the "Named Pipes Over RPC" vulnerability.


Modifications:
  ADDREF XF:nt-spoolss(523)

INFERRED ACTION: CAN-1999-1127 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-spoolss(523)


======================================================
Candidate: CAN-1999-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1131
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:VB-97.12
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup
Reference: CIAC:I-060
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml
Reference: SGI:19980601-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX
Reference: XF:sgi-osf-dce-dos(1123)
Reference: URL:http://xforce.iss.net/static/1123.php

Buffer overflow in OSF Distributed Computing Environment (DCE)
security demon (secd) in IRIX 6.4 and earlier allows attackers to
cause a denial of service via a long principal, group, or
organization.

INFERRED ACTION: CAN-1999-1131 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1132
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90763508011966&w=2
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90760603030452&w=2
Reference: MSKB:Q179157
Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp
Reference: XF:token-ring-dos(1399)
Reference: URL:http://www.iss.net/security_center/static/1399.php

Windows NT 4.0 allows remote attackers to cause a denial of service
(crash) via extra source routing data such as (1) a Routing
Information Field (RIF) field with a hop count greater than 7, or (2)
a list containing duplicate Token Ring IDs.

INFERRED ACTION: CAN-1999-1132 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:token-ring-dos(1399)


======================================================
Candidate: CAN-1999-1136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1136
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9807-081
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html
Reference: HP:HPSBMP9807-005
Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2
Reference: CIAC:I-081
Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml
Reference: XF:mpeix-predictive(1413)
Reference: URL:http://xforce.iss.net/static/1413.php

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5
and earlier, allows attackers to compromise data transfer for
Predictive messages (using e-mail or modem) between customer and
Response Center Predictive systems.

INFERRED ACTION: CAN-1999-1136 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1137
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CIAC:E-01
Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:sun-audio(549)
Reference: URL:http://xforce.iss.net/static/549.php

The permissions for the /dev/audio device on Solaris 2.2 and earlier,
and SunOS 4.1.x, allow any local user to read from the device, which
could be used by an attacker to monitor conversations happening near a
machine that has a microphone.

INFERRED ACTION: CAN-1999-1137 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Dik, Stracener


======================================================
Candidate: CAN-1999-1138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1138
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CERT:CA-1993-13
Reference: URL:http://www.cert.org/advisories/CA-1993-13.html
Reference: XF:sco-homedir(546)
Reference: URL:http://xforce.iss.net/static/546.php

SCO UNIX System V/386 Release 3.2, and other SCO products, installs
the home directories (1) /tmp for the dos user, and (2) /usr/tmp for
the asg user, which allows other users to gain access to those
accounts since /tmp and /usr/tmp are world-writable.

INFERRED ACTION: CAN-1999-1138 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1139
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2
Reference: HP:HPSBUX9801-074
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html
Reference: CIAC:I-027B
Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml
Reference: XF:hp-cue(2007)
Reference: URL:http://www.iss.net/security_center/static/2007.php

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier
allows local users to overwrite arbitrary files and gain root
privileges via a symlink attack on the IOERROR.mytty file.


Modifications:
  ADDREF XF:hp-cue(2007)
  ADDREF CIAC:I-027B

INFERRED ACTION: CAN-1999-1139 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:hp-cue(2007)


======================================================
Candidate: CAN-1999-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1140
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971214 buffer overflows in cracklib?!
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2
Reference: CERT:VB-97.16
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib
Reference: XF:cracklib-bo(1539)
Reference: URL:http://xforce.iss.net/static/1539.php

Buffer overflow in CrackLib 2.5 may allow local users to gain root
privileges via a long GECOS field.

INFERRED ACTION: CAN-1999-1140 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1142
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1992-11
Reference: URL:http://www.cert.org/advisories/CA-1992-11.html
Reference: XF:sun-env(3152)
Reference: URL:http://xforce.iss.net/static/3152.php

SunOS 4.1.2 and earlier allows local users to gain privileges in
certain dynamically linked setuid or setgid programs that change the
real and effective user ids to the same user, via "LD_*" environmental
variables.

INFERRED ACTION: CAN-1999-1142 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Dik, Stracener
   NOOP(1) Wall

Voter Comments:
 Dik> sun bug: 1085853


======================================================
Candidate: CAN-1999-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1143
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:H-065
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml
Reference: SGI:19970504-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX
Reference: XF:sgi-rld(2109)
Reference: URL:http://xforce.iss.net/static/2109.php

Vulnerability in runtime linker program rld in SGI IRIX 6.x and
earlier allows local users to gain privileges via setuid and setgid
programs.

INFERRED ACTION: CAN-1999-1143 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1144
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: HP:HPSBUX9701-051
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html
Reference: XF:hp-mpower(2056)
Reference: URL:http://xforce.iss.net/static/2056.php

Certain files in MPower in HP-UX 10.x are installed with insecure
permissions, which allows local users to gain privileges.

INFERRED ACTION: CAN-1999-1144 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1145
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9701-044
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: XF:hp-glanceplus(2059)
Reference: URL:http://xforce.iss.net/static/2059.php

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and
earlier allows local users to access arbitrary files and gain
privileges.

INFERRED ACTION: CAN-1999-1145 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1146
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9405-011
Reference: URL:http://www.securityfocus.com/advisories/1555
Reference: XF:hp-glanceplus-gpm(2060)
Reference: URL:http://xforce.iss.net/static/2060.php

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x
and earlier allows local users to access arbitrary files and gain
privileges.

INFERRED ACTION: CAN-1999-1146 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1147
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: XF:pcm-dos-execute(1430)
Reference: URL:http://xforce.iss.net/static/1430.php

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows
remote attackers to execute arbitrary commands via a long string to
the Agent port (1827), which is handled by smaxagent.exe.

INFERRED ACTION: CAN-1999-1147 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1148
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS98-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms98-006.asp
Reference: MSKB:Q189262
Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP
Reference: XF:iis-passive-ftp(1215)
Reference: URL:http://xforce.iss.net/static/1215.php

FTP service in IIS 4.0 and earlier allows remote attackers to cause a
denial of service (resource exhaustion) via many passive (PASV)
connections at the same time.

INFERRED ACTION: CAN-1999-1148 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1156
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698
Reference: XF:bisonware-port-crash(2254)
Reference: URL:http://xforce.iss.net/static/2254.php

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause
a denial of service via a malformed PORT command that contains a
non-numeric character and a large number of carriage returns.

INFERRED ACTION: CAN-1999-1156 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1157
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q192774
Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP
Reference: XF:tcpipsys-icmp-dos(3894)
Reference: URL:http://xforce.iss.net/static/3894.php

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to
cause a denial of service via an ICMP Subnet Mask Address Request
packet, when certain multiple IP addresses are bound to the same
network interface.

INFERRED ACTION: CAN-1999-1157 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1159
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2
Reference: XF:ssh-privileged-port-forward(1471)
Reference: URL:http://xforce.iss.net/static/1471.php

SSH 2.0.11 and earlier allows local users to request remote forwarding
from privileged ports without being root.

INFERRED ACTION: CAN-1999-1159 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1160
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9702-055
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2
Reference: CIAC:H-33
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml
Reference: XF:hp-ftpd-kftpd(7437)
Reference: URL:http://www.iss.net/security_center/static/7437.php

Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and
possibly remote users to gain root privileges.


Modifications:
  ADDREF XF:hp-ftpd-kftpd(7437)

INFERRED ACTION: CAN-1999-1160 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:hp-ftpd-kftpd(7437)


======================================================
Candidate: CAN-1999-1161
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1161
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961103 Re: Untitled
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2
Reference: BUGTRAQ:19961104 ppl bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2
Reference: HP:HPSBUX9704-057
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html
Reference: CIAC:H-32
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml
Reference: AUSCERT:AA-97.07
Reference: XF:hp-ppl(7438)
Reference: URL:http://www.iss.net/security_center/static/7438.php

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to
gain root privileges by forcing ppl to core dump.


Modifications:
  ADDREF XF:hp-ppl(7438)

INFERRED ACTION: CAN-1999-1161 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:hp-ppl(7438)
   Not hp-ppllog(419)


======================================================
Candidate: CAN-1999-1162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1162
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1993-08
Reference: URL:http://www.cert.org/advisories/CA-1993-08.html
Reference: XF:sco-passwd-deny(542)
Reference: URL:http://www.iss.net/security_center/static/542.php

Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers
to cause a denial of service by preventing users from being able to
log into the system.


Modifications:
  ADDREF XF:sco-passwd-deny(542)

INFERRED ACTION: CAN-1999-1162 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sco-passwd-deny(542)


======================================================
Candidate: CAN-1999-1163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1163
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: HP:HPSBUX9911-105
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2
Reference: XF:hp-ssp(7439)
Reference: URL:http://www.iss.net/security_center/static/7439.php

Vulnerability in HP Series 800 S/X/V Class servers allows remote
attackers to gain access to the S/X/V Class console via the Service
Support Processor (SSP) Teststation.


Modifications:
  ADDREF XF:hp-ssp(7439)

INFERRED ACTION: CAN-1999-1163 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:hp-ssp(7439)


======================================================
Candidate: CAN-1999-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1167
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html
Reference: XF:thirdvoice-cross-site-scripting(7252)
Reference: URL:http://www.iss.net/security_center/static/7252.php

Cross-site scripting vulnerability in Third Voice Web annotation
utility allows remote users to read sensitive data and generate fake
web pages for other Third Voice users by injecting malicious
Javascript into an annotation.


Modifications:
  ADDREF XF:thirdvoice-cross-site-scripting(7252)

INFERRED ACTION: CAN-1999-1167 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:thirdvoice-cross-site-scripting(7252)


======================================================
Candidate: CAN-1999-1175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1175
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Reference: CIAC:I-054
Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml
Reference: XF:cisco-wccp-vuln(1577)
Reference: URL:http://xforce.iss.net/static/1577.php

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS
11.2 and earlier does not use authentication, which allows remote
attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets
to UDP port 2048.


Modifications:
  ADDREF XF:cisco-wccp-vuln(1577)

INFERRED ACTION: CAN-1999-1175 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Stracener, Balinsky
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-wccp-vuln(1577)
 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-1999-1177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1177
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish
Reference: XF:http-cgi-nphpublish(2055)
Reference: URL:http://xforce.iss.net/static/2055.php

Directory traversal vulnerability in nph-publish before 1.2 allows
remote attackers to overwrite arbitrary files via a .. (dot dot) in
the pathname for an upload operation.


Modifications:
  ADDREF XF:http-cgi-nphpublish(2055)

INFERRED ACTION: CAN-1999-1177 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:http-cgi-nphpublish(2055)


======================================================
Candidate: CAN-1999-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1181
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category:
Reference: SGI:19980901-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX
Reference: CIAC:J-003
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml
Reference: XF:irix-register(7441)
Reference: URL:http://www.iss.net/security_center/static/7441.php

Vulnerability in On-Line Customer Registration software for IRIX 6.2
through 6.4 allows local users to gain root privileges.


Modifications:
  ADDREF XF:irix-register(7441)

INFERRED ACTION: CAN-1999-1181 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:irix-register(7441)


======================================================
Candidate: CAN-1999-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1188
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2
Reference: XF:mysql-readable-log-files(1568)
Reference: URL:http://xforce.iss.net/static/1568.php

mysqld in MySQL 3.21 creates log files with world-readable
permissions, which allows local users to obtain passwords for users
who are added to the user database.

INFERRED ACTION: CAN-1999-1188 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1191
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2
Reference: AUSCERT:AA-97.18
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul
Reference: SUN:00144
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144
Reference: BID:207
Reference: URL:http://www.securityfocus.com/bid/207
Reference: XF:solaris-chkey-bo(7442)
Reference: URL:http://www.iss.net/security_center/static/7442.php

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.


Modifications:
  ADDREF XF:solaris-chkey-bo(7442)

INFERRED ACTION: CAN-1999-1191 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:solaris-chkey-bo(7442)
 Dik> sun bug 4053189
 Dik> sun bug 4053189


======================================================
Candidate: CAN-1999-1192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1192
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00143
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143
Reference: BID:206
Reference: URL:http://www.securityfocus.com/bid/206
Reference: XF:solaris-eeprom-bo(7444)
Reference: URL:http://www.iss.net/security_center/static/7444.php

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local
users to gain root privileges via a long command line argument.


Modifications:
  ADDREF XF:solaris-eeprom-bo(7444)

INFERRED ACTION: CAN-1999-1192 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:solaris-eeprom-bo(7444)
 Dik> sun bug: 4043234
 Dik> sun bug: 4043234


======================================================
Candidate: CAN-1999-1193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1193
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1991-06
Reference: URL:http://www.cert.org/advisories/CA-1991-06.html
Reference: XF:next-me(581)
Reference: URL:http://xforce.iss.net/static/581.php
Reference: BID:20
Reference: URL:http://www.securityfocus.com/bid/20

The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group
privileges, which could allow the me user to use the su command to
become root.

INFERRED ACTION: CAN-1999-1193 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1194
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1194
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CERT:CA-1991-05
Reference: URL:http://www.cert.org/advisories/CA-1991-05.html
Reference: BID:17
Reference: URL:http://www.securityfocus.com/bid/17
Reference: XF:dec-chroot(577)
Reference: URL:http://xforce.iss.net/static/577.php

chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which
allows local users to gain privileges.

INFERRED ACTION: CAN-1999-1194 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1197
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1197
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1990-12
Reference: URL:http://www.cert.org/advisories/CA-1990-12.html
Reference: BID:14
Reference: URL:http://www.securityfocus.com/bid/14
Reference: XF:sunos-tioccons-console-redirection(7140)
Reference: URL:http://www.iss.net/security_center/static/7140.php

TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a
user who tries to redirect console output and input, which could allow
a local user to gain privileges.


Modifications:
  ADDREF XF:sunos-tioccons-console-redirection(7140)

INFERRED ACTION: CAN-1999-1197 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sunos-tioccons-console-redirection(7140)
 Dik> sun bug: 1008324


======================================================
Candidate: CAN-1999-1198
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1198
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CERT:CA-1990-06
Reference: URL:http://www.cert.org/advisories/CA-1990-06.html
Reference: CIAC:B-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml
Reference: BID:11
Reference: URL:http://www.securityfocus.com/bid/11
Reference: XF:nextstep-builddisk-root-access(7141)
Reference: URL:http://www.iss.net/security_center/static/7141.php

BuildDisk program on NeXT systems before 2.0 does not prompt users for
the root password, which allows local users to gain root privileges.


Modifications:
  ADDREF XF:nextstep-builddisk-root-access(7141)

INFERRED ACTION: CAN-1999-1198 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:nextstep-builddisk-root-access(7141)


======================================================
Candidate: CAN-1999-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1203
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2
Reference: XF:ascend-ppp-isdn-dos(7498)
Reference: URL:http://www.iss.net/security_center/static/7498.php

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote
attackers to cause a denial of service via a spoofed endpoint
identifier.


Modifications:
  ADDREF XF:ascend-ppp-isdn-dos(7498)

INFERRED ACTION: CAN-1999-1203 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:ascend-ppp-isdn-dos(7498)


======================================================
Candidate: CAN-1999-1204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1204
Final-Decision:
Interim-Decision: 20020301
Modified: 20020217-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925912&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html
Reference: XF:fw1-user-defined-keywords-access(7293)
Reference: URL:http://xforce.iss.net/static/7293.php

Check Point Firewall-1 does not properly handle certain restricted
keywords (e.g., Mail, auth, time) in user-defined objects, which could
produce a rule with a default "ANY" address and result in access to
more systems than intended by the administrator.


Modifications:
  ADDREF XF:fw1-user-defined-keywords-access(7293)

INFERRED ACTION: CAN-1999-1204 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:fw1-user-defined-keywords-access(7293)
   http://www.checkpoint.com/techsupport/config/keywords.html


======================================================
Candidate: CAN-1999-1205
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1205
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2
Reference: HP:HPSBUX9607-035
Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08
Reference: CIAC:G-34
Reference: XF:hp-nettune(414)

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which
allows local users to cause a denial of service by modifying critical
networking configuration information.

INFERRED ACTION: CAN-1999-1205 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1208
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1208
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2
Reference: XF:ping-bo(803)
Reference: URL:http://xforce.iss.net/static/803.php

Buffer overflow in ping in AIX 4.2 and earlier allows local users to
gain root privileges via a long command line argument.

INFERRED ACTION: CAN-1999-1208 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1209
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971204 scoterm exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2
Reference: CERT:VB-97.14
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm
Reference: XF:sco-scoterm(690)

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open
Desktop/Open Server 3.0 allows local users to gain root privileges.

INFERRED ACTION: CAN-1999-1209 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1214
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
Reference: URL:http://www.openbsd.com/advisories/signals.txt
Reference: XF:openbsd-iosig(556)
Reference: URL:http://xforce.iss.net/static/556.php

Vulnerability in asynchronous I/O facility in 4.4 BSD kernel does not
check user credentials when initializing I/O notification, which
allows local users to cause a denial of service by specifying an
arbitrary process ID to be signaled via a socket or device file
descriptor via certain ioctl and fcntl calls

INFERRED ACTION: CAN-1999-1214 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1215
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1215
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:D-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml
Reference: CERT:CA-1993-12
Reference: URL:http://www.cert.org/advisories/CA-1993-12.html
Reference: XF:novell-login(545)
Reference: URL:http://xforce.iss.net/static/545.php

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes
user name and password information to disk, which could allow local
users to gain privileges.

INFERRED ACTION: CAN-1999-1215 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1222
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1222
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q188571
Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP
Reference: XF:dns-netbtsys-dos(3893)
Reference: URL:http://xforce.iss.net/static/3893.php

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to
cause a denial of service (crash) by returning 0.0.0.0 as the IP
address for a DNS host name lookup.

INFERRED ACTION: CAN-1999-1222 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1223
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1223
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q187503
Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp
Reference: XF:url-asp-av(3892)
Reference: URL:http://xforce.iss.net/static/3892.php

IIS 3.0 allows remote attackers to cause a denial of service via a
request to an ASP page in which the URL contains a large number of /
(forward slash) characters.

INFERRED ACTION: CAN-1999-1223 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1226
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1226
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
Reference: XF:netscape-huge-key-dos(3436)
Reference: URL:http://xforce.iss.net/static/3436.php

Netscape Communicator 4.7 and earlier allows remote attackers to cause
a denial of service, and possibly execute arbitrary commands, via a
long certificate key.

INFERRED ACTION: CAN-1999-1226 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Frech
   NOOP(1) Foat


======================================================
Candidate: CAN-1999-1233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1233
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MS:MS99-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-039.asp
Reference: MSKB:241562
Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp
Reference: BID:657
Reference: URL:http://www.securityfocus.com/bid/657
Reference: XF:iis-unresolved-domain-access(3306)
Reference: URL:http://xforce.iss.net/static/3306.php

IIS 4.0 does not properly restrict access for the initial session
request from a user's IP address if the address does not resolve to a
DNS domain, aka the "Domain Resolution" vulnerability.

INFERRED ACTION: CAN-1999-1233 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1243
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:F-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Reference: SGI:19950301-01-P373
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Reference: XF:sgi-permissions(2113)
Reference: URL:http://xforce.iss.net/static/2113.php

SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local
users to modify permissions for arbitrary files and gain privileges.

INFERRED ACTION: CAN-1999-1243 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1246
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q229972
Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
Reference: XF:siteserver-directmail-passwords(2068)
Reference: URL:http://xforce.iss.net/static/2068.php

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain
names and passwords in plaintext in the TMLBQueue network share, which
has insecure default permissions, allowing remote attackers to read
the passwords and gain privileges.

INFERRED ACTION: CAN-1999-1246 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1249
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: HP:HPSBUX9701-047
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html
Reference: XF:hp-movemail(2057)
Reference: URL:http://xforce.iss.net/static/2057.php

movemail in HP-UX 10.20 has insecure permissions, which allows local
users to gain privileges.

INFERRED ACTION: CAN-1999-1249 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1258
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00102
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102
Reference: XF:sun-pwdauthd(1782)
Reference: URL:http://xforce.iss.net/static/1782.php

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent
remote access to the daemon, which allows remote attackers to obtain
sensitive system information.

INFERRED ACTION: CAN-1999-1258 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Dik, Stracener


======================================================
Candidate: CAN-1999-1259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1259
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q189529
Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp
Reference: XF:office-extraneous-data(1780)
Reference: URL:http://xforce.iss.net/static/1780.php

Microsoft Office 98, Macintosh Edition, does not properly initialize
the disk space used by Office 98 files and effectively inserts data
from previously deleted files into the Office file, which could allow
attackers to obtain sensitive information.

INFERRED ACTION: CAN-1999-1259 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1262
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Reference: URL:http://www.securityfocus.com/archive/1/12231
Reference: XF:java-socket-open(1727)
Reference: URL:http://xforce.iss.net/static/1727.php

Java in Netscape 4.5 does not properly restrict applets from
connecting to other hosts besides the one from which the applet was
loaded, which violates the Java security model and could allow remote
attackers to conduct unauthorized activities.

INFERRED ACTION: CAN-1999-1262 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Frech
   NOOP(1) Foat


======================================================
Candidate: CAN-1999-1263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1263
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19971024 Vulnerability in metamail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2
Reference: XF:metamail-file-creation(1677)
Reference: URL:http://xforce.iss.net/static/1677.php

Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary
files via an e-mail message containing a uuencoded attachment that
specifies the full pathname for the file to be modified, which is
processed by uuencode in Metamail scripts such as sun-audio-file.

INFERRED ACTION: CAN-1999-1263 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1276
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
Reference: URL:http://www.debian.org/security/1998/19981207
Reference: XF:fte-console-privileges(1609)
Reference: URL:http://xforce.iss.net/static/1609.php

fte-console in the fte package before 0.46b-4.1 does not drop root
privileges, which allows local users to gain root access via the
virtual console device.

INFERRED ACTION: CAN-1999-1276 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1279
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q138001
Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp
Reference: XF:snaserver-shared-folders(1548)
Reference: URL:http://xforce.iss.net/static/1548.php

An interaction between the AS/400 shared folders feature and Microsoft
SNA Server 3.0 and earlier allows users to view each other's folders
when the users share the same Local APPC LU.

INFERRED ACTION: CAN-1999-1279 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1284
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Reference: URL:http://www.securityfocus.com/archive/1/11131
Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91063407332594&w=2
Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt
Reference: XF:nukenabber-timeout-dos(1540)
Reference: URL:http://xforce.iss.net/static/1540.php

NukeNabber allows remote attackers to cause a denial of service by
connecting to the NukeNabber port (1080) without sending any data,
which causes the CPU usage to rise to 100% from the report.exe program
that is executed upon the connection.


Modifications:
  ADDREF MISC:http://www.dynamsol.com/puppet/text/new.txt
  ADDREF BUGTRAQ:19981107 Re: various *lame* DoS attacks

INFERRED ACTION: CAN-1999-1284 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Frech
   NOOP(1) Foat


======================================================
Candidate: CAN-1999-1288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1288
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Reference: URL:http://www.securityfocus.com/archive/1/11397
Reference: CALDERA:SA-1998.35
Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt
Reference: XF:samba-wsmbconf(1406)
Reference: URL:http://xforce.iss.net/static/1406.php

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf,
which is installed with incorrect permissions including the setgid
bit, which allows local users to read and write files and possibly
gain privileges via bugs in the program.

INFERRED ACTION: CAN-1999-1288 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1290
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
Reference: URL:http://xforce.iss.net/static/1397.php

Buffer overflow in nftp FTP client version 1.40 allows remote
malicious FTP servers to cause a denial of service, and possibly
execute arbitrary commands, via a long response string.

INFERRED ACTION: CAN-1999-1290 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1294
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q146604
Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp
Reference: XF:nt-filemgr(562)
Reference: URL:http://xforce.iss.net/static/562.php

Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore
permissions, which are inherited by programs such as File Manager that
are started from the Shortcut Bar, which could allow local users to
read folders for which they do not have permission.


Modifications:
  ADDREF XF:nt-filemgr(562)

INFERRED ACTION: CAN-1999-1294 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Stracener
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF;nt-filemgr(562)


======================================================
Candidate: CAN-1999-1297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1297
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUNBUG:1077164
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20
Reference: XF:sun-cmdtool-echo(7482)
Reference: URL:http://xforce.iss.net/static/7482.php

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier
allows attackers with physical access to the system to display
unechoed characters (such as those from password prompts) via the
L2/AGAIN key.


Modifications:
  ADDREF XF:sun-cmdtool-echo(7482)

INFERRED ACTION: CAN-1999-1297 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:sun-cmdtool-echo(7482)


======================================================
Candidate: CAN-1999-1298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1298
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: FREEBSD:FreeBSD-SA-97:03
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
Reference: XF:freebsd-sysinstall-ftp-password(7537)
Reference: URL:http://www.iss.net/security_center/static/7537.php

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous
FTP, creates the ftp user without a password and with /bin/date as the
shell, which could allow attackers to gain access to certain system
resources.


Modifications:
  ADDREF XF:freebsd-sysinstall-ftp-password(7537)

INFERRED ACTION: CAN-1999-1298 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:freebsd-sysinstall-ftp-password(7537)


======================================================
Candidate: CAN-1999-1301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1301
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:G-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc
Reference: XF:rzsz-command-execution(7540)
Reference: URL:http://www.iss.net/security_center/static/7540.php

A design flaw in the Z-Modem protocol allows the remote sender of a
file to execute arbitrary programs on the client, as implemented in rz
in the rzsz module of FreeBSD before 2.1.5, and possibly other
programs.


Modifications:
  ADDREF XF:rzsz-command-execution(7540)

INFERRED ACTION: CAN-1999-1301 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:rzsz-command-execution(7540)


======================================================
Candidate: CAN-1999-1309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1309
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here)
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html
Reference: BUGTRAQ:19940315 so...
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html
Reference: BUGTRAQ:19940315 anyone know details?
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html
Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html
Reference: BUGTRAQ:19940327 sendmail exploit script - resend
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html
Reference: CERT:CA-1994-12
Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities
Reference: XF:sendmail-debug-gain-root(7155)
Reference: URL:http://xforce.iss.net/static/7155.php

Sendmail before 8.6.7 allows local users to gain root access via a
large value in the debug (-d) command line option.


Modifications:
  ADDREF XF:sendmail-debug-gain-root(7155)
  DESC [add period]

INFERRED ACTION: CAN-1999-1309 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sendmail-debug-gain-root(7155)
   Description needs a period at the end of the sentence. :-)


======================================================
Candidate: CAN-1999-1316
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1316
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q247975
Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp
Reference: XF:passfilt-fullname(7391)
Reference: URL:http://xforce.iss.net/static/7391.php

Passfilt.dll in Windows NT SP2 allows users to create a password that
contains the user's name, which could make it easier for an attacker
to guess.


Modifications:
  ADDREF XF:passfilt-fullname(7391)

INFERRED ACTION: CAN-1999-1316 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:passfilt-fullname(7391)


======================================================
Candidate: CAN-1999-1317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1317
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92127046701349&w=2
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92162979530341&w=2
Reference: MSKB:Q222159
Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp
Reference: XF:nt-symlink-case(7398)
Reference: URL:http://xforce.iss.net/static/7398.php

Windows NT 4.0 SP4 and earlier allows local users to gain privileges
by modifying the symbolic link table in the \?? object folder using a
different case letter (upper or lower) to point to a different device.


Modifications:
  ADDREF XF:nt-symlink-case(7398)

INFERRED ACTION: CAN-1999-1317 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-symlink-case(7398)


======================================================
Candidate: CAN-1999-1318
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1318
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUNBUG:1121935
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20
Reference: XF:sun-su-path(7480)
Reference: URL:http://www.iss.net/security_center/static/7480.php

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that
includes the current working directory (.), which allows local users
to gain privileges via Trojan horse programs.


Modifications:
  ADDREF XF:sun-su-path(7480)

INFERRED ACTION: CAN-1999-1318 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:sun-su-path(7480)


======================================================
Candidate: CAN-1999-1320
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1320
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:D-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml
Reference: XF:netware-packet-spoofing-privileges(7213)
Reference: URL:http://www.iss.net/security_center/static/7213.php

Vulnerability in Novell NetWare 3.x and earlier allows local users to
gain privileges via packet spoofing.


Modifications:
  ADDREF XF:netware-packet-spoofing-privileges(7213)

INFERRED ACTION: CAN-1999-1320 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF;netware-packet-spoofing-privileges(7213)


======================================================
Candidate: CAN-1999-1321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1321
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814

Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could
allow remote attackers to cause a denial of service or execute
arbitrary commands via a long DNS hostname that is not properly
handled during TGT ticket passing.

INFERRED ACTION: CAN-1999-1321 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1324
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CIAC:D-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
Reference: XF:openvms-sysgen-enabled(7225)
Reference: URL:http://xforce.iss.net/static/7225.php

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or
MOTIF do not properly disable access to user accounts that exceed the
break-in limit threshold for failed login attempts, which makes it
easier for attackers to conduct brute force password guessing.


Modifications:
  ADDREF XF:openvms-sysgen-enabled(7225)

INFERRED ACTION: CAN-1999-1324 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:openvms-sysgen-enabled(7225)


======================================================
Candidate: CAN-1999-1325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1325
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:C-19
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml
Reference: XF:vaxvms-sas-gain-privileges(7261)
Reference: URL:http://xforce.iss.net/static/7261.php

SAS System 5.18 on VAX/VMS is installed with insecure permissions for
its directories and startup file, which allows local users to gain
privileges.


Modifications:
  ADDREF XF:vaxvms-sas-gain-privileges(7261)

INFERRED ACTION: CAN-1999-1325 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Armstrong

Voter Comments:
 Frech> XF:vaxvms-sas-gain-privileges(7261)


======================================================
Candidate: CAN-1999-1326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1326
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2
Reference: BUGTRAQ:19970105 BoS:  serious security bug in wu-ftpd v2.4 -- PATCH
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2
Reference: XF:wuftpd-abor-gain-privileges(7169)
Reference: URL:http://xforce.iss.net/static/7169.php

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR
(abort file transfer) command is executed during a file transfer,
which causes a signal to be handled incorrectly and allows local and
possibly remote attackers to read arbitrary files.


Modifications:
  ADDREF XF:wuftpd-abor-gain-privileges(7169)

INFERRED ACTION: CAN-1999-1326 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:wuftpd-abor-gain-privileges(7169)


======================================================
Candidate: CAN-1999-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1327
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-lang-bo(7239)
Reference: URL:http://www.iss.net/security_center/static/7239.php

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows
local users to gain root privileges via a long LANG environmental
variable.


Modifications:
  ADDREF XF:linuxconf-lang-bo(7239)

INFERRED ACTION: CAN-1999-1327 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linuxconf-lang-bo(7239)


======================================================
Candidate: CAN-1999-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1328
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: XF:linuxconf-symlink-gain-privileges(7232)
Reference: URL:http://www.iss.net/security_center/static/7232.php

linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users
to overwrite arbitrary files and gain root access via a symlink
attack.


Modifications:
  ADDREF XF:linuxconf-symlink-gain-privileges(7232)

INFERRED ACTION: CAN-1999-1328 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linuxconf-symlink-gain-privileges(7232)


======================================================
Candidate: CAN-1999-1329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1329
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit
Reference: XF:sysvinit-root-bo(7250)
Reference: URL:http://www.iss.net/security_center/static/7250.php

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows
local users to gain privileges.


Modifications:
  ADDREF XF:sysvinit-root-bo(7250)

INFERRED ACTION: CAN-1999-1329 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sysvinit-root-bo(7250)


======================================================
Candidate: CAN-1999-1330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1330
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category:
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db
Reference: XF:linux-libdb-snprintf-bo(7244)
Reference: URL:http://www.iss.net/security_center/static/7244.php

The snprintf function in the db library 1.85.4 ignores the size
parameter, which could allow attackers to exploit buffer overflows
that would be prevented by a properly implemented snprintf.


Modifications:
  ADDREF XF:linux-libdb-snprintf-bo(7244)
  CHANGEREF CONFIRM make Red Hat confirm more specific

INFERRED ACTION: CAN-1999-1330 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-libdb-snprintf-bo(7244)
   Red Hat confirm is more accurately
   http://www.redhat.com/support/errata/rh42-errata-general.html#db


======================================================
Candidate: CAN-1999-1331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1331
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg
Reference: XF:netcfg-ethernet-dos(7245)
Reference: URL:http://www.iss.net/security_center/static/7245.php

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be
controlled by users on reboot when an option is set, which allows
local users to cause a denial of service by shutting down the
interface.


Modifications:
  ADDREF XF:netcfg-ethernet-dos(7245)

INFERRED ACTION: CAN-1999-1331 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:netcfg-ethernet-dos(7245)


======================================================
Candidate: CAN-1999-1332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1332
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980128 GZEXE - the big problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip
Reference: XF:gzip-gzexe-tmp-symlink(7241)
Reference: URL:http://www.iss.net/security_center/static/7241.php

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows
local users to overwrite files of other users via a symlink attack on
a temporary file.


Modifications:
  ADDREF XF:gzip-gzexe-tmp-symlink(7241)

INFERRED ACTION: CAN-1999-1332 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:gzip-gzexe-tmp-symlink(7241)


======================================================
Candidate: CAN-1999-1333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1333
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp
Reference: XF:ncftp-autodownload-command-execution(7240)
Reference: URL:http://www.iss.net/security_center/static/7240.php

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux
5.0 and earlier allows remote attackers to execute arbitrary commands
via shell metacharacters in the names of files that are to be
downloaded.


Modifications:
  ADDREF XF:ncftp-autodownload-command-execution(7240)

INFERRED ACTION: CAN-1999-1333 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ncftp-autodownload-command-execution(7240)


======================================================
Candidate: CAN-1999-1335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1335
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp
Reference: XF:cmusnmp-read-write(7251)
Reference: URL:http://xforce.iss.net/static/7251.php

snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux
4.0 is configured to allow remote attackers to read and write
sensitive information.


Modifications:
  ADDREF XF:cmusnmp-read-write(7251)

INFERRED ACTION: CAN-1999-1335 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cmusnmp-read-write(7251)


======================================================
Candidate: CAN-1999-1336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1336
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2

3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows
remote attackers to cause a denial of service (reboot) via a flood of
IAC packets to the telnet port.

INFERRED ACTION: CAN-1999-1336 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1339
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
Reference: XF:ipchains-ping-route-dos(7257)
Reference: URL:http://www.iss.net/security_center/static/7257.php

Vulnerability when Network Address Translation (NAT) is enabled in
Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw,
allows remote attackers to cause a denial of service (kernel panic)
via a ping -R (record route) command.


Modifications:
  ADDREF XF:ipchains-ping-route-dos(7257)

INFERRED ACTION: CAN-1999-1339 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ipchains-ping-route-dos(7257)


======================================================
Candidate: CAN-1999-1341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1341
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991022 Local user can send forged packets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options,
allows local unprivileged users to forge IP packets via the TIOCSETD
option on tty devices.

INFERRED ACTION: CAN-1999-1341 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1351
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990924 Kvirc bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2
Reference: XF:kvirc-dot-directory-traversal(7761)
Reference: URL:http://www.iss.net/security_center/static/7761.php

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the
"Listen to !nick <soundname> requests" option enabled allows remote
attackers to read arbitrary files via a .. (dot dot) in a DCC GET
request.


Modifications:
  ADDREF XF:kvirc-dot-directory-traversal(7761)

INFERRED ACTION: CAN-1999-1351 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:kvirc-dot-directory-traversal(7761)


======================================================
Candidate: CAN-1999-1356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1356
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2
Reference: XF:compaq-smartstart-legal-notice(7763)
Reference: URL:http://www.iss.net/security_center/static/7763.php

Compaq Integration Maintenance Utility as used in Compaq Insight
Manager agent before SmartStart 4.50 modifies the legal notice caption
(LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which
could produce a legal notice that is in violation of the security
policy.


Modifications:
  ADDREF XF:compaq-smartstart-legal-notice(7763)

INFERRED ACTION: CAN-1999-1356 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:compaq-smartstart-legal-notice(7763)


======================================================
Candidate: CAN-1999-1358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1358
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q157673
Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp
Reference: XF:nt-user-policy-update(7400)
Reference: URL:http://www.iss.net/security_center/static/7400.php

When an administrator in Windows NT or Windows 2000 changes a user
policy, the policy is not properly updated if the local ntconfig.pol
is not writable by the user, which could allow local users to bypass
restrictions that would otherwise be enforced by the policy, possibly
by changing the policy file to be read-only.


Modifications:
  ADDREF XF:nt-user-policy-update(7400)

INFERRED ACTION: CAN-1999-1358 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-user-policy-update(7400)


======================================================
Candidate: CAN-1999-1359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1359
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q163875
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp
Reference: XF:nt-group-policy-longname(7401)
Reference: URL:http://www.iss.net/security_center/static/7401.php

When the Ntconfig.pol file is used on a server whose name is longer
than 13 characters, Windows NT does not properly enforce policies for
global groups, which could allow users to bypass restrictions that
were intended by those policies.


Modifications:
  ADDREF XF:nt-group-policy-longname(7401)

INFERRED ACTION: CAN-1999-1359 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-group-policy-longname(7401)


======================================================
Candidate: CAN-1999-1360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1360
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q160650
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp
Reference: XF:nt-kernel-handle-dos(7402)
Reference: URL:http://www.iss.net/security_center/static/7402.php

Windows NT 4.0 allows local users to cause a denial of service via a
user mode application that closes a handle that was opened in kernel
mode, which causes a crash when the kernel attempts to close the
handle.


Modifications:
  ADDREF XF:nt-kernel-handle-dos(7402)

INFERRED ACTION: CAN-1999-1360 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-kernel-handle-dos(7402)


======================================================
Candidate: CAN-1999-1363
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1363
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q163143
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp
Reference: XF:nt-nonpagedpool-dos(7405)
Reference: URL:http://www.iss.net/security_center/static/7405.php

Windows NT 3.51 and 4.0 allow local users to cause a denial of service
(crash) by running a program that creates a large number of locks on a
file, which exhausts the NonPagedPool.


Modifications:
  ADDREF XF:nt-nonpagedpool-dos(7405)

INFERRED ACTION: CAN-1999-1363 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Stracener
   MODIFY(1) Frech
   NOOP(1) Cole

Voter Comments:
 Frech> XF:nt-nonpagedpool-dos(7405)


======================================================
Candidate: CAN-1999-1379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1379
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2
Reference: AUSCERT:AL-1999.004
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
Reference: CIAC:J-063
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml
Reference: XF:dns-udp-query-dos(7238)
Reference: URL:http://www.iss.net/security_center/static/7238.php

DNS allows remote attackers to use DNS name servers as traffic
amplifiers via a UDP DNS query with a spoofed source address, which
produces more traffic to the victim than was sent by the attacker.


Modifications:
  ADDREF XF:dns-udp-query-dos(7238)

INFERRED ACTION: CAN-1999-1379 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:dns-udp-query-dos(7238)


======================================================
Candidate: CAN-1999-1380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1380
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html
Reference: XF:nu-tuneocx-activex-control(7188)
Reference: URL:http://www.iss.net/security_center/static/7188.php

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX
ActiveX control as safe for scripting, which allows remote attackers
to execute arbitrary commands via the run option through malicious web
pages that are accessed by browsers such as Internet Explorer 3.0.


Modifications:
  ADDREF XF:nu-tuneocx-activex-control(7188)

INFERRED ACTION: CAN-1999-1380 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:nu-tuneocx-activex-control(7188)


======================================================
Candidate: CAN-1999-1382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1382
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980108 NetWare NFS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551
Reference: XF:netware-nfs-file-ownership(7246)
Reference: URL:http://www.iss.net/security_center/static/7246.php

NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by
changing the ownership of a file to root, which allows local users to
gain root privileges by creating a setuid program and setting it to
"Read Only," which NetWare-NFS changes to a setuid root program.


Modifications:
  ADDREF XF:netware-nfs-file-ownership(7246)

INFERRED ACTION: CAN-1999-1382 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:netware-nfs-file-ownership(7246)
   In description, UNIX should probably be Unix, unless you're
   referring specifically to AT&T System V UNIX (see
   http://www.unix-systems.org/trademark.html)


======================================================
Candidate: CAN-1999-1384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1384
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2
Reference: AUSCERT:AA-96.08
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Reference: SGI:19961101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I
Reference: BID:470
Reference: URL:http://www.securityfocus.com/bid/470
Reference: XF:irix-systour(7456)
Reference: URL:http://www.iss.net/security_center/static/7456.php

Indigo Magic System Tour in the SGI system tour package (systour) for
IRIX 5.x through 6.3 allows local users to gain root privileges via a
Trojan horse .exitops program, which is called by the inst command
that is executed by the RemoveSystemTour program.


Modifications:
  ADDREF XF:irix-systour(7456)

INFERRED ACTION: CAN-1999-1384 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:irix-systour(7456)


======================================================
Candidate: CAN-1999-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1385
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc
Reference: XF:ppp-bo(7465)
Reference: URL:http://www.iss.net/security_center/static/7465.php

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local
users to gain privileges via a long HOME environment variable.


Modifications:
  ADDREF XF:ppp-bo(7465)

INFERRED ACTION: CAN-1999-1385 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ppp-bo(7465)


======================================================
Candidate: CAN-1999-1386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1386
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl
Reference: XF:perl-e-tmp-symlink(7243)
Reference: URL:http://www.iss.net/security_center/static/7243.php

Perl 5.004_04 and earlier follows symbolic links when running with the
-e option, which allows local users to overwrite arbitrary files via a
symlink attack on the /tmp/perl-eaXXXXX file.


Modifications:
  ADDREF XF:perl-e-tmp-symlink(7243)

INFERRED ACTION: CAN-1999-1386 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Armstrong

Voter Comments:
 Frech> XF:perl-e-tmp-symlink(7243)


======================================================
Candidate: CAN-1999-1402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1402
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2
Reference: BID:456
Reference: URL:http://www.securityfocus.com/bid/456
Reference: XF:sun-domain-socket-permissions(7172)
Reference: URL:http://www.iss.net/security_center/static/7172.php

The access permissions for a UNIX domain socket are ignored in Solaris
2.x and SunOS 4.x, and other BSD-based operating systems before 4.4,
which could allow local users to connect to the socket and possibly
disrupt or control the operations of the program using that socket.


Modifications:
  ADDREF XF:sun-domain-socket-permissions(7172)

INFERRED ACTION: CAN-1999-1402 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:sun-domain-socket-permissions(7172)


======================================================
Candidate: CAN-1999-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1407
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88950856416985&w=2
Reference: BID:368
Reference: URL:http://www.securityfocus.com/bid/368
Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
Reference: URL:http://www.iss.net/security_center/static/7294.php
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts

ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows
local users to append text to arbitrary files via a symlink attack on
the dhcplog file.


Modifications:
  XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
  ADDREF CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts

INFERRED ACTION: CAN-1999-1407 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
   http://www.securityfocus.com/archive/1/8731
   http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts


======================================================
Candidate: CAN-1999-1409
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1409
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980703 more about 'at'
Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2
Reference: NETBSD:NetBSD-SA1998-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Reference: BID:331
Reference: URL:http://www.securityfocus.com/bid/331
Reference: XF:at-f-read-files(7577)
Reference: URL:http://www.iss.net/security_center/static/7577.php

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local
users to read portions of arbitrary files by submitting the file to at
with the -f argument, which generates error messages that at sends to
the user via e-mail.


Modifications:
  ADDREF XF:at-f-read-files(7577)

INFERRED ACTION: CAN-1999-1409 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:at-f-read-files(7577)


======================================================
Candidate: CAN-1999-1411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1411
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2
Reference: BID:316
Reference: URL:http://www.securityfocus.com/bid/316
Reference: XF:fsp-anon-ftp-access(7574)
Reference: URL:http://www.iss.net/security_center/static/7574.php

The installation of the fsp package 2.71-10 in Debian Linux 2.0 adds
the anonymous FTP user without notifying the administrator, which
could automatically enable anounymous FTP on some servers such as
wu-ftp.


Modifications:
  ADDREF XF:fsp-anon-ftp-access(7574)

INFERRED ACTION: CAN-1999-1411 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:fsp-anon-ftp-access(7574)
   DEBIAN URL slightly wrong:
   http://lists.debian.org/debian-security-announce/debian-security-annou
   nce-1998/msg00033.html


======================================================
Candidate: CAN-1999-1414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1414
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2
Reference: BID:284
Reference: URL:http://www.securityfocus.com/bid/284

IBM Netfinity Remote Control allows local users to gain administrator
privileges by starting programs from the process manager, which runs
with system level privileges.

INFERRED ACTION: CAN-1999-1414 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1419
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1419
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: SUN:00148
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148
Reference: BID:219
Reference: URL:http://www.securityfocus.com/bid/219
Reference: XF:sun-nisplus-bo(7535)
Reference: URL:http://www.iss.net/security_center/static/7535.php

Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and
2.4 allows local users to gain root privileges.


Modifications:
  ADDREF XF:sun-nisplus-bo(7535)

INFERRED ACTION: CAN-1999-1419 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:sun-nisplus-bo(7535)
 Dik> sun bug: 1223320


======================================================
Candidate: CAN-1999-1423
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1423
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2
Reference: SUN:00146
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146
Reference: BID:209
Reference: URL:http://www.securityfocus.com/bid/209
Reference: XF:ping-multicast-loopback-dos(7492)
Reference: URL:http://www.iss.net/security_center/static/7492.php

ping in Solaris 2.3 through 2.6 allows local users to cause a denial
of service (crash) via a ping request to a multicast address through
the loopback interface, e.g. via ping -i.


Modifications:
  ADDREF XF:ping-multicast-loopback-dos(7492)

INFERRED ACTION: CAN-1999-1423 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ping-multicast-loopback-dos(7492)
 Dik> sun bug: 1226919


======================================================
Candidate: CAN-1999-1432
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1432
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2
Reference: BID:160
Reference: URL:http://www.securityfocus.com/bid/160
Reference: SUNBUG:4024179

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not
start the xlock process until after the sys-suspend has completed,
which allows an attacker with physical access to input characters to
the last active application from the keyboard for a short period after
the system is restoring, which could lead to increased privileges.


Modifications:
  ADDREF SUNBUG:4024179

INFERRED ACTION: CAN-1999-1432 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Dik
   NOOP(1) Wall

Voter Comments:
 Dik> sun bug: 4024179


======================================================
Candidate: CAN-1999-1433
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1433
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980715 JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2
Reference: BID:157
Reference: URL:http://www.securityfocus.com/bid/157

HP JetAdmin D.01.09 on Solaris allows local users to change the
permissions of arbitrary files via a symlink attack on the
/tmp/jetadmin.log file.

INFERRED ACTION: CAN-1999-1433 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1437
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2
Reference: BID:151
Reference: URL:http://www.securityfocus.com/bid/151

ePerl 2.2.12 allows remote attackers to read arbitrary files and
possibly execute certain commands by specifying a full pathname of the
target file as an argument to bar.phtml.

INFERRED ACTION: CAN-1999-1437 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1452
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1452
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91764169410814&w=2
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91822011021558&w=2
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91788829326419&w=2
Reference: MSKB:Q214802
Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp
Reference: BID:198
Reference: URL:http://www.securityfocus.com/bid/198
Reference: XF:nt-gina-clipboard(1975)
Reference: URL:http://xforce.iss.net/static/1975.php

GINA in Windows NT 4.0 allows attackers with physical access to
display a portion of the clipboard of the user who has locked the
workstation by pasting (CTRL-V) the contents into the username prompt.

INFERRED ACTION: CAN-1999-1452 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1455
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q158320
Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp
Reference: XF:nt-rshsvc-ale-bypass(7422)
Reference: URL:http://xforce.iss.net/static/7422.php

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not
properly restrict access as specified in the .Rhosts file when a user
comes from an authorized host, which could allow unauthorized users to
access the service by logging in from an authorized host.


Modifications:
  ADDREF XF:nt-rshsvc-ale-bypass(7422)

INFERRED ACTION: CAN-1999-1455 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:nt-rshsvc-ale-bypass(7422)


======================================================
Candidate: CAN-1999-1456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1456
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/10368
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
Reference: URL:http://xforce.iss.net/static/1809.php

thttpd HTTP server 2.03 and earlier allows remote attackers to read
arbitrary files via a GET request with more than one leading / (slash)
character in the filename.

INFERRED ACTION: CAN-1999-1456 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1472
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1472
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87710897923098&w=2
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MSKB:Q176794
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:http-ie-spy(587)
Reference: URL:http://xforce.iss.net/static/587.php

Internet Explorer 4.0 allows remote attackers to read arbitrary text
and HTML files on the user's machine via a small IFRAME that uses
Dynamic HTML (DHTML) to send the data to the attacker, aka the
Freiburg text-viewing issue.

INFERRED ACTION: CAN-1999-1472 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1473
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1473
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:ie-page-redirect(7426)
Reference: URL:http://www.iss.net/security_center/static/7426.php

When a Web site redirects the browser to another site, Internet
Explorer 3.02 and 4.0 automatically resends authentication information
to the second site, aka the "Page Redirect Issue."


Modifications:
  ADDREF XF:ie-page-redirect(7426)

INFERRED ACTION: CAN-1999-1473 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Foat, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-page-redirect(7426)


======================================================
Candidate: CAN-1999-1476
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1476
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category:
Reference: MSKB:Q163852
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp
Reference: XF:pentium-crash(704)
Reference: URL:http://xforce.iss.net/static/704.php

A bug in Intel Pentium processor (MMX and Overdrive) allows local
users to cause a denial of service (hang) in Intel-based operating
systems such as Windows NT and Windows 95, via an invalid instruction,
aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.

INFERRED ACTION: CAN-1999-1476 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Foat, Cole, Frech


======================================================
Candidate: CAN-1999-1478
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1478
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2
Reference: BID:522
Reference: URL:http://www.securityfocus.com/bid/522
Reference: XF:sun-hotspot-vm(2348)
Reference: URL:http://xforce.iss.net/static/2348.php

The Sun HotSpot Performance Engine VM allows a remote attacker to
cause a denial of service on any server running HotSpot via a URL that
includes the [ character.

INFERRED ACTION: CAN-1999-1478 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1481
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1481
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: BID:741
Reference: URL:http://www.securityfocus.com/bid/741
Reference: XF:squid-proxy-auth-access(3433)
Reference: URL:http://xforce.iss.net/static/3433.php

Squid 2.2.STABLE5 and below, when using external authentication,
allows attackers to bypass access controls via a newline in the
user/password pair.

INFERRED ACTION: CAN-1999-1481 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1488
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1488
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CIAC:I-079A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml
Reference: BID:371
Reference: URL:http://www.securityfocus.com/bid/371
Reference: XF:ibm-sdr-read-files(7217)
Reference: URL:http://www.iss.net/security_center/static/7217.php

sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote
attackers to read files without authentication.


Modifications:
  ADDREF XF:ibm-sdr-read-files(7217)

INFERRED ACTION: CAN-1999-1488 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ibm-sdr-read-files(7217)
 Frech> XF:ibm-sdr-read-files(7217)


======================================================
Candidate: CAN-1999-1494
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1494
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/675
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html
Reference: SGI:19950209-00-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P
Reference: XF:sgi-colorview(2112)
Reference: URL:http://xforce.iss.net/static/2112.php
Reference: BID:336
Reference: URL:http://www.securityfocus.com/bid/336

colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local
attackers to read arbitrary files via the -text argument.

INFERRED ACTION: CAN-1999-1494 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Frech, Stracener


======================================================
Candidate: CAN-1999-1507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1507
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: CF
Reference: CERT:CA-1993-03
Reference: URL:http://www.cert.org/advisories/CA-1993-03.html
Reference: BID:59
Reference: URL:http://www.securityfocus.com/bid/59
Reference: XF:sun-dir(521)
Reference: URL:http://xforce.iss.net/static/521.php

Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access
via insecure permissions on files and directories such as crash.


Modifications:
  ADDREF XF:sun-dir(521)

INFERRED ACTION: CAN-1999-1507 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Dik, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:sun-dir(521)
 Dik> From memory.


======================================================
Candidate: CAN-1999-1512
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1512
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: BID:527
Reference: URL:http://www.securityfocus.com/bid/527
Reference: XF:amavis-command-execute(2349)
Reference: URL:http://xforce.iss.net/static/2349.php

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote
attackers to execute arbitrary commands as root via an infected mail
message with shell metacharacters in the reply-to field.

INFERRED ACTION: CAN-1999-1512 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Armstrong, Frech, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1530
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2
Reference: BID:777
Reference: URL:http://www.securityfocus.com/bid/777
Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764)
Reference: URL:http://www.iss.net/security_center/static/7764.php

cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly
identify the user for running certain scripts, which allows a
malicious site administrator to view or modify data located at another
virtual site on the same system.


Modifications:
  ADDREF XF:cobalt-cgiwrap-incorrect-permissions(7764)

INFERRED ACTION: CAN-1999-1530 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cobalt-cgiwrap-incorrect-permissions(7764)


======================================================
Candidate: CAN-1999-1531
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1531
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2
Reference: BID:763
Reference: URL:http://www.securityfocus.com/bid/763
Reference: XF:ibm-homepageprint-bo(7767)
Reference: URL:http://www.iss.net/security_center/static/7767.php

Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a
malicious Web site to execute arbitrary code on a viewer's system via
a long IMG_SRC HTML tag.


Modifications:
  ADDREF XF:ibm-homepageprint-bo(7767)

INFERRED ACTION: CAN-1999-1531 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:ibm-homepageprint-bo(7767)


======================================================
Candidate: CAN-1999-1535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1535
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2
Reference: BID:592
Reference: URL:http://www.securityfocus.com/bid/592
Reference: XF:http-aspupload-bo(3291)
Reference: URL:http://xforce.iss.net/static/3291.php

Buffer overflow in AspUpload.dll in Persits Software AspUpload before
1.4.0.2 allows remote attackers to cause a denial of service, and
possibly execute arbitrary commands, via a long argument in the HTTP
request.

INFERRED ACTION: CAN-1999-1535 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1542
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2
Reference: XF:linux-rh-rpmmail(3353)
Reference: URL:http://xforce.iss.net/static/3353.php

RPMMail before 1.4 allows remote attackers to execute commands via an
e-mail message with shell metacharacters in the "MAIL FROM" command.

INFERRED ACTION: CAN-1999-1542 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-1999-1550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1550
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2
Reference: BUGTRAQ:19991109
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2
Reference: BID:778
Reference: URL:http://www.securityfocus.com/bid/778
Reference: XF:bigip-bigconf-view-files(7771)
Reference: URL:http://www.iss.net/security_center/static/7771.php

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to
read arbitrary files by specifying the target file in the "file"
parameter.


Modifications:
  ADDREF XF:bigip-bigconf-view-files(7771)

INFERRED ACTION: CAN-1999-1550 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bigip-bigconf-view-files(7771)


======================================================
Candidate: CAN-1999-1565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1565
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
Reference: URL:http://www.securityfocus.com/archive/1/24784

Man2html 2.1 and earlier allows local users to overwrite arbitrary
files via a symlink attack on a temporary file.

INFERRED ACTION: CAN-1999-1565 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   NOOP(1) Wall


======================================================
Candidate: CAN-2000-0006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0006
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991225 strace can lie
Reference: URL:http://online.securityfocus.com/archive/1/39831
Reference: XF:linux-strace(4554)
Reference: URL:http://xforce.iss.net/static/4554.php

strace allows local users to read arbitrary files via memory mapped
file names.


Modifications:
  ADDREF XF:linux-strace(4554)

INFERRED ACTION: CAN-2000-0006 ACCEPT_REV (7 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(5) Collins, Ozancin, Stracener, Blake, Cole
   MODIFY(2) Baker, Frech
   NOOP(2) Wall, Armstrong
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:linux-strace
 Baker> Vulnerability Reference (HTML)
   http://www.securityfocus.com/archive/1/39831	Misc Defensive Info
   http://xforce.iss.net/static/4554.php	Misc Defensive Info


======================================================
Candidate: CAN-2000-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0007
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-02
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: URL:http://xforce.iss.net/static/4491.php
Reference: BID:1740
Reference: URL:http://www.securityfocus.com/bid/1740

Trend Micro PC-Cillin does not restrict access to its internal proxy
port, allowing remote attackers to conduct a denial of service.


Modifications:
  ADDREF XF:pccillin-proxy-remote-dos
  CHANGEREF XF [normalize]
  DESC fix typo
  ADDREF BID:1740

INFERRED ACTION: CAN-2000-0007 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Stracener, Baker, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:pccillin-proxy-remote-dos
 Christey> Fix typo: "to its to its"
 Christey> ADDREF BID:1740
   ADDREF URL:http://www.securityfocus.com/bid/1740


======================================================
Candidate: CAN-2000-0027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0027
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/39962
Reference: BID:900
Reference: URL:http://www.securityfocus.com/bid/900
Reference: XF:ibm-netstat-race-condition(5381)
Reference: URL:http://www.iss.net/security_center/static/5381.php

IBM Network Station Manager NetStation allows local users to gain
privileges via a symlink attack.


Modifications:
  ADDREF XF:ibm-netstat-race-condition(5381)

INFERRED ACTION: CAN-2000-0027 ACCEPT (8 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(7) Ozancin, Stracener, Levy, Blake, Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Wall, Bollinger

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:ibm-netstat-race-condition(5381)


======================================================
Candidate: CAN-2000-0180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0180
Final-Decision:
Interim-Decision: 20020301
Modified: 20020218-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html
Reference: BID:1052
Reference: URL:http://www.securityfocus.com/bid/1052
Reference: XF:sojourn-file-read(4197)
Reference: URL:http://xforce.iss.net/static/4197.php

Sojourn search engine allows remote attackers to read arbitrary files
via a .. (dot dot) attack.


Modifications:
  ADDREF XF:sojourn-file-read(4197)

INFERRED ACTION: CAN-2000-0180 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Wall, Baker
   MODIFY(1) Frech
   NOOP(4) Ozancin, Blake, LeBlanc, Cole

Voter Comments:
 Frech> XF:sojourn-file-read
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0290
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-02
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html
Reference: XF:macos-webstar-get-bo(4792)
Reference: URL:http://xforce.iss.net/static/4792.php
Reference: BID:1822
Reference: URL:http://www.securityfocus.com/bid/1822

Buffer overflow in Webstar HTTP server allows remote attackers to
cause a denial of service via a long GET request.


Modifications:
  ADDREF XF:macos-webstar-get-bo
  CHANGEREF XF [normalize]
  ADDREF BID:1822

INFERRED ACTION: CAN-2000-0290 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Cole, Ozancin, Blake
   MODIFY(1) Frech
   NOOP(4) Armstrong, Christey, Wall, Baker
   REVIEWING(1) Levy

Voter Comments:
 Frech> XF:macos-webstar-get-bo
 Baker> Trying to get the XForce entry using the name Andre posted yields no results
   If I search just on get-bo, I get 11 responses, none of them relating
   If I search webstar I got one response, just the 1997 lasso cgi one.

   Here is the URL for the security focus archive of Bugtraq articles:
   http://www.securityfocus.com/archive/1/53369
 Christey> BID:1822
   URL:http://www.securityfocus.com/bid/1822


======================================================
Candidate: CAN-2000-0298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0298
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-02
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html
Reference: XF:win2k-unattended-install(4278)
Reference: URL:http://xforce.iss.net/static/4278.php
Reference: BID:1758
Reference: URL:http://www.securityfocus.com/bid/1758

The unattended installation of Windows 2000 with the OEMPreinstall
option sets insecure permissions for the All Users and Default Users
directories.


Modifications:
  ADDREF XF:win2k-unattended-install
  ADDREF BID:1758
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2000-0298 ACCEPT_REV (7 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(6) Cole, Armstrong, Collins, Blake, Wall, Baker
   MODIFY(1) Frech
   NOOP(1) Christey
   REVIEWING(1) Levy

Voter Comments:
 Christey> ADDREF XF:win2k-unattended-install
 Frech> XF:win2k-unattended-install
 CHANGE> [Cole changed vote from NOOP to ACCEPT]
 Christey> ADDREF BID:1758
   ADDREF URL:http://www.securityfocus.com/bid/1758
 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0324
Final-Decision:
Interim-Decision: 20020301
Modified: 20020220-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150
Reference: XF:pcanywhere-tcpsyn-dos(4347)
Reference: URL:http://www.iss.net/security_center/static/4347.php

pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of
service via a TCP SYN scan, e.g. by nmap.


Modifications:
  ADDREF BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
  ADDREF BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
  ADDREF XF:pcanywhere-tcpsyn-dos(4347)
  DESC make versions more specific.

INFERRED ACTION: CAN-2000-0324 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Levy, Prosser, Wall
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Voter Comments:
 Frech> XF:pcanywhere-tcpsyn-dos
 Christey> Acknowledged by Symantec after a re-discovery:
   BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
   URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
   Also:
   BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
   URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
 Prosser> See BugTraq archive, http://www.securityfocus.com/templates/archive.pike?list=1&msg=OF73737D62.9374F44F-
   This issue corrected in version 9.01 and later
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0457
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193
Reference: XF:iis-ism-file-access(4448)
Reference: URL:http://xforce.iss.net/static/4448.php

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file
contents by requesting the file and appending a large number of
encoded spaces (%20) and terminated with a .htr extension, aka the
".HTR File Fragment Reading" or "File Fragment Reading via .HTR"
vulnerability.


Modifications:
  ADDREF XF:iis-ism-file-access(4448)

INFERRED ACTION: CAN-2000-0457 ACCEPT_REV (5 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) Cole, Stracener, Levy, Prosser
   MODIFY(1) Frech
   REVIEWING(1) Ozancin

Voter Comments:
 Frech> XF:iis-ism-file-access


======================================================
Candidate: CAN-2000-0551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0551
Final-Decision:
Interim-Decision: 20020301
Modified: 20010910-01
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000523 I think
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
Reference: BID:1263
Reference: URL:http://www.securityfocus.com/bid/1263
Reference: XF:danware-netop-bypass-security(4569)
Reference: URL:http://xforce.iss.net/static/4569.php

The file transfer mechanism in Danware NetOp 6.0 does not provide
authentication, which allows remote attackers to access and modify
arbitrary files.


Modifications:
  ADDREF XF:danware-netop-bypass-security(4569)

INFERRED ACTION: CAN-2000-0551 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Ozancin, Levy
   MODIFY(1) Frech
   NOOP(2) Wall, LeBlanc

Voter Comments:
 Frech> XF:danware-netop-bypass-security(4569)


======================================================
Candidate: CAN-2000-0570
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0570
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-02
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html
Reference: XF:firstclass-large-bcc-dos(4843)
Reference: URL:http://xforce.iss.net/static/4843.php
Reference: BID:1421
Reference: URL:http://www.securityfocus.com/bid/1421

FirstClass Internet Services server 5.770, and other versions before
6.1, allows remote attackers to cause a denial of service by sending
an email with a long To: mail header.


Modifications:
  CHANGEREF XF:firstclass-large-bcc-dos(4843)

INFERRED ACTION: CAN-2000-0570 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Levy
   NOOP(4) Wall, Magdych, Christey, LeBlanc

Voter Comments:
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]
 Christey> Inquiry sent to support@centrinity.com on 2/22/2002.
 Christey> Confirmation received on 2/26/2002: "this issue has been fixed
   in the latest updates to the Version 6.1 FirstClass server."


======================================================
Candidate: CAN-2000-0575
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0575
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96256265914116&w=2
Reference: BID:1426
Reference: URL:http://www.securityfocus.com/bid/1426
Reference: XF:ssh-kerberos-tickets-disclosure(4903)
Reference: URL:http://xforce.iss.net/static/4903.php

SSH 1.2.27 with Kerberos authentication support stores Kerberos
tickets in a file which is created in the current directory of the
user who is logging in, which could allow remote attackers to sniff
the ticket cache if the home directory is installed on NFS.


Modifications:
  CHANGEREF BUGTRAQ subject was truncated
  ADDREF XF:ssh-kerberos-tickets-disclosure(4903)

INFERRED ACTION: CAN-2000-0575 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Magdych, LeBlanc

Voter Comments:
 Frech> XF:ssh-kerberos-tickets-disclosure(4903)
   BUGTRAQ title should be "Kerberos security vulnerability in SSH-1.2.27"
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0581
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0581
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com
Reference: XF:win2k-telnetserver-dos
Reference: BID:1414
Reference: URL:http://www.securityfocus.com/bid/1414

Windows 2000 Telnet Server allows remote attackers to cause a denial
of service by sending a continuous stream of binary zeros, which
causes the server to crash.

INFERRED ACTION: CAN-2000-0581 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Cole, Frech, Levy, Magdych, LeBlanc
   NOOP(1) Christey

Voter Comments:
 Magdych> Should this be included with CAN-2000-580?  The description for 580
   could be modified to read "...significantly increases CPU utilization
   and may crash remote services."
 Christey> ADDREF MS:MS00-050
 CHANGE> [Magdych changed vote from REVIEWING to ACCEPT]
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0593
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0593
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp
Reference: XF:winproxy-get-dos(4831)
Reference: URL:http://xforce.iss.net/static/4831.php
Reference: BID:1400
Reference: URL:http://www.securityfocus.com/bid/1400

WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of
service by sending an HTTP GET request without listing an HTTP version
number.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2000-0593 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Cole, Frech, Levy, Magdych
   NOOP(1) LeBlanc

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0600
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0600
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000719
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html
Reference: BID:1393
Reference: URL:http://www.securityfocus.com/bid/1393
Reference: XF:netscape-virtual-directory-bo(4780)
Reference: URL:http://xforce.iss.net/static/4780.php

Netscape Enterprise Server in NetWare 5.1 allows remote attackers to
cause a denial of service or execute arbitrary commands via a
malformed URL.


Modifications:
  DELREF XF:netscape-enterprise-netware-bo
  CHANGEREF XF:netscape-virtual-directory-bo(4780)

INFERRED ACTION: CAN-2000-0600 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Magdych, LeBlanc

Voter Comments:
 Frech> DELREF: XF:netscape-enterprise-netware-bo
 CHANGE> [Magdych changed vote from REVIEWING to NOOP]
 CHANGE> [Wall changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2000-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0615
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20000719
Category: SF
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html
Reference: BID:1447
Reference: URL:http://www.securityfocus.com/bid/1447
Reference: XF:lpd-suid-root(7361)
Reference: URL:http://xforce.iss.net/static/7361.php

LPRng 3.6.x improperly installs lpd as setuid root, which can allow
local users to append lpd trace and logging messages to files.


Modifications:
  ADDREF XF:lpd-suid-root(7361)

INFERRED ACTION: CAN-2000-0615 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Williams

Voter Comments:
 Frech> XF:lpd-suid-root(7361)


======================================================
Candidate: CAN-2000-0619
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0619
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20000719
Category: SF
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html
Reference: BID:1258
Reference: URL:http://www.securityfocus.com/bid/1258
Reference: XF:toplayer-icmp-dos(7364)
Reference: URL:http://xforce.iss.net/static/7364.php

Top Layer AppSwitch 2500 allows remote attackers to cause a denial of
service via malformed ICMP packets.


Modifications:
  ADDREF XF:toplayer-icmp-dos(7364)
  DESC Fix product name

INFERRED ACTION: CAN-2000-0619 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:toplayer-icmp-dos(7364)
   Actually, the correct name for this item is 'Top Layer
   AppSwitch 2500'.


======================================================
Candidate: CAN-2000-0662
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0662
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
Reference: BID:1474
Reference: URL:http://www.securityfocus.com/bid/1474
Reference: XF:ie-dhtmled-file-read(5107)
Reference: URL:http://xforce.iss.net/static/5107.php

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to
read arbitrary files by redirecting the contents of an IFRAME using
the DHTML Edit Control (DHTMLED).


Modifications:
  ADDREF XF:ie-dhtmled-file-read(5107)

INFERRED ACTION: CAN-2000-0662 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Levy, LeBlanc
   MODIFY(1) Frech
   NOOP(2) Cole, Christey

Voter Comments:
 Christey> Confirmed by Scott Culp
 Frech> XF:ie-dhtmled-file-read()
 CHANGE> [LeBlanc changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0699
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0699
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html
Reference: BID:1560
Reference: URL:http://www.securityfocus.com/bid/1560

Format string vulnerability in ftpd in HP-UX 10.20 allows remote
attackers to cause a denial of service or execute arbitrary commands
via format strings in the PASS command.


Modifications:
  DESC Add HP-UX versions, format string vuln. phrase

INFERRED ACTION: CAN-2000-0699 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(2) Wall, Cole


======================================================
Candidate: CAN-2000-0739
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0739
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1537
Reference: URL:http://www.securityfocus.com/bid/1537
Reference: XF:nettools-pki-dir-traverse(5066)
Reference: URL:http://xforce.iss.net/static/5066.php

Directory traversal vulnerability in strong.exe program in NAI Net
Tools PKI server 1.0 before HotFix 3 allows remote attackers to read
arbitrary files via a .. (dot dot) attack in an HTTPS request to the
enrollment server.


Modifications:
  ADDREF XF:nettools-pki-dir-traverse(5066)
  ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
  DESC add "directory traversal vulnerability"
  DESC add version

INFERRED ACTION: CAN-2000-0739 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt
 Christey> XF:nettools-pki-dir-traverse
   http://xforce.iss.net/static/5066.php


======================================================
Candidate: CAN-2000-0740
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0740
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1536
Reference: URL:http://www.securityfocus.com/bid/1536
Reference: XF:nai-nettools-strong-bo(5026)
Reference: URL:http://xforce.iss.net/static/5026.php

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0
before HotFix 3 allows remote attackers to execute arbitrary commands
via a long URL in the HTTPS port.


Modifications:
  ADDREF XF:nai-nettools-strong-bo(5026)
  ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
  DESC add version

INFERRED ACTION: CAN-2000-0740 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt
 Christey> XF:nai-nettools-strong-bo
   http://xforce.iss.net/static/5026.php


======================================================
Candidate: CAN-2000-0741
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0741
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: BID:1538
Reference: URL:http://www.securityfocus.com/bid/1538

Format string vulnerability in strong.exe program in NAI Net Tools PKI
server 1.0 before HotFix 3 allows remote attackers to execute
arbitrary code via format strings in a URL with a .XUDA extension.


Modifications:
  ADDREF CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
  DESC add format string vuln
  DESC add version

INFERRED ACTION: CAN-2000-0741 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> May be acknowledged in http://download.nai.com/products/licensed/pgp/hf3pki10.txt


======================================================
Candidate: CAN-2000-0753
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0753
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000824 Outlook winmail.dat
Reference: URL:http://www.securityfocus.com/archive/1/78240
Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
Reference: URL:http://www.securityfocus.com/archive/1/201422
Reference: BID:1631
Reference: URL:http://www.securityfocus.com/bid/1631
Reference: XF:outlook-reveal-path(5508)
Reference: URL:http://xforce.iss.net/static/5508.php

The Microsoft Outlook mail client identifies the physical path of the
sender's machine within a winmail.dat attachment to Rich Text Format
(RTF) files.


Modifications:
  ADDREF XF:outlook-reveal-path(5508)
  ADDREF BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure

INFERRED ACTION: CAN-2000-0753 ACCEPT_REV (4 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(3) LeBlanc, Baker, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Christey
   REVIEWING(1) Wall

Voter Comments:
 LeBlanc> - if someone could repro this, I'd move to ACCEPT.
   Looks like it might be valid, but I'm not sure
 Frech> XF:outlook-reveal-path(5508)
 Christey> I just reproduced it by examining someone's post to a mailing
   list that I'm subscribed to.  Within the winmail.dat was this:
   C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
   Hrmmm, someone running Outlook as administrator?
   Anyway, I grabbed a different winmail.dat from someone else's
   message, and it's
   D:\Documents and Settings\[**USER NAME DELETED**]\Local Settings\Application Data\Microsoft\Outlook\outlook.pst

   This issue was rediscovered in August 2001.
   BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
   URL:http://www.securityfocus.com/archive/1/201422
 CHANGE> [LeBlanc changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0776
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0776
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html
Reference: BID:1568
Reference: URL:http://www.securityfocus.com/bid/1568
Reference: XF:mediahouse-stats-livestats-bo(5113)
Reference: URL:http://xforce.iss.net/static/5113.php

Mediahouse Statistics Server 5.02x allows remote attackers to execute
arbitrary commands via a long HTTP GET request.


Modifications:
  ADDREF XF:mediahouse-stats-livestats-bo(5113)

INFERRED ACTION: CAN-2000-0776 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Williams
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Wall, Cole, Christey

Voter Comments:
 Christey> XF:mediahouse-stats-livestats-bo
   http://xforce.iss.net/static/5113.php
 Frech> XF:mediahouse-stats-livestats-bo(5113)


======================================================
Candidate: CAN-2000-0788
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0788
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg
Reference: MS:MS00-071
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-071.asp
Reference: BID:1566
Reference: URL:http://www.securityfocus.com/bid/1566
Reference: XF:word-mail-merge(5322)
Reference: URL:http://xforce.iss.net/static/5322.php

The Mail Merge tool in Microsoft Word does not prompt the user before
executing Visual Basic (VBA) scripts in an Access database, which
could allow an attacker to execute arbitrary commands.


Modifications:
  ADDREF MS:MS00-071
  ADDREF XF:word-mail-merge(5322)

INFERRED ACTION: CAN-2000-0788 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Baker, Levy
   NOOP(2) Cole, Christey

Voter Comments:
 Christey> ADDREF XF:word-mail-merge
   ADDREF MS:MS00-071??
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0790
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0790
Final-Decision:
Interim-Decision: 20020301
Modified: 20020220-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg
Reference: BID:1571
Reference: URL:http://www.securityfocus.com/bid/1571
Reference: XF:ie-folder-remote-exe(5097)
Reference: URL:http://xforce.iss.net/static/5097.php

The web-based folder display capability in Microsoft Internet Explorer
5.5 on Windows 98 allows local users to insert Trojan horse programs
by modifying the Folder.htt file and using the InvokeVerb method in
the ShellDefView ActiveX control to specify a default execute option
for the first file that is listed in the folder.


Modifications:
  ADDREF XF:ie-folder-remote-exe(5097)

INFERRED ACTION: CAN-2000-0790 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) LeBlanc, Wall, Levy
   MODIFY(1) Frech
   NOOP(2) Cole, Christey

Voter Comments:
 Christey> XF:ie-folder-remote-exe
   http://xforce.iss.net/static/5097.php
 Frech> XF:ie-folder-remote-exe(5097)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0795
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0795
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: BID:1529
Reference: URL:http://www.securityfocus.com/bid/1529

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to
gain root privileges via a long -n option.

INFERRED ACTION: CAN-2000-0795 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> I'm consulting with SGI on this one.


======================================================
Candidate: CAN-2000-0796
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0796
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20000921
Assigned: 20000919
Category: SF
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: BID:1528
Reference: URL:http://www.securityfocus.com/bid/1528
Reference: XF:irix-dmplay-bo(5064)
Reference: URL:http://xforce.iss.net/static/5064.php

Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to
gain root privileges via a long command line option.


Modifications:
  ADDREF XF:irix-dmplay-bo(5064)

INFERRED ACTION: CAN-2000-0796 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Levy, Williams
   NOOP(3) Wall, Cole, Christey

Voter Comments:
 Christey> XF:irix-dmplay-bo
   http://xforce.iss.net/static/5064.php


======================================================
Candidate: CAN-2000-0825
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0825
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96659012127444&w=2
Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96654521004571&w=2
Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html
Reference: XF:ipswitch-imail-remote-dos(5475)
Reference: URL:http://xforce.iss.net/static/5475.php
Reference: BID:2011
Reference: URL:http://www.securityfocus.com/bid/2011

Ipswitch Imail 6.0 allows remote attackers to cause a denial of
service via a large number of connections in which a long Host: header
is sent, which causes a thread to crash.


Modifications:
  ADDREF XF:ipswitch-imail-remote-dos(5475)
  ADDREF BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
  ADDREF NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
  ADDREF BID:2011

INFERRED ACTION: CAN-2000-0825 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Armstrong, Collins
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Frech> XF:ipswitch-imail-remote-dos(5475)
 Christey> BID:2011
   http://www.securityfocus.com/bid/2011
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0830
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-02
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000913 trivial DoS in webTV
Reference: URL:http://www.securityfocus.com/archive/1/81852
Reference: MS:MS00-074
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-074.asp
Reference: BID:1671
Reference: URL:http://www.securityfocus.com/bid/1671
Reference: XF:webtv-udp-dos
Reference: URL:http://xforce.iss.net/static/5216.php

annclist.exe in webTV for Windows allows remote attackers to cause a
denial of service by via a large, malformed UDP packet to ports 22701
through 22705.


Modifications:
  CHANGEREF BUGTRAQ [canonicalize; add BUGTRAQ tag]
  ADDREF MS:MS00-074
  DESC Add "for Windows"

INFERRED ACTION: CAN-2000-0830 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Frech, Collins
   NOOP(4) Cole, Armstrong, Magdych, Christey

Voter Comments:
 Christey> ADDREF MS:MS00-074
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0838
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0838
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html
Reference: XF:fur-get-dos(5237)
Reference: URL:http://xforce.iss.net/static/5237.php

Fastream FUR HTTP server 1.0b allows remote attackers to cause a
denial of service via a long GET request.


Modifications:
  CHANGEREF WIN2KSEC add date
  CHANGEREF XF canonicalize

INFERRED ACTION: CAN-2000-0838 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Frech, Collins
   NOOP(3) Cole, Armstrong, Magdych

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0839
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0839
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html
Reference: BID:1701
Reference: URL:http://www.securityfocus.com/bid/1701
Reference: XF:wincom-lpd-dos(5258)
Reference: URL:http://xforce.iss.net/static/5258.php

WinCOM LPD 1.00.90 allows remote attackers to cause a denial of
service via a large number of LPD options to the LPD port (515).


Modifications:
  CHANGEREF XF canonicalize

INFERRED ACTION: CAN-2000-0839 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Frech, Collins
   NOOP(3) Cole, Armstrong, Magdych

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0859
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html
Reference: BID:1640
Reference: URL:http://www.securityfocus.com/bid/1640
Reference: XF:ntmail-incomplete-http-requests
Reference: URL:http://xforce.iss.net/static/5182.php

The web configuration server for NTMail V5 and V6 allows remote
attackers to cause a denial of service via a series of partial HTTP
requests.

INFERRED ACTION: CAN-2000-0859 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Cole, Collins
   NOOP(1) Armstrong

Voter Comments:
 Cole> INDEPENDENT-CONFIRMATION
 Collins> http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2000008.htm
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0891
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20001114
Category: CF
Reference: CERT-VN:VU#5962
Reference: URL:http://www.kb.cert.org/vuls/id/5962
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S
Reference: XF:lotus-notes-bypass-ecl(5045)
Reference: URL:http://xforce.iss.net/static/5045.php

A default ECL in Lotus Notes before 5.02 allows remote attackers to
execute arbitrary commands by attaching a malicious program in an
email message that is automatically executed when the user opens the
email.


Modifications:
  ADDREF XF:lotus-notes-bypass-ecl(5045)

INFERRED ACTION: CAN-2000-0891 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:lotus-notes-bypass-ecl(5045)


======================================================
Candidate: CAN-2000-0892
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0892
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20001114
Category: SF
Reference: CERT-VN:VU#22404
Reference: URL:http://www.kb.cert.org/vuls/id/22404
Reference: XF:telnet-obtain-env-variable(6644)
Reference: URL:http://xforce.iss.net/static/6644.php

Some telnet clients allow remote telnet servers to request environment
variables from the client that may contain sensitive information, or
remote web servers to obtain the information via a telnet: URL.


Modifications:
  ADDREF XF:telnet-obtain-env-variable(6644)

INFERRED ACTION: CAN-2000-0892 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Stracener
   MODIFY(1) Frech
   NOOP(4) Wall, Foat, Cole, Christey

Voter Comments:
 Frech> XF:telnet-obtain-env-variable(6644)
   MISC reference should be
   http://www.securiteam.com/exploits/5YQ0C000IU.html.
 Christey> The MISC reference suggested by Andre is for CAN-2000-1191


======================================================
Candidate: CAN-2000-1101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1101
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20001219
Assigned: 20001214
Category:
Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html
Reference: BID:2005
Reference: URL:http://www.securityfocus.com/bid/2005
Reference: XF:wftpd-dir-traverse(5608)
Reference: URL:http://www.iss.net/security_center/static/5608.php

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and
2.41 with the "Restrict to home directory" option enabled allows local
users to escape the home directory via a "/../" string, a variation of
the .. (dot dot) attack.


Modifications:
  ADDREF XF:wftpd-dir-traverse(5608)

INFERRED ACTION: CAN-2000-1101 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:wftpd-dir-traverse(5608)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1111
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS
Reference: URL:http://www.securityfocus.com/archive/1/147914
Reference: BID:2018
Reference: URL:http://www.securityfocus.com/bid/2018
Reference: XF:win2k-telnet-dos(5598)
Reference: URL:http://xforce.iss.net/static/5598.php

Telnet Service for Windows 2000 Professional does not properly
terminate incomplete connection attempts, which allows remote
attackers to cause a denial of service by connecting to the server and
not providing any input.


Modifications:
  ADDREF XF:win2k-telnet-dos(5598)

INFERRED ACTION: CAN-2000-1111 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-telnet-dos(5598)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2000-1190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1190
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000531 Re: strike#2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2
Reference: REDHAT:RHSA-2000:016-03
Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-016-03.html
Reference: XF:linux-imwheel-symlink(4941)
Reference: URL:http://www.iss.net/security_center/static/4941.php

imwheel-solo in imwheel package allows local users to modify arbitrary
files via a symlink attack from the .imwheelrc file.


Modifications:
  ADDREF XF:linux-imwheel-symlink(4941)

INFERRED ACTION: CAN-2000-1190 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-imwheel-symlink(4941)


======================================================
Candidate: CAN-2000-1195
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1195
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: CALDERA:CSSA-2000-008.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt
Reference: XF:telnetd-login-bypass(4225)
Reference: URL:http://xforce.iss.net/static/4225.php

telnet daemon (telnetd) from the Linux netkit package before
netkit-telnet-0.16 allows remote attackers to bypass authentication
when telnetd is running with the -L command line option.


Modifications:
  ADDREF XF:telnetd-login-bypass(4225)

INFERRED ACTION: CAN-2000-1195 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:telnetd-login-bypass(4225)


======================================================
Candidate: CAN-2000-1196
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1196
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010912
Assigned: 20010831
Category:
Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html
Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt
Reference: XF:publishingxpert-pscoerrpage-url(7362)
Reference: URL:http://xforce.iss.net/static/7362.php

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows
remote attackers to read arbitrary files by specifying the target file
in the errPagePath parameter.


Modifications:
  ADDREF XF:publishingxpert-pscoerrpage-url(7362)

INFERRED ACTION: CAN-2000-1196 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:publishingxpert-pscoerrpage-url(7362)


======================================================
Candidate: CAN-2000-1200
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1200
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010831
Category: SF
Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage
Reference: URL:http://www.securityfocus.com/archive/1/44430
Reference: XF:nt-lsa-domain-sid(4015)
Reference: URL:http://xforce.iss.net/static/4015.php
Reference: BID:959
Reference: URL:http://www.securityfocus.com/bid/959

Windows NT allows remote attackers to list all users in a domain by
obtaining the domain SID with the LsaQueryInformationPolicy policy
function via a null session and using the SID to list the users.

INFERRED ACTION: CAN-2000-1200 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Frech, Stracener
   NOOP(1) Foat


======================================================
Candidate: CAN-2001-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0001
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010309
Assigned: 20010103
Category: SF
Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html
Reference: XF:php-nuke-elevate-privileges(6183)
Reference: URL:http://xforce.iss.net/static/6183.php

cookiedecode function in PHP-Nuke 4.4 allows users to bypass
authentication and gain access to other user accounts by extracting
the authentication information from a cookie.


Modifications:
  ADDREF XF:php-nuke-elevate-privileges(6183)

INFERRED ACTION: CAN-2001-0001 ACCEPT_REV (3 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Baker, Lawler
   MODIFY(1) Frech
   NOOP(2) Cole, Christey
   REVIEWING(1) Ziese

Voter Comments:
 Lawler> http://www.phpnuke.org/article.php?sid=1201
 Frech> XF:php-nuke-elevate-privileges(6183)
 Ziese> When a vendor does not acknowledge an entry it should be rejected
   unless and until its been independently confirmed
 Christey> Since Kevin Ziese's comment, this CAN has since received
   several ACCEPT votes from members because someone they
   trusted reproduced the results.


======================================================
Candidate: CAN-2001-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0007
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010202
Assigned: 20010108
Category: SF
Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/155149
Reference: BID:2176
Reference: URL:http://www.securityfocus.com/bid/2176
Reference: XF:netscreen-webui-bo(5908)
Reference: URL:http://xforce.iss.net/static/5908.php

Buffer overflow in NetScreen Firewall WebUI allows remote attackers to
cause a denial of service via a long URL request to the web
administration interface.


Modifications:
  CHANGEREF BUGTRAQ fix date
  ADDREF XF:netscreen-webui-bo(5908)

INFERRED ACTION: CAN-2001-0007 ACCEPT_REV (3 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(2) Christey, Wall
   REVIEWING(1) Ziese

Voter Comments:
 Christey> BID:2176
   URL:http://www.securityfocus.com/bid/2176
 Frech> XF:netscreen-webui-bo(5908)
 Christey> Change date in Bugtraq ref to 20010109
   XF:netscreen-webui-bo
   URL:http://xforce.iss.net/static/5908.php


======================================================
Candidate: CAN-2001-0018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0018
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010309
Assigned: 20010127
Category: SF
Reference: MS:MS01-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp

Windows 2000 domain controller in Windows 2000 Server, Advanced
Server, or Datacenter Server allows remote attackers to cause a denial
of service via a flood of malformed service requests.

INFERRED ACTION: CAN-2001-0018 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Ziese, Lawler, Prosser
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:win2k-domain-controller-dos(6136)
 Christey> This post may be related:
   BUGTRAQ:20001202 UDP Ping-pong in Win2k
   http://www.securityfocus.com/archive/1/148411
 Prosser> MS01-011
 Christey> Actually, isn't this post from VULN-DEV?


======================================================
Candidate: CAN-2001-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0094
Final-Decision:
Interim-Decision: 20020301
Modified: 20020222-01
Proposed: 20010202
Assigned: 20010201
Category: SF
Reference: NETBSD:NetBSD-SA2000-017
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc
Reference: FREEBSD:FreeBSD-SA-01:25
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc
Reference: XF:kerberos4-auth-packet-overflow(5734)
Reference: URL:http://xforce.iss.net/static/5734.php

Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4
authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as
used in Kerberised applications such as telnetd and login, allows
local users to gain root privileges.


Modifications:
  ADDREF XF:kerberos4-auth-packet-overflow(5734)
  DESC include both NetBSD and FreeBSD
  ADDREF FREEBSD:FreeBSD-SA-01:25

INFERRED ACTION: CAN-2001-0094 RECAST (1 recast, 4 accept, 0 review) HAS_CONFLICT

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(2) Frech, Prosser
   NOOP(2) Ziese, Wall
   RECAST(1) Christey

Voter Comments:
 Frech> XF:kerberos4-auth-packet-overflow(5734)
   Description states FreeBSD, but advisory is for NetBSD.
 Christey> Change description to *NetBSD*
 Prosser> FreeBSD 3.5 STABLE and 4.2 STABLE are vulnerable as well.  See ref
   FreeBSD-SA-01:25
   http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html
   or http://www.freebsd.org/security/security.html#adv
 Prosser> FreeBSD 3.5 STABLE and 4.2 STABLE are vulnerable as well.  See ref
   FreeBSD-SA-01:25
   http://www.linuxsecurity.com/advisories/freebsd_advisory-1153.html
   or http://www.freebsd.org/security/security.html#adv
 CHANGE> [Christey changed vote from NOOP to RECAST]
 Christey> This is a "soft" recast; I'm just adding another OS
   to the description.


======================================================
Candidate: CAN-2001-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0122
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010214
Assigned: 20010206
Category: SF
Reference: BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html
Reference: BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/security.html
Reference: BID:2175
Reference: URL:http://www.securityfocus.com/bid/2175
Reference: XF:ibm-websphere-dos(5900)
Reference: URL:http://xforce.iss.net/static/5900.php

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator
(FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows
remote attackers to cause a denial of service via a series of
malformed HTTP requests that generate a "bad request" error.


Modifications:
  ADDREF XF:ibm-websphere-dos(5900)
  ADDREF CONFIRM
  ADDREF BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)

INFERRED ACTION: CAN-2001-0122 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Oliver
   MODIFY(1) Frech
   NOOP(4) Wall, Cole, Magdych, Christey

Voter Comments:
 Frech> XF:ibm-websphere-dos(5900)
 Christey> XF:ibm-websphere-dos(5900)
   http://xforce.iss.net/static/5900.php
 Christey> Change spelling to "afpa"
   ADDREF BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)
   http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html
 Baker> detailed review of IBM Websphere site has indicators that this is a problem, however, it is not directly stated.
   Information there leads me to believe this is an accurate representation of the problem
 Christey> Need to consult Troy Bollinger on this


======================================================
Candidate: CAN-2001-0156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0156
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010309
Assigned: 20010216
Category: CF
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html
Reference: XF:vshell-port-forwarding-rule(6148)
Reference: URL:http://xforce.iss.net/static/6148.php
Reference: BID:2402
Reference: URL:http://online.securityfocus.com/bid/2402

VShell SSH gateway 1.0.1 and earlier has a default port forwarding
rule of 0.0.0.0/0.0.0.0, which could allow local users conduct
arbitrary port forwarding to other systems.


Modifications:
  ADDREF CONFIRM:http://www.vandyke.com/products/vshell/security102.html
  ADDREF XF:vshell-port-forwarding-rule(6148)
  ADDREF BID:2402

INFERRED ACTION: CAN-2001-0156 ACCEPT_REV (3 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(2) Baker, Lawler
   MODIFY(1) Frech
   NOOP(1) Cole
   REVIEWING(1) Ziese

Voter Comments:
 Frech> XF:vshell-port-forwarding-rule(6148)
   CONFIRM:http://www.vandyke.com/products/vshell/security102.html


======================================================
Candidate: CAN-2001-0204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0204
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010309
Assigned: 20010308
Category: SF
Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/162965
Reference: BID:2369
Reference: URL:http://www.securityfocus.com/bid/2369
Reference: XF:firebox-pptp-dos(6109)
Reference: URL:http://xforce.iss.net/static/6109.php

Watchguard Firebox II allows remote attackers to cause a denial of
service by establishing multiple connections and sending malformed
PPTP packets.


Modifications:
  ADDREF XF:firebox-pptp-dos(6109)

INFERRED ACTION: CAN-2001-0204 ACCEPT_REV (3 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(2) Baker, Lawler
   MODIFY(1) Frech
   NOOP(1) Cole
   REVIEWING(1) Ziese

Voter Comments:
 Frech> XF:firebox-pptp-dos(6109)


======================================================
Candidate: CAN-2001-0236
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0236
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010404
Assigned: 20010309
Category: SF
Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2
Reference: CERT:CA-2001-05
Reference: URL:http://www.cert.org/advisories/CA-2001-05.html
Reference: CIAC:L-065
Reference: URL:http://www.ciac.org/ciac/bulletins/l-065.shtml
Reference: SUN:00207
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207
Reference: XF:solaris-snmpxdmid-bo(6245)
Reference: URL:http://xforce.iss.net/static/6245.php
Reference: BID:2417
Reference: URL:http://www.securityfocus.com/bid/2417

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows
remote attackers to execute arbitrary commands via a long "indication"
event.


Modifications:
  ADDREF XF:solaris-snmpxdmid-bo(6245)
  ADDREF SUN:00207
  ADDREF CIAC:L-065a

INFERRED ACTION: CAN-2001-0236 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Dik, Bishop
   MODIFY(1) Frech
   NOOP(3) Wall, Ziese, Christey

Voter Comments:
 Frech> XF:solaris-snmpxdmid-bo(6245)
 Christey> SUN:00207
 CHANGE> [Bishop changed vote from REVIEWING to ACCEPT]
 Christey> SUN:00207
   URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207


======================================================
Candidate: CAN-2001-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0252
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010404
Assigned: 20010329
Category: SF
Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS
Reference: URL:http://www.securityfocus.com/archive/1/157641
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2282
Reference: URL:http://www.securityfocus.com/bid/2282
Reference: XF:netscape-enterprise-dot-dos
Reference: URL:http://xforce.iss.net/static/5983.php

iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote
attackers to cause a denial of service via a long HTTP GET request
that contains many "/../" (dot dot) sequences.

INFERRED ACTION: CAN-2001-0252 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Frech, Bishop
   NOOP(1) Ziese

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0265
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010402
Category: SF
Reference: ATSTAKE:A040901-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt
Reference: XF:pgp-armor-code-execution(6643)
Reference: URL:http://xforce.iss.net/static/6643.php
Reference: BID:2556
Reference: URL:http://online.securityfocus.com/bid/2556

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers
to create files in arbitrary locations via a malformed ASCII armored
file.


Modifications:
  ADDREF XF:pgp-armor-code-execution(6643)
  ADDREF BID:2556

INFERRED ACTION: CAN-2001-0265 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Cole, Ziese
   MODIFY(1) Frech
   NOOP(1) Oliver

Voter Comments:
 Frech> XF:pgp-armor-code-execution(6643)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0269
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html
Reference: SUNBUG:4384816
Reference: XF:solaris-pamldap-bypass-authentication(6440)
Reference: URL:http://xforce.iss.net/static/6440.php

pam_ldap authentication module in Solaris 8 allows remote attackers to
bypass authentication via a NULL password.


Modifications:
  ADDREF SUNBUG:4384816
  ADDREF XF:solaris-pamldap-bypass-authentication(6440)

INFERRED ACTION: CAN-2001-0269 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Dik
   MODIFY(1) Frech
   NOOP(3) Wall, Bishop, Ziese

Voter Comments:
 Dik> bug 4384816
 Frech> XF:solaris-pamldap-bypass-authentication(6440)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0276
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2
Reference: CONFIRM:http://www.badblue.com/p010219.htm
Reference: BID:2390
Reference: URL:http://www.securityfocus.com/bid/2390
Reference: XF:badblue-ext-reveal-path(6130)
Reference: URL:http://xforce.iss.net/static/6130.php

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote
attackers to determine the physical path of the server by directly
calling ext.dll without any arguments, which produces an error message
that contains the path.


Modifications:
  ADDREF XF:badblue-ext-reveal-path(6130)
  ADDREF CONFIRM:http://www.badblue.com/p010219.htm

INFERRED ACTION: CAN-2001-0276 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(5) Wall, Cole, Bishop, Ziese, Christey

Voter Comments:
 Frech> XF:badblue-ext-reveal-path(6130)
 Christey> CONFIRM:http://www.badblue.com/p010219.htm
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0280
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html
Reference: XF:mercur-expn-bo(6149)
Reference: URL:http://xforce.iss.net/static/6149.php

Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to
execute arbitrary commands via a long EXPN command.


Modifications:
  ADDREF XF:mercur-expn-bo(6149)

INFERRED ACTION: CAN-2001-0280 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, Bishop, Ziese

Voter Comments:
 Frech> XF:mercur-expn-bo(6149)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0321
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0321
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010404
Assigned: 20010404
Category: SF
Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html
Reference: XF:phpnuke-opendir-read-files(6512)
Reference: URL:http://xforce.iss.net/static/6512.php

opendir.php script in PHP-Nuke allows remote attackers to read
arbitrary files by specifying the filename as an argument to the
requesturl parameter.


Modifications:
  ADDREF XF:phpnuke-opendir-read-files(6512)
  DESC fix typo

INFERRED ACTION: CAN-2001-0321 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(4) Wall, Bishop, Ziese, Christey

Voter Comments:
 Christey> Fix "n" typo.
 Frech> XF:phpnuke-opendir-read-files(6512)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0327
Final-Decision:
Interim-Decision: 20020301
Modified: 20010223-02
Proposed: 20010524
Assigned: 20010413
Category: SF
Reference: ATSTAKE:A041601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a041601-1.txt
Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
Reference: CERT-VN:VU#276767
Reference: URL:http://www.kb.cert.org/vuls/id/276767

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote
attackers to retrieve sensitive data from memory allocation pools, or
cause a denial of service, via a URL-encoded Host: header in the HTTP
request, which reveals memory in the Location: header that is returned
by the server.


Modifications:
  ADDREF CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
  ADDREF CERT-VN:VU#276767
  DESC Clean up

INFERRED ACTION: CAN-2001-0327 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Ziese, Renaud
   MODIFY(2) Frech, Williams
   NOOP(1) Christey

Voter Comments:
 Frech> XF:oracle-appserver-ndwfn4-bo(6334)
   CONFIRM:http://www.iplanet.com/products/iplanet_web_enterpris
   e/iwsalert4.16.html
 Williams> The iPlanet is vulnerable to a flaw that allows a remote attacker to possibly gain sensitive information or cause a denial of service condition. The problem is due to how character transformation occurs between the HOST and LOCATION headers. An attacker can create a special HOST header that when processed may reveal sensitive portions of memory in a returned LOCATION error message, or may cause a denial of service.
 Christey> The XF reference is not related to iPlanet.


======================================================
Candidate: CAN-2001-0364
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0364
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98467799732241&w=2
Reference: BID:2477
Reference: URL:http://www.securityfocus.com/bid/2477
Reference: XF:ssh-ssheloop-dos(6241)
Reference: URL:http://xforce.iss.net/static/6241.php

SSH Communications Security sshd 2.4 for Windows allows remote
attackers to create a denial of service via a large number of
simultaneous connections.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0364 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Cole, Frech, Ziese, Oliver

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0365
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0365
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010318 feeble.you!dora.exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2
Reference: XF:eudora-html-execute-code(6262)
Reference: URL:http://xforce.iss.net/static/6262.php
Reference: BID:2490
Reference: URL:http://www.securityfocus.com/bid/2490

Eudora before 5.1 allows a remote attacker to execute arbitrary code,
when the 'Use Microsoft Viewer' and 'allow executables in HTML
content' options are enabled, via an HTML email message containing
Javascript, with ActiveX controls and malicious code within IMG tags.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0365 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Frech, Ziese
   NOOP(1) Oliver

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0366
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0366
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit
Reference: URL:http://www.securityfocus.com/archive/1/180498
Reference: CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol
Reference: BID:2662
Reference: URL:http://www.securityfocus.com/bid/2662
Reference: XF:linux-sap-execute-code(6487)
Reference: URL:http://xforce.iss.net/static/6487.php

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the
PATH environmental variable to find and execute the expand program,
which allows local users to obtain root access by modifying the PATH
to point to a Trojan horse expand program.


Modifications:
  ADDREF XF:linux-sap-execute-code(6487)
  ADDREF CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol

INFERRED ACTION: CAN-2001-0366 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Ziese, Williams
   MODIFY(1) Frech
   NOOP(3) Wall, Renaud, Christey

Voter Comments:
 Ziese> When we have changelog vs advisory in the advisory notes I think
   we might want to consider another voting strategy
   (FIXED-BUT-NOT-ACKNOWLEDGED) (Ziese)
 Frech> XF:linux-sap-execute-code(6487)
 Christey> The "analysis" section for this CAN should have provided
   details for where the acknowledgement in the changelog
   should have appeared, as well as a MISC or CONFIRM reference
   to the change log itself, for external verification.  I can't
   find the changelog, and the content team member who created
   this CAN has left MITRE :-/
 Christey> ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol has a
   modification date of April 27, 2 days before the problem was
   publicized.  The last entry of the README is for 1.5, which says
   "security fixes for SUID."  Since the type of problem that appears in
   this can only really happens in a setuid program, *and* the
   modification date of the README correlates with the date of the
   announcement, this seems like sufficient acknowledgement.


======================================================
Candidate: CAN-2001-0371
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0371
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:30
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html
Reference: XF:ufs-ext2fs-data-disclosure(6268)
Reference: URL:http://xforce.iss.net/static/6268.php

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and
earlier, and possibly other operating systems, makes deleted data
available to user processes before it is zeroed out, which allows a
local user to access otherwise restricted information.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0371 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Frech, Ziese, Oliver
   NOOP(2) Wall, Christey

Voter Comments:
 Ziese> I think the section about 'other operating systems' should
   either be removed or the impacted operating systems should be explicitly
   listed.
 Christey> Not saying "other operating systems" could make it less
   obvious that this CAN could go through a "soft recast" in
   the future.


======================================================
Candidate: CAN-2001-0373
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0373
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010524
Assigned: 20010524
Category: CF
Reference: BUGTRAQ:20010323 NT crash dump files insecure by default
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html
Reference: BID:2501
Reference: URL:http://www.securityfocus.com/bid/2501
Reference: XF:win-userdmp-insecure-permission(6275)
Reference: URL:http://xforce.iss.net/static/6275.php

The default configuration of the Dr. Watson program in Windows NT and
Windows 2000 generates user.dmp crash dump files with world-readable
permissions, which could allow a local user to gain access to
sensitive information.


Modifications:
  CHANGEREF XF normalize

INFERRED ACTION: CAN-2001-0373 ACCEPT_REV (5 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Frech, Oliver
   REVIEWING(1) Ziese


======================================================
Candidate: CAN-2001-0386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0386
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX)
Reference: URL:http://www.securityfocus.com/archive/1/177156
Reference: BID:2608
Reference: URL:http://www.securityfocus.com/bid/2608
Reference: XF:analogx-simpleserver-aux-dos(6395)
Reference: URL:http://xforce.iss.net/static/6395.php

AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a
denial of service via an HTTP request to the /aux directory.


Modifications:
  ADDREF XF:analogx-simpleserver-aux-dos(6395)

INFERRED ACTION: CAN-2001-0386 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Ziese, Renaud
   MODIFY(1) Frech
   NOOP(2) Wall, Williams

Voter Comments:
 Frech> XF:analogx-simpleserver-aux-dos(6395)
 CHANGE> [Williams changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0394
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
Reference: XF:website-pro-remote-dos(6295)
Reference: URL:http://xforce.iss.net/static/6295.php

Remote manager service in Website Pro 3.0.37 allows remote attackers
to cause a denial of service via a series of malformed HTTP requests
to the /dyn directory.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0394 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Frech, Williams
   NOOP(5) Wall, Foat, Cole, Bishop, Ziese

Voter Comments:
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0407
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html
Reference: XF:mysql-dot-directory-traversal(6617)
Reference: URL:http://xforce.iss.net/static/6617.php
Reference: BID:2522
Reference: URL:http://online.securityfocus.com/bid/2522

Directory traversal vulnerability in MySQL before 3.23.36 allows local
users to modify arbitrary files and gain privileges by creating a
database whose name starts with .. (dot dot).


Modifications:
  ADDREF XF:mysql-dot-directory-traversal(6617)
  ADDREF BID:2522

INFERRED ACTION: CAN-2001-0407 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Oliver, Wall, Cole, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mysql-dot-directory-traversal(6617)
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0416
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0416
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: DEBIAN:DSA-038
Reference: URL:http://www.debian.org/security/2001/dsa-038
Reference: REDHAT:RHSA-2001:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html
Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98477491130367&w=2
Reference: MANDRAKE:MDKSA-2001:030
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3
Reference: CONECTIVA:CLA-2001:390
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390
Reference: XF:sgmltools-symlink
Reference: URL:http://xforce.iss.net/static/6201.php
Reference: SUSE:SuSE-SA:2001:16
Reference: URL:http://www.suse.de/de/support/security/2001_016_sgmltool_txt.html
Reference: BID:2683
Reference: URL:http://www.securityfocus.com/bid/2683
Reference: BID:2506
Reference: URL:http://www.securityfocus.com/bid/2506

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files
with insecure permissions, which allows other users to read files that
are being processed by sgml-tools.


Modifications:
  ADDREF SUSE:SuSE-SA:2001:16
  ADDREF BID:2683
  ADDREF BID:2506

INFERRED ACTION: CAN-2001-0416 ACCEPT (5 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Oliver, Baker, Cole, Frech, Ziese
   NOOP(2) Wall, Christey

Voter Comments:
 Christey> SUSE:SuSE-SA:2001:16
   BID:2683 ?
   BID:2506 ?


======================================================
Candidate: CAN-2001-0422
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0422
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html
Reference: SUNBUG:4356377
Reference: SUNBUG:4425845
Reference: SUNBUG:4440161
Reference: BID:2561
Reference: URL:http://www.securityfocus.com/bid/2561
Reference: XF:solaris-xsun-home-bo(6343)
Reference: URL:http://xforce.iss.net/static/6343.php

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to
execute arbitrary commands via a long HOME environmental variable.


Modifications:
  ADDREF XF:solaris-xsun-home-bo(6343)
  ADDREF SUNBUG:4356377
  ADDREF SUNBUG:4425845
  ADDREF SUNBUG:4440161

INFERRED ACTION: CAN-2001-0422 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Dik, Williams
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Ziese

Voter Comments:
 Frech> XF:solaris-xsun-home-bo(6343)
 Dik> sun bug: 4356377 (SPARC) 4425845(Intel)  4440161 (SunRAY)


======================================================
Candidate: CAN-2001-0442
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0442
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html
Reference: BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/179217
Reference: BID:2641
Reference: URL:http://www.securityfocus.com/bid/2641
Reference: XF:mercury-mta-bo(6444)
Reference: URL:http://www.iss.net/security_center/static/6444.php

Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and
earlier allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a long APOP command.


Modifications:
  ADDREF XF:mercury-mta-bo(6444)
  DESC Add possibility of 1.48 in some NetWare versions
  ADDREF BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow

INFERRED ACTION: CAN-2001-0442 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(2) Baker, Frech
   NOOP(4) Wall, Ziese, Balinsky, Williams

Voter Comments:
 Frech> XF:mercury-mta-bo(6444)
 Baker> Others report that it still affects version 1.48 as well:
   See the bugtraq post of Wed Apr 25 2001 08:32:40 below -

   On Tue, Apr 24, 2001 at 01:09:59PM +0300, Atro Tossavainen wrote:
   >> My colleague reports that NetWare servers running Mercury 1.48 crash
   >> happily.
   >I've tested it on Mercury 1.48 on Netware 4.10 and it crashed. Mercury 1.48
   >on Netware 4.11 didn't crashed.
 CHANGE> [Baker changed vote from REVIEWING to MODIFY]
 Baker> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=179571


======================================================
Candidate: CAN-2001-0444
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0444
Final-Decision:
Interim-Decision: 20020301
Modified: 20010910-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html
Reference: XF:cisco-cbos-gain-information(6453)
Reference: URL:http://xforce.iss.net/static/6453.php
Reference: BID:2635
Reference: URL:http://www.securityfocus.com/bid/2635

Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat")
command to the terminal of the next user who attempts to connect to
the router via telnet, which could allow that user to obtain sensitive
information.


Modifications:
  ADDREF XF:cisco-cbos-gain-information(6453)

INFERRED ACTION: CAN-2001-0444 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Christey

Voter Comments:
 Frech> XF:cisco-cbos-gain-information(6453)
   CONFIRM:http://www.cisco.com/warp/public/707/CBOS-multiple2-p
   ub.html
 Christey> The Cisco reference does not appear to mention anything about
   this problem.


======================================================
Candidate: CAN-2001-0449
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0449
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/166211
Reference: XF:winzip-zipandemail-bo(6191)
Reference: URL:http://xforce.iss.net/static/6191.php

Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary
commands via a long file name that is processed by the /zipandemail
command line option.


Modifications:
  CHANGEREF XF normalize

INFERRED ACTION: CAN-2001-0449 ACCEPT_REV (3 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Oliver, Baker, Frech
   NOOP(2) Wall, Cole
   REVIEWING(1) Ziese

Voter Comments:
 CHANGE> [Oliver changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0461
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0461
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html
Reference: XF:foldoc-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/6217.php

template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows
remote attackers to read files and execute commands via shell
metacharacters in the argument to template.cgi.

INFERRED ACTION: CAN-2001-0461 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Oliver, Baker, Cole, Frech, Ziese
   NOOP(2) Wall, Christey

Voter Comments:
 Ziese> Is this a vulnerability or is it just an improperly configured
   web site??
 Oliver> Perhaps we should find a way to lump all of the
   metacharacter attacks into a subgroup.
 Christey> It would appear that Kevin is right at first glance, in which
   case we would not approve this CAN due to CD:EX-ONLINE-SVC.
   However, the Bugtraq post says that foldoc was made available
   in Debian packages, which does appear to be the case.  So,
   there are distributions of FOLDOC which need to be patched,
   and this CAN should be approved.


======================================================
Candidate: CAN-2001-0463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0463
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
Reference: BID:2663
Reference: URL:http://www.securityfocus.com/bid/2663
Reference: XF:perlcal-calmake-directory-traversal(6480)
Reference: URL:http://xforce.iss.net/static/6480.php

Directory traversal vulnerability in cal_make.pl in PerlCal allows
remote attackers to read arbitrary files via a .. (dot dot) in the p0
parameter.


Modifications:
  ADDREF XF:perlcal-calmake-directory-traversal(6480)

INFERRED ACTION: CAN-2001-0463 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Renaud
   MODIFY(1) Frech
   NOOP(5) Oliver, Wall, Ziese, Balinsky, Williams

Voter Comments:
 Frech> XF:perlcal-calmake-directory-traversal(6480)
 CHANGE> [Williams changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0487
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0487
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: AIXAPAR:IY17630
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0005.html
Reference: XF:aix-snmpd-rst-dos(6996)
Reference: URL:http://www.iss.net/security_center/static/6996.php

AIX SNMP server snmpd allows remote attackers to cause a denial of
service via a RST during the TCP connection.


Modifications:
  ADDREF XF:aix-snmpd-rst-dos(6996)

INFERRED ACTION: CAN-2001-0487 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Bollinger, Cole, Ziese, Renaud, Williams
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 CHANGE> [Frech changed vote from REVIEWING to MODIFY]
 Frech> XF:aix-snmpd-rst-dos(6996)


======================================================
Candidate: CAN-2001-0493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0493
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010524
Assigned: 20010524
Category: SF
Reference: BUGTRAQ:20010424 Advisory for Small HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:2649
Reference: URL:http://www.securityfocus.com/bid/2649
Reference: XF:small-http-aux-dos(6446)
Reference: URL:http://xforce.iss.net/static/6446.php

Small HTTP server 2.03 allows remote attackers to cause a denial of
service via a URL that contains an MS-DOS device name such as aux.


Modifications:
  ADDREF CONFIRM:http://home.lanck.net/mf/srv/index.htm
  ADDREF XF:small-http-aux-dos(6446)
  DESC Mention MS-DOS device names.

INFERRED ACTION: CAN-2001-0493 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Oliver, Baker, Cole, Ziese, Renaud
   MODIFY(1) Frech
   NOOP(2) Wall, Williams

Voter Comments:
 Oliver> Fix identified in ver 2.04 and higher, acknowledged on
   vendor home page.  A revision in the description might be
   in order to include all system predefined names (Windows).
 Frech> XF:small-http-aux-dos(6446)
 CHANGE> [Ziese changed vote from REVIEWING to ACCEPT]
 Baker> http://home.lanck.net/mf/srv/index.htm
   vendor page, w/ack
   "[28.04.01] Version 2.04 Get it (70Kb)
   - Now, system predefined names (AUX,LPT1,PRN,etc.) are detected as bad request.
   + QUERY_STRING variable is visible for SSI.
   + Keys ssihtm, nossihtm have been added. Before SSI tags had been checked in .sht*,.sml*,.asp* files only. Now optional SSI could be
   checked in .htm* files too. "
 CHANGE> [Williams changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0497
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010604
Category: SF
Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
Reference: URL:http://xforce.iss.net/alerts/advise78.php
Reference: XF:bind-local-key-exposure(6694)
Reference: URL:http://xforce.iss.net/static/6694.php

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2
and earlier, set insecure permissions for a HMAC-MD5 shared secret key
file used for DNS Transactional Signatures (TSIG), which allows
attackers to obtain the keys and perform dynamic DNS updates.


Modifications:
  ADDREF XF:bind-local-key-exposure(6694)

INFERRED ACTION: CAN-2001-0497 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:bind-local-key-exposure(6694)
   Set URL for ISS at http://xforce.iss.net/alerts/advise78.php


======================================================
Candidate: CAN-2001-0500
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0500
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-02
Proposed: 20010727
Assigned: 20010608
Category: SF
Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
Reference: URL:http://www.securityfocus.com/archive/1/191873
Reference: MS:MS01-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
Reference: CERT:CA-2001-13
Reference: URL:http://www.cert.org/advisories/CA-2001-13.html
Reference: BID:2880
Reference: URL:http://www.securityfocus.com/bid/2880
Reference: XF:iis-isapi-idq-bo(6705)
Reference: URL:http://www.iss.net/security_center/static/6705.php
Reference: CIAC:L-098
Reference: URL:http://www.ciac.org/ciac/bulletins/l-098.shtml

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and
Indexing Service 2000 in IIS 6.0 beta and earlier allows remote
attackers to execute arbitrary commands via a long argument to
Internet Data Administration (.ida) and Internet Data Query (.idq)
files such as default.ida, as commonly exploited by Code Red.


Modifications:
  DESC Mention Code Red
  ADDREF XF:iis-isapi-idq-bo(6705)
  ADDREF CIAC:L-098

INFERRED ACTION: CAN-2001-0500 ACCEPT (9 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(7) Prosser, Wall, Foat, Cole, Collins, Ziese, Stracener
   MODIFY(2) Frech, Balinsky

Voter Comments:
 Balinsky> Would it be worth adding "This vulnerability was the root of the Code Red worm."? We could at least add the CERT Code Red advisories:
   http://www.cert.org/advisories/CA-2001-19.html and http://www.cert.org/advisories/CA-2001-23.html
 Frech> XF:iis-isapi-idq-bo(6705)
   XF:backdoor-codered2(6992)


======================================================
Candidate: CAN-2001-0501
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0501
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010608
Category: SF
Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99325144322224&w=2
Reference: MS:MS01-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-034.asp
Reference: BID:2876
Reference: URL:http://www.securityfocus.com/bid/2876
Reference: XF:msword-macro-bypass-security(6732)
Reference: URL:http://xforce.iss.net/static/6732.php

Microsoft Word 2002 and earlier allows attackers to automatically
execute macros without warning the user by embedding the macros in a
manner that escapes detection by the security scanner.


Modifications:
  ADDREF XF:msword-macro-bypass-security(6732)

INFERRED ACTION: CAN-2001-0501 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:msword-macro-bypass-security(6732)


======================================================
Candidate: CAN-2001-0502
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0502
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010608
Category: SF
Reference: MS:MS01-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp
Reference: CIAC:L-101
Reference: URL:http://www.ciac.org/ciac/bulletins/l-101.shtml
Reference: XF:win2k-ldap-change-passwords(6745)
Reference: URL:http://xforce.iss.net/static/6745.php
Reference: BID:2929
Reference: URL:http://www.securityfocus.com/bid/2929

Running Windows 2000 LDAP Server over SSL, a function does not
properly check the permissions of a user request when the directory
principal is a domain user and the data attribute is the domain
password, which allows local users to modify the login password of
other users.


Modifications:
  ADDREF XF:win2k-ldap-change-passwords(6745)
  ADDREF BID:2929
  ADDREF CIAC:L-101

INFERRED ACTION: CAN-2001-0502 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:win2k-ldap-change-passwords(6745)
 Christey> BID:2929
   URL:http://www.securityfocus.com/bid/2929


======================================================
Candidate: CAN-2001-0503
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0503
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010608
Category: SF
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: XF:netmeeting-desktop-sharing-dos(5368)
Reference: URL:http://www.iss.net/security_center/static/5368.php

Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows
remote attackers to cause a denial of service via a malformed string
to the NetMeeting service port, aka a variant of the "NetMeeting
Desktop Sharing" vulnerability.


Modifications:
  DESC Add version number
  ADDREF XF:netmeeting-desktop-sharing-dos(5368)

INFERRED ACTION: CAN-2001-0503 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Ziese, Stracener
   MODIFY(2) Frech, Balinsky
   NOOP(1) Foat

Voter Comments:
 Balinsky> Add version "NetMeeting 3.01" to description.
 Frech> XF:(5368)


======================================================
Candidate: CAN-2001-0504
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0504
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010608
Category: SF
Reference: MS:MS01-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp
Reference: XF:win2k-smtp-mail-relay(6803)
Reference: URL:http://xforce.iss.net/static/6803.php
Reference: BID:2988
Reference: URL:http://online.securityfocus.com/bid/2988
Reference: CIAC:L-107
Reference: URL:http://www.ciac.org/ciac/bulletins/l-107.shtml
Reference: CERT-VN:VU#435963
Reference: URL:http://www.kb.cert.org/vuls/id/435963

Vulnerability in authentication process for SMTP service in Microsoft
Windows 2000 allows remote attackers to use incorrect credentials to
gain privileges and conduct activites such as mail relaying.


Modifications:
  ADDREF XF:win2k-smtp-mail-relay(6803)
  ADDREF BID:2988
  ADDREF CIAC:L-107
  ADDREF CERT-VN:VU#435963

INFERRED ACTION: CAN-2001-0504 ACCEPT (7 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-smtp-mail-relay(6803)


======================================================
Candidate: CAN-2001-0506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0506
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99802093532233&w=2
Reference: BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
Reference: URL:http://online.securityfocus.com/archive/1/242541
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: BID:3190
Reference: URL:http://www.securityfocus.com/bid/3190
Reference: XF:iis-ssi-directive-bo(6984)
Reference: URL:http://xforce.iss.net/static/6984.php

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to
gain system privileges via a Server-Side Includes (SSI) directive for
a long filename, which triggers the overflow when the directory name
is added, aka the "SSI privilege elevation" vulnerability.


Modifications:
  ADDREF XF:iis-ssi-directive-bo(6984)
  ADDREF CIAC:L-132
  ADDREF BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
  DESC fix typo, rewrite desc

INFERRED ACTION: CAN-2001-0506 ACCEPT (8 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:iis-ssi-directive-bo(6984)
 Christey> Fix typo: "names"
   NTBUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow
   URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=99805217309795&w=2
   Consider adding this one:
   BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689252614009&w=2
   ... though a read of the exploit doesn't quite line up with
   the CVE description.  Looks like I need to redo the
   description based on a re-read of the NSFOCUS report.


======================================================
Candidate: CAN-2001-0507
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0507
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010608
Category: SF
Reference: BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS
Reference: URL:http://online.securityfocus.com/archive/1/205069
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: XF:iis-relative-path-privilege-elevation(6985)
Reference: URL:http://xforce.iss.net/static/6985.php
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml

IIS 5.0 uses relative paths to find system files that will run
in-process, which allows local users to gain privileges via a Trojan
horse file, aka the "System file listing privilege elevation"
vulnerability.


Modifications:
  ADDREF XF:iis-relative-path-privilege-elevation(6985)
  ADDREF CIAC:L-132
  ADDREF BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS

INFERRED ACTION: CAN-2001-0507 ACCEPT (8 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-relative-path-privilege-elevation(6985)


======================================================
Candidate: CAN-2001-0513
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0513
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010613
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20010619 Oracle Redirect Denial of Service
Reference: URL:http://xforce.iss.net/alerts/advise81.php
Reference: CERT-VN:VU#105259
Reference: URL:http://www.kb.cert.org/vuls/id/105259
Reference: XF:oracle-listener-redirect-dos(6717)
Reference: URL:http://xforce.iss.net/static/6717.php

Oracle listener process on Windows NT redirects connection requests to
another port and creates a separate thread to process the request,
which allows remote attackers to cause a denial of service by
repeatedly connecting to the Oracle listener but not connecting to the
redirected port.


Modifications:
  ADDREF XF:oracle-listener-redirect-dos(6717)
  ADDREF CERT-VN:VU#105259

INFERRED ACTION: CAN-2001-0513 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:oracle-listener-redirect-dos(6717)


======================================================
Candidate: CAN-2001-0514
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0514
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010613
Category: SF
Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw
Reference: URL:http://xforce.iss.net/alerts/advise83.php
Reference: XF:atmel-vnetb-ap-snmp-security(6576)
Reference: URL:http://xforce.iss.net/static/6576.php
Reference: BID:2896
Reference: URL:http://www.securityfocus.com/bid/2896

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as
used in Netgear ME102 and Linksys WAP11, accepts arbitrary community
strings with requested MIB modifications, which allows remote
attackers to obtain sensitive information such as WEP keys, cause a
denial of service, or gain access to the network.


Modifications:
  ADDREF XF:atmel-vnetb-ap-snmp-security(6576)
  ADDREF BID:2896

INFERRED ACTION: CAN-2001-0514 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Frech> XF:atmel-vnetb-ap-snmp-security(6576)
 Christey> BID:2896
   URL:http://www.securityfocus.com/bid/2896


======================================================
Candidate: CAN-2001-0517
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0517
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010613
Category: SF
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
Reference: XF:oracle-listener-data-transport-dos(6715)
Reference: URL:http://xforce.iss.net/static/6715.php

Oracle listener in Oracle 8i on Solaris allows remote attackers to
cause a denial of service via a malformed connection packet with a
maximum transport data size that is set to 0.


Modifications:
  ADDREF XF:oracle-listener-data-transport-dos(6715)
  ADDREF CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf

INFERRED ACTION: CAN-2001-0517 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:oracle-listener-data-transport-dos(6715)


======================================================
Candidate: CAN-2001-0518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0518
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010613
Category: SF
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm
Reference: XF:oracle-listener-fragmentation-dos(6716)
Reference: URL:http://xforce.iss.net/static/6716.php

Oracle listener before Oracle 9i allows attackers to cause a denial of
service by repeatedly sending the first portion of a fragmented Oracle
command without sending the remainder of the command, which causes the
listener to hang.


Modifications:
  ADDREF CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm
  ADDREF XF:oracle-listener-fragmentation-dos(6716)

INFERRED ACTION: CAN-2001-0518 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:oracle-listener-fragmentation-dos(6716)


======================================================
Candidate: CAN-2001-0522
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0522
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0281.html
Reference: BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
Reference: URL:http://online.securityfocus.com/archive/1/188218
Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
Reference: MANDRAKE:MDKSA-2001:053
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
Reference: CONECTIVA:CLA-2001:399
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
Reference: DEBIAN:DSA-061
Reference: URL:http://www.debian.org/security/2001/dsa-061
Reference: IMMUNIX:IMNX-2001-70-023-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
Reference: REDHAT:RHSA-2001:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-073.html
Reference: CALDERA:CSSA-2001-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
Reference: SUSE:SuSE-SA:2001:020
Reference: URL:http://www.suse.de/de/support/security/2001_020_gpg_txt.html
Reference: TURBO:TLSA2001028
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
Reference: XF:gnupg-tty-format-string(6642)
Reference: URL:http://xforce.iss.net/static/6642.php
Reference: BID:2797
Reference: URL:http://www.securityfocus.com/bid/2797

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg)
1.05 and earlier can allow an attacker to gain privileges via format
strings in the original filename that is stored in an encrypted file.


Modifications:
  ADDREF XF:gnupg-tty-format-string(6642)
  ADDREF BID:2797
  DESC change desc slightly
  ADDREF CONECTIVA:CLA-2001:399
  ADDREF DEBIAN:DSA-061
  ADDREF IMMUNIX:IMNX-2001-70-023-01
  ADDREF REDHAT:RHSA-2001:073
  ADDREF CALDERA:CSSA-2001-020.0
  ADDREF SUSE:SuSE-SA:2001:020
  ADDREF BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
  ADDREF TURBO:TLSA2001028

INFERRED ACTION: CAN-2001-0522 ACCEPT (5 accept, 5 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:gnupg-tty-format-string(6642)
 Christey> ADDREF BID:2797
   Also add lots of related vendor advisories
 Christey> ADDREF RHSA-2001:073 (per Mark Cox of Red Hat)


======================================================
Candidate: CAN-2001-0525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0525
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
Reference: XF:dqs-dsh-bo(6577)
Reference: URL:http://xforce.iss.net/static/6577.php
Reference: BID:2749
Reference: URL:http://online.securityfocus.com/bid/2749

Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and
possibly other operating systems, allows local users to gain
privileges via a long first command line argument.


Modifications:
  CHANGEREF XF [normalize]
  DESC rephrase
  ADDREF BID:2749

INFERRED ACTION: CAN-2001-0525 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0526
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0526
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
Reference: SUNBUG:4458476
Reference: XF:solaris-mailtool-openwinhome-bo(6626)
Reference: URL:http://xforce.iss.net/static/6626.php

Buffer overflow in the Xview library as used by mailtool in Solaris 8
and earlier allows a local attacker to gain privileges via the
OPENWINHOME environment variable.


Modifications:
  ADDREF SUNBUG:4458476
  DESC add Xview library, rephrase

INFERRED ACTION: CAN-2001-0526 ACCEPT_REV (3 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(3) Baker, Frech, Dik
   NOOP(4) Wall, Foat, Cole, Ziese
   REVIEWING(1) Bishop

Voter Comments:
 Dik> sub bug: 4458476
 Dik> sub bug: 4458476
   Bug in the Xview library
 Dik> sun bug: 4458476
   Bug in the Xview library


======================================================
Candidate: CAN-2001-0527
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0527
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
Reference: XF:dcforum-cgi-admin-access(6538)
Reference: URL:http://xforce.iss.net/static/6538.php
Reference: BID:2728
Reference: URL:http://online.securityfocus.com/bid/2728

DCScripts DCForum versions 2000 and earlier allow a remote attacker to
gain additional privileges by inserting pipe symbols (|) and newlines
into the last name in the registration form, which will create an
extra entry in the registration database.


Modifications:
  ADDREF BID:2728

INFERRED ACTION: CAN-2001-0527 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0528
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0528
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
Reference: BID:2694
Reference: URL:http://www.securityfocus.com/bid/2694
Reference: XF:oracle-adi-plaintext-passwords(6501)
Reference: URL:http://xforce.iss.net/static/6501.php

Oracle E-Business Suite Release 11i Applications Desktop Integrator
(ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which
logs the APPS schema password in cleartext in a debug file, which
allows local users to obtain the password and gain privileges.

INFERRED ACTION: CAN-2001-0528 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0529
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010604 SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
Reference: BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info
Reference: URL:http://online.securityfocus.com/archive/1/188737
Reference: NETBSD:NetBSD-SA2001-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
Reference: CALDERA:CSSA-2001-023.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
Reference: CERT-VN:VU#655259
Reference: URL:http://www.kb.cert.org/vuls/id/655259
Reference: OPENBSD:20010612
Reference: URL:http://www.openbsd.org/errata29.html
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: CONECTIVA:CLA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: BID:2825
Reference: URL:http://www.securityfocus.com/bid/2825
Reference: XF:openssh-symlink-file-deletion(6676)
Reference: URL:http://xforce.iss.net/static/6676.php

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a
local attacker to delete any file named 'cookies' via a symlink
attack.


Modifications:
  ADDREF XF:openssh-symlink-file-deletion(6676)
  ADDREF BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info
  ADDREF CERT-VN:VU#655259
  ADDREF OPENBSD:20010612
  ADDREF IMMUNIX:IMNX-2001-70-034-01
  ADDREF CONECTIVA:CLA-2001:431

INFERRED ACTION: CAN-2001-0529 ACCEPT (5 accept, 4 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:openssh-symlink-file-deletion(6676)


======================================================
Candidate: CAN-2001-0530
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0530
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010618
Category: SF
Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
Reference: BUGTRAQ:20010607 SpearHead Security NetGAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
Reference: BID:2798
Reference: URL:http://www.securityfocus.com/bid/2798
Reference: XF:netgap-unicode-bypass-filter(6625)
Reference: URL:http://xforce.iss.net/static/6625.php

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker
to bypass file blocking and content inspection via specially encoded
URLs which include '%' characters.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0530 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0533
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0533
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010619
Category: SF
Reference: IBM:MSS-OAR-E01-2001:271.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt
Reference: XF:aix-libi18n-lang-bo(6863)
Reference: URL:http://xforce.iss.net/static/6863.php
Reference: CIAC:L-123
Reference: URL:http://www.ciac.org/ciac/bulletins/l-123.shtml

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows
local users to gain root privileges via a long LANG environmental
variable.


Modifications:
  ADDREF XF:aix-libi18n-lang-bo(6863)
  ADDREF CIAC:L-123

INFERRED ACTION: CAN-2001-0533 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Bollinger, Foat, Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:aix-libi18n-lang-bo(6863)


======================================================
Candidate: CAN-2001-0537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0537
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010628
Category: SF
Reference: CISCO:20010627 IOS HTTP authorization vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Reference: CERT:CA-2001-14
Reference: URL:http://www.cert.org/advisories/CA-2001-14.html
Reference: BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
Reference: BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
Reference: URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
Reference: BUGTRAQ:20010702 Cisco device HTTP exploit...
Reference: URL:http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
Reference: BUGTRAQ:20010702 ios-http-auth.sh
Reference: URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
Reference: XF:cisco-ios-admin-access(6749)
Reference: URL:http://xforce.iss.net/static/6749.php
Reference: BID:2936
Reference: URL:http://www.securityfocus.com/bid/2936

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass
authentication and execute arbitrary commands, when local
authorization is being used, by specifying a high access level in the
URL.


Modifications:
  ADDREF XF:cisco-ios-admin-access(6749)
  DESC rephrase
  ADDREF BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
  ADDREF BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
  ADDREF BUGTRAQ:20010702 Cisco device HTTP exploit...
  ADDREF BUGTRAQ:20010702 ios-http-auth.sh
  ADDREF BID:2936

INFERRED ACTION: CAN-2001-0537 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:cisco-ios-admin-access(6749)
 Christey> BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
   URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
   BUGTRAQ:20010702 Cisco device HTTP exploit...
   http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
   BID:2936
   URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=2936
   BUGTRAQ:20010702 ios-http-auth.sh
   URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
   BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
   URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com

   One of the followup posts indicates that the "...." may have
   been Cisco's shorthand for a portion of the URL, and not an
   aspect of the problem itself, which (as described in the above
   references) deals with specifying high access levels in the
   request.


======================================================
Candidate: CAN-2001-0538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0538
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010710
Category: SF
Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2
Reference: NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862
Reference: MS:MS01-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp
Reference: CIAC:L-113
Reference: URL:http://www.ciac.org/ciac/bulletins/l-113.shtml
Reference: CERT-VN:VU#131569
Reference: URL:http://www.kb.cert.org/vuls/id/131569
Reference: XF:outlook-activex-view-control(6831)
Reference: URL:http://xforce.iss.net/static/6831.php
Reference: BID:3025
Reference: URL:http://online.securityfocus.com/bid/3025

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and
earlier allows remote attackers to execute arbitrary commands via a
malicious HTML e-mail message or web page.


Modifications:
  ADDREF XF:outlook-activex-view-control(6831)
  ADDREF CIAC:L-113
  ADDREF CERT-VN:VU#131569
  ADDREF NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control
  ADDREF BID:3025

INFERRED ACTION: CAN-2001-0538 ACCEPT (7 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Foat, Cole, Ziese, Stracener, Balinsky
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:outlook-activex-view-control(6831)


======================================================
Candidate: CAN-2001-0540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0540
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-040.asp
Reference: BID:3099
Reference: URL:http://online.securityfocus.com/bid/3099
Reference: XF:win-terminal-rdp-dos(6912)
Reference: URL:http://xforce.iss.net/static/6912.php

Memory leak in Terminal servers in Windows NT and Windows 2000 allows
remote attackers to cause a denial of service (memory exhaustion) via
a large number of malformed Remote Data Protocol (RDP) requests to
port 3389.


Modifications:
  ADDREF BID:3099
  ADDREF XF:win-terminal-rdp-dos(6912)

INFERRED ACTION: CAN-2001-0540 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win-terminal-rdp-dos(6912)


======================================================
Candidate: CAN-2001-0541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0541
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187001
Reference: MS:MS01-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-042.asp
Reference: XF:mediaplayer-nsc-bo(6907)
Reference: URL:http://xforce.iss.net/static/6907.php
Reference: BID:3105
Reference: URL:http://www.securityfocus.com/bid/3105

Buffer overflow in Microsoft Windows Media Player 7.1 and earlier
allows remote attackers to execute arbitrary commands via a malformed
Windows Media Station (.NSC) file.


Modifications:
  ADDREF XF:mediaplayer-nsc-bo(6907)
  ADDREF BID:3105

INFERRED ACTION: CAN-2001-0541 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Prosser, Wall, Baker, Foat, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Prosser> MS01-042
 Frech> XF:mediaplayer-nsc-bo(6907)
 Christey> BID:3105
   URL:http://www.securityfocus.com/bid/3105
   Also, need to ask Microsoft if this is the original
   report of the problem:
   BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
   URL:http://www.securityfocus.com/archive/1/187001


======================================================
Candidate: CAN-2001-0543
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0543
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:MS01-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-043.asp
Reference: XF:win-nntp-dos(6977)
Reference: URL:http://xforce.iss.net/static/6977.php
Reference: BID:3183
Reference: URL:http://online.securityfocus.com/bid/3183

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows
remote attackers to cause a denial of service (memory exhaustion) via
a large number of malformed posts.


Modifications:
  ADDREF XF:win-nntp-dos(6977)
  ADDREF BID:3183

INFERRED ACTION: CAN-2001-0543 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win-nntp-dos(6977)


======================================================
Candidate: CAN-2001-0544
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0544
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: XF:iis-invalid-mime-header-dos(6983)
Reference: URL:http://xforce.iss.net/static/6983.php
Reference: BID:3195
Reference: URL:http://online.securityfocus.com/bid/3195

IIS 5.0 allows local users to cause a denial of service (hang) via by
installing content that produces a certain invalid MIME Content-Type
header, which corrupts the File Type table.


Modifications:
  ADDREF XF:iis-invalid-mime-header-dos(6983)
  ADDREF CIAC:L-132
  ADDREF BID:3195

INFERRED ACTION: CAN-2001-0544 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-invalid-mime-header-dos(6983)


======================================================
Candidate: CAN-2001-0545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0545
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: XF:iis-url-redirection-dos(6981)
Reference: URL:http://xforce.iss.net/static/6981.php
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml

IIS 4.0 with URL redirection enabled allows remote attackers to cause
a denial of service (crash) via a malformed request that specifies a
length that is different than the actual length.


Modifications:
  ADDREF XF:iis-url-redirection-dos(6981)
  ADDREF CIAC:L-132

INFERRED ACTION: CAN-2001-0545 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:iis-url-redirection-dos(6981)


======================================================
Candidate: CAN-2001-0546
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0546
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp
Reference: XF:isa-h323-gatekeeper-dos(6989)
Reference: URL:http://xforce.iss.net/static/6989.php
Reference: BID:3196
Reference: URL:http://online.securityfocus.com/bid/3196

Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security
and Acceleration (ISA) Server 2000 allows remote attackers to cause a
denial of service (resource exhaustion) via a large amount of
malformed H.323 data.


Modifications:
  CHANGEREF MS fix typo
  ADDREF XF:isa-h323-gatekeeper-dos(6989)
  ADDREF BID:3196

INFERRED ACTION: CAN-2001-0546 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:isa-h323-gatekeeper-dos(6989)


======================================================
Candidate: CAN-2001-0547
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0547
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010829
Assigned: 20010710
Category: SF
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp
Reference: XF:isa-proxy-memory-leak-dos(6990)
Reference: URL:http://xforce.iss.net/static/6990.php
Reference: BID:3197
Reference: URL:http://online.securityfocus.com/bid/3197

Memory leak in the proxy service in Microsoft Internet Security and
Acceleration (ISA) Server 2000 allows local attackers to cause a
denial of service (resource exhaustion).


Modifications:
  CHANGEREF MS fix typo
  ADDREF XF:isa-proxy-memory-leak-dos(6990)
  ADDREF BID:3197

INFERRED ACTION: CAN-2001-0547 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:isa-proxy-memory-leak-dos(6990)


======================================================
Candidate: CAN-2001-0549
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0549
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010718
Category: SF
Reference: CERT-VN:VU#814187
Reference: URL:http://www.kb.cert.org/vuls/id/814187
Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html
Reference: XF:liveupdate-obtain-proxy-password(7013)
Reference: URL:http://xforce.iss.net/static/7013.php

Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a
registry key, which could allow local users to obtain the passwords.


Modifications:
  ADDREF XF:liveupdate-obtain-proxy-password(7013)

INFERRED ACTION: CAN-2001-0549 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Prosser, Foat, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Ziese

Voter Comments:
 Frech> XF:liveupdate-obtain-proxy-password(7013)


======================================================
Candidate: CAN-2001-0554
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0554
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010724
Category: SF
Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/197804
Reference: BUGTRAQ:20010725 Telnetd AYT overflow scanner
Reference: URL:http://online.securityfocus.com/archive/1/199496
Reference: BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/203000
Reference: BUGTRAQ:20010725 SCO - Telnetd AYT overflow ?
Reference: URL:http://online.securityfocus.com/archive/1/199541
Reference: CERT:CA-2000-21
Reference: URL:http://www.cert.org/advisories/CA-2001-21.html
Reference: FREEBSD:FreeBSD-SA-01:49
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
Reference: NETBSD:NetBSD-SA2001-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
Reference: SGI:20010801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
Reference: HP:HPSBUX0110-172
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html
Reference: CALDERA:CSSA-2001-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
Reference: CALDERA:CSSA-2001-SCO.10
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
Reference: MANDRAKE:MDKSA-2001:068
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
Reference: DEBIAN:DSA-070
Reference: URL:http://www.debian.org/security/2001/dsa-070
Reference: REDHAT:RHSA-2001:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-099.html
Reference: CONECTIVA:CLA-2001:413
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
Reference: SUSE:SuSE-SA:2001:029
Reference: URL:http://www.suse.de/de/support/security/2001_029_nkitb_txt.txt
Reference: COMPAQ:SSRT0745U
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
Reference: CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Reference: IBM:MSS-OAR-E01-2001:298
Reference: URL:http://online.securityfocus.com/advisories/3476
Reference: BID:3064
Reference: URL:http://www.securityfocus.com/bid/3064
Reference: XF:telnetd-option-telrcv-bo(6875)
Reference: URL:http://xforce.iss.net/static/6875.php

Buffer overflow in BSD-based telnetd telnet daemon on various
operating systems allows remote attackers to execute arbitrary
commands via a set of options including AYT (Are You There), which is
not properly handled by the telrcv function.


Modifications:
  ADDREF SGI:20010801-01-P
  ADDREF HP:HPSBUX0110-172
  ADDREF XF:telnetd-option-telrcv-bo(6875)
  ADDREF CALDERA:CSSA-2001-030.0
  ADDREF MANDRAKE:MDKSA-2001:068
  ADDREF DEBIAN:DSA-070
  ADDREF BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
  ADDREF REDHAT:RHSA-2001:099
  ADDREF CONECTIVA:CLA-2001:413
  ADDREF SUSE:SuSE-SA:2001:029
  ADDREF COMPAQ:SSRT0745U
  ADDREF CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability
  ADDREF IBM:MSS-OAR-E01-2001:298
  ADDREF BUGTRAQ:20010725 SCO - Telnetd AYT overflow ?
  ADDREF CALDERA:CSSA-2001-SCO.10
  ADDREF BUGTRAQ:20010725 Telnetd AYT overflow scanner

INFERRED ACTION: CAN-2001-0554 ACCEPT (5 accept, 12 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Ziese, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> *********************************************************************
   Note that this candidate was inadvertently used in Microsoft bulletin
   MS01-044, for an unrelated vulnerability.  The BSD telnetd
   buffer overflow is the correct vulnerability for CAN-2001-0554.
   A different candidate will be used for the problem described
   in the Microsoft bulletin.
   *********************************************************************
 Christey> SGI:20010801-01-P
   URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
 Frech> XF:telnetd-option-telrcv-bo(6875)
 Christey> HP:HPSBUX0110-172
   URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html


======================================================
Candidate: CAN-2001-0558
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0558
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Jana server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
Reference: XF:jana-server-device-dos(6521)
Reference: URL:http://xforce.iss.net/static/6521.php
Reference: BID:2704
Reference: URL:http://www.securityfocus.com/bid/2704

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote
attacker to create a denial of service via a URL request which
includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

INFERRED ACTION: CAN-2001-0558 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(3) Wall, Foat, Bishop

Voter Comments:
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0559
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0559
Final-Decision:
Interim-Decision: 20020301
Modified: 20020223-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Vixie cron vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183029
Reference: DEBIAN:DSA-054
Reference: URL:http://www.debian.org/security/2001/dsa-054
Reference: MANDRAKE:MDKSA-2001:050
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
Reference: SUSE:SuSE-SA:2001:17
Reference: URL:http://www.suse.de/de/support/security/2001_017_cron_txt.txt
Reference: BID:2687
Reference: URL:http://www.securityfocus.com/bid/2687
Reference: XF:vixie-cron-gain-privileges(6508)
Reference: URL:http://xforce.iss.net/static/6508.php

crontab in Vixie cron 3.0.1 and earlier does not properly drop
privileges after the failed parsing of a modification operation, which
could allow a local attacker to gain additional privileges when an
editor is called to correct the error.


Modifications:
  CHANGEREF XF [normalize]

INFERRED ACTION: CAN-2001-0559 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat

Voter Comments:
 Ziese> HAS-INDEPENDENT-CONFIRMATION


======================================================
Candidate: CAN-2001-0560
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0560
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010210 vixie cron possible local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
Reference: AIXAPAR:IY17048
Reference: AIXAPAR:IY17261
Reference: MANDRAKE:MDKSA-2001:022
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
Reference: REDHAT:RHSA-2001-014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html
Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
Reference: XF:vixie-crontab-bo(6098)
Reference: URL:http://xforce.iss.net/static/6098.php

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local
attacker to gain additional privileges via a long username (> 20
characters).

INFERRED ACTION: CAN-2001-0560 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Williams, Baker, Bollinger, Frech, Bishop, Ziese
   NOOP(3) Wall, Foat, Cole

Voter Comments:
 Bollinger> I only verified the AIX vulnerability and fix.  Although AIX
   allows members of group security to create users, I doubt this is
   exploitable by a non-root user because the user creation commands
   limit usernames to 8 characters.


======================================================
Candidate: CAN-2001-0563
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0563
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
Reference: XF:electrocomm-telnet-dos(6514)
Reference: URL:http://xforce.iss.net/static/6514.php
Reference: BID:2706
Reference: URL:http://www.securityfocus.com/bid/2706

ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a
remote attacker to create a denial of service via large (> 160000
character) strings sent to port 23.

INFERRED ACTION: CAN-2001-0563 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(3) Wall, Foat, Bishop

Voter Comments:
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0564
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0564
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html
Reference: MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
Reference: XF:apc-telnet-dos(6199)
Reference: URL:http://xforce.iss.net/static/6199.php
Reference: BID:2430
Reference: URL:http://www.securityfocus.com/bid/2430

APC Web/SNMP Management Card prior to Firmware 310 only supports one
telnet connection, which allows a remote attacker to create a denial
of service via repeated failed logon attempts which temporarily locks
the card.


Modifications:
  ADDREF MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
  ADDREF XF:apc-telnet-dos(6199)
  ADDREF BID:2430

INFERRED ACTION: CAN-2001-0564 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Williams, Baker
   MODIFY(1) Frech
   NOOP(5) Wall, Foat, Cole, Bishop, Ziese

Voter Comments:
 Frech> XF:apc-telnet-dos(6199)
   CONFIRM:http://www.apc.com/tools/download/
 Baker> ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/relnotes.txt
   ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
   ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/events.pdf
   ftp://ftp.apcftp.com/hardware/webcard/firmware/dp3e/v301/addendum.pdf

   The notes indicate you can access the card via serial connection, web,
   ftp, snmp, telnet simultaneously, but not multiple instances of each
   type.  Another side issue here is the default admin username/password
   on all the services of .....drum roll please.....  apc/apc


======================================================
Candidate: CAN-2001-0565
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0565
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
Reference: BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC)
Reference: URL:http://online.securityfocus.com/archive/1/184210
Reference: SUNBUG:4452732
Reference: XF:solaris-mailx-f-bo(8246)
Reference: URL:http://xforce.iss.net/static/8246.php
Reference: CERT-VN:VU#446864
Reference: URL:http://www.kb.cert.org/vuls/id/446864
Reference: BID:2610
Reference: URL:http://www.securityfocus.com/bid/2610

Buffer overflow in mailx in Solaris 8 and earlier allows a local
attacker to gain additional privileges via a long '-F' command line
option.


Modifications:
  ADDREF SUNBUG:4452732
  DELREF XF:mailx-bo(6181)
  ADDREF XF:solaris-mailx-f-bo(8246)
  ADDREF CERT-VN:VU#446864
  ADDREF BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC)
  ADDREF BID:2610

INFERRED ACTION: CAN-2001-0565 ACCEPT_REV (3 accept, 2 ack, 1 review)

Current Votes:
   ACCEPT(3) Foat, Frech, Dik
   NOOP(4) Christey, Wall, Cole, Ziese
   REVIEWING(1) Bishop

Voter Comments:
 Dik> sun bug : 4452732
 Christey> Reference changes, thanks to ISS.
   CHANGEREF XF solaris-mailx-f-bo(8246)
   ADDREF BID:2610
   BUGTRAQ:20020511 Solaris /usr/bin/mailx exploit (SPARC)
   URL:http://online.securityfocus.com/archive/1/184210
   ADDREF CERT-VN:VU#446864
   URL:http://www.kb.cert.org/vuls/id/446864
   CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F41400&zone_32=4152234


======================================================
Candidate: CAN-2001-0567
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0567
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
Reference: DEBIAN:DSA-055
Reference: URL:http://www.debian.org/security/2001/dsa-055
Reference: MANDRAKE:MDKSA-2001:049
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
Reference: REDHAT:RHSA-2001:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html
Reference: CONECTIVA:CLA-2001:407
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407
Reference: XF:zope-zclass-gain-privileges(6958)
Reference: URL:http://xforce.iss.net/static/6958.php

Digital Creations Zope 2.3.2 and earlier allows a local attacker
to gain additional privileges via the changing of ZClass permission
mappings for objects and methods in the ZClass.


Modifications:
  ADDREF XF:zope-zclass-gain-privileges(6958)
  ADDREF CONECTIVA:CLA-2001:407

INFERRED ACTION: CAN-2001-0567 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Frech> XF:zope-zclass-gain-privileges(6958)
 Christey> ADDREF CONECTIVA:CLA-2001:407
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407


======================================================
Candidate: CAN-2001-0573
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0573
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: AIXAPAR:IY16909
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0000.html
Reference: XF:aix-lsfs-path(7007)
Reference: URL:http://xforce.iss.net/static/7007.php
Reference: CERT-VN:VU#123651
Reference: URL:http://www.kb.cert.org/vuls/id/123651

lsfs in AIX 4.x allows a local user to gain additional privileges by
creating Trojan horse programs named (1) grep or (2) lslv in a certain
directory that is under the user's control, which cause lsfs to access
the programs in that directory.


Modifications:
  ADDREF XF:aix-lsfs-path(7007)
  ADDREF CERT-VN:VU#123651

INFERRED ACTION: CAN-2001-0573 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Bollinger, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:aix-lsfs-path(7007)
   For the version, see
   http://techsupport.services.ibm.com/cgi-bin/support/rs6000.support/fdg
   et?fixdb=aix4&srchtype=apar&hits-menu=IY16909+-+%28AIXV43+only%29+secu
   rity+risk+in+lsfs&aix_level=AIX+4.3.3&select_site=us&select_lang=ALL


======================================================
Candidate: CAN-2001-0574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0574
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010507 Advisory for MP3Mystic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
Reference: XF:mp3mystic-dot-directory-traversal(6504)
Reference: URL:http://xforce.iss.net/static/6504.php
Reference: BID:2699
Reference: URL:http://www.securityfocus.com/bid/2699

Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows
a remote attacker to download arbitrary files via a '..' (dot dot) in
the URL.

INFERRED ACTION: CAN-2001-0574 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0585
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
Reference: BID:2494
Reference: URL:http://www.securityfocus.com/bid/2494
Reference: XF:ntmail-long-url-dos(6249)
Reference: URL:http://xforce.iss.net/static/6249.php

Gordano NTMail 6.0.3c allows a remote attacker to create a denial of
service via a long (>= 255 characters) URL request to port 8000 or
port 9000.

INFERRED ACTION: CAN-2001-0585 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Williams, Cole, Frech
   NOOP(4) Wall, Foat, Bishop, Ziese

Voter Comments:
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0586
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0586
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html
Reference: XF:scanmail-reveals-credentials(6311)
Reference: URL:http://xforce.iss.net/static/6311.php

TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local
attacker to recover the administrative credentials for ScanMail via a
combination of unprotected registry keys and weakly encrypted
passwords.


Modifications:
  ADDREF XF:scanmail-reveals-credentials(6311)

INFERRED ACTION: CAN-2001-0586 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Williams, Wall, Baker
   MODIFY(1) Frech
   NOOP(4) Foat, Cole, Bishop, Ziese

Voter Comments:
 Frech> XF:scanmail-reveals-credentials(6311)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0589
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0589
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
Reference: BID:2523
Reference: URL:http://www.securityfocus.com/bid/2523
Reference: XF:netscreen-screenos-bypass-firewall(6317)
Reference: URL:http://xforce.iss.net/static/6317.php

NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and
Netscreen-100 can allow a local attacker to bypass the DMZ 'denial'
policy via specific traffic patterns.


Modifications:
  ADDREF XF:netscreen-screenos-bypass-firewall(6317)

INFERRED ACTION: CAN-2001-0589 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Williams, Baker, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:netscreen-screenos-bypass-firewall(6317)


======================================================
Candidate: CAN-2001-0590
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0590
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
Reference: HP:HPSBTL0112-004
Reference: URL:http://online.securityfocus.com/advisories/3724
Reference: XF:jakarta-tomcat-jsp-source(6971)
Reference: URL:http://xforce.iss.net/static/6971.php

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a
remote attacker to read the source code to arbitrary 'jsp' files via a
malformed URL request which does not end with an HTTP protocol
specification (i.e. HTTP/1.0).


Modifications:
  ADDREF XF:jakarta-tomcat-jsp-source(6971)
  DESC End sentence with a period.
  ADDREF HP:HPSBTL0112-004

INFERRED ACTION: CAN-2001-0590 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF: jakarta-tomcat-jsp-source(6971)
   Description sentence should end with a period. :-)


======================================================
Candidate: CAN-2001-0591
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0591
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html
Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
Reference: BID:2286
Reference: URL:http://www.securityfocus.com/bid/2286
Reference: XF:oracle-handlers-directory-traversal(5986)
Reference: URL:http://xforce.iss.net/static/5986.php

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1
and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read
or execute arbitrary .jsp files via a '..' (dot dot) attack.


Modifications:
  ADDREF XF:oracle-handlers-directory-traversal(5986)

INFERRED ACTION: CAN-2001-0591 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Williams, Wall, Baker, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:oracle-handlers-directory-traversal(5986)


======================================================
Candidate: CAN-2001-0593
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0593
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010327 advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
Reference: MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
Reference: BID:2512
Reference: URL:http://www.securityfocus.com/bid/2512
Reference: XF:anaconda-clipper-directory-traversal(6286)
Reference: URL:http://xforce.iss.net/static/6286.php

Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to
read arbitrary files via a '..' (dot dot) attack in the template
parameter.


Modifications:
  ADDREF MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip

INFERRED ACTION: CAN-2001-0593 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Williams, Cole, Frech, Bishop
   NOOP(4) Christey, Wall, Foat, Ziese

Voter Comments:
 Christey> Confirmation request sent to support@anaconda.net 2/25/2002.


======================================================
Candidate: CAN-2001-0594
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0594
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010409 Solaris kcms_configure vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html
Reference: SUNBUG:4199722
Reference: BID:2558
Reference: URL:http://www.securityfocus.com/bid/2558
Reference: XF:solaris-kcms-command-bo(6359)
Reference: URL:http://xforce.iss.net/static/6359.php

kcms_configure as included with Solaris 7 and 8 allows a local
attacker to gain additional privileges via a buffer overflow in a
command line argument.


Modifications:
  ADDREF SUNBUG:4199722

INFERRED ACTION: CAN-2001-0594 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Baker, Foat, Cole, Frech, Dik, Bishop, Ziese
   NOOP(1) Wall

Voter Comments:
 Dik> sun bug: 4199722


======================================================
Candidate: CAN-2001-0595
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0595
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
Reference: SUNBUG:4415570
Reference: XF:solaris-kcssunwiosolf-bo(6365)
Reference: URL:http://xforce.iss.net/static/6365.php
Reference: BID:2605
Reference: URL:http://online.securityfocus.com/bid/2605

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8
allows local attackers to execute arbitrary commands via the
KCMS_PROFILES environmental variable, e.g. in the kcms_configure
program.as with the kcms_configure program.


Modifications:
  ADDREF SUNBUG:4415570
  ADDREF BID:2605

INFERRED ACTION: CAN-2001-0595 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Frech, Dik, Bishop
   NOOP(3) Wall, Cole, Ziese

Voter Comments:
 Dik> sun bug: 4415570


======================================================
Candidate: CAN-2001-0596
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0596
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010409 Netscape 4.76 gif comment flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98685237415117&w=2
Reference: DEBIAN:DSA-051
Reference: URL:http://www.debian.org/security/2001/dsa-051
Reference: CONECTIVA:CLA-2001:393
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
Reference: REDHAT:RHSA-2001:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-046.html
Reference: XF:netscape-javascript-access-data(6344)
Reference: URL:http://xforce.iss.net/static/6344.php
Reference: BID:2637
Reference: URL:http://online.securityfocus.com/bid/2637
Reference: IMMUNIX:IMNX-2001-70-014-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01

Netscape Communicator before 4.77 allows remote attackers to execute
arbitrary Javascript via a GIF image whose comment contains the
Javascript.


Modifications:
  ADDREF BID:2637
  ADDREF IMMUNIX:IMNX-2001-70-014-01
  DESC Rephrase

INFERRED ACTION: CAN-2001-0596 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Frech, Bishop
   NOOP(2) Foat, Ziese

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0611
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0611
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
Reference: BID:2723
Reference: URL:http://www.securityfocus.com/bid/2723
Reference: XF:becky-mail-message-bo(6531)
Reference: URL:http://xforce.iss.net/static/6531.php

Becky! 2.00.05 and earlier can allow a remote attacker to gain
additional privileges via a buffer overflow attack on long messages
without newline characters.

INFERRED ACTION: CAN-2001-0611 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0613
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0613
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
Reference: XF:omnihttpd-post-dos(6540)
Reference: URL:http://xforce.iss.net/static/6540.php
Reference: BID:2730
Reference: URL:http://www.securityfocus.com/bid/2730

Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a
remote attacker to create a denial of service via a long POST URL
request.


Modifications:
  DESC remove minor details
  ADDREF MISC:http://www.omnicron.ca/httpd/docs/release.html

INFERRED ACTION: CAN-2001-0613 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(3) Wall, Foat, Bishop

Voter Comments:
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0615
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0615
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2776
Reference: URL:http://www.securityfocus.com/bid/2776
Reference: XF:freestyle-chat-directory-traversal(6601)
Reference: URL:http://xforce.iss.net/static/6601.php

Directory traversal vulnerability in Faust Informatics Freestyle Chat
server prior to 4.1 SR3 allows a remote attacker to read arbitrary
files via a specially crafted URL which includes variations of a '..'
(dot dot) attack such as '...' or '....'.

INFERRED ACTION: CAN-2001-0615 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0616
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0616
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2777
Reference: URL:http://www.securityfocus.com/bid/2777
Reference: XF:freestyle-chat-device-dos(6602)
Reference: URL:http://xforce.iss.net/static/6602.php

Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a
remote attacker to create a denial of service via a URL request which
includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).

INFERRED ACTION: CAN-2001-0616 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0621
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0621
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
Reference: CIAC:L-085
Reference: URL:http://www.ciac.org/ciac/bulletins/l-085.shtml
Reference: XF:cisco-css-ftp-commands(6557)
Reference: URL:http://xforce.iss.net/static/6557.php
Reference: BID:2745
Reference: URL:http://online.securityfocus.com/bid/2745

The FTP server on Cisco Content Service 11000 series switches (CSS)
before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an
FTP user to read and write arbitrary files via GET or PUT commands.


Modifications:
  ADDREF CIAC:L-085
  ADDREF BID:2745
  CHANGEREF CISCO fix title

INFERRED ACTION: CAN-2001-0621 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Bishop, Ziese
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0622
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0622
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml
Reference: XF:cisco-css-web-management(6631)
Reference: URL:http://xforce.iss.net/static/6631.php
Reference: BID:2806
Reference: URL:http://www.securityfocus.com/bid/2806

The web management service on Cisco Content Service series 11000
switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote
attacker to gain additional privileges by directly requesting the web
management URL instead of navigating through the interface.


Modifications:
  CHANGEREF CISCO [fix title]
  DESC fix typo
  ADDREF XF:cisco-css-web-management(6631)
  ADDREF BID:2806

INFERRED ACTION: CAN-2001-0622 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:cisco-css-web-management(6631)
 Christey> fix "the the" typo


======================================================
Candidate: CAN-2001-0625
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0625
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html
Reference: XF:inoculateit-ftpdownload-symlink(6607)
Reference: URL:http://xforce.iss.net/static/6607.php
Reference: BID:2778
Reference: URL:http://www.securityfocus.com/bid/2778

ftpdownload in Computer Associates InoculateIT 6.0 allows a local
attacker to overwrite arbitrary files via a symlink attack on
/tmp/ftpdownload.log .

INFERRED ACTION: CAN-2001-0625 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Prosser, Frech, Bishop, Ziese
   NOOP(3) Wall, Foat, Cole

Voter Comments:
 Prosser> From the Bugtraq ID 2778 solution.  CA acknowledges the problem for UNIX/Linux versions and provides link to solution download.
 CHANGE> [Bishop changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0626
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0626
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
Reference: BID:2488
Reference: URL:http://www.securityfocus.com/bid/2488
Reference: XF:website-pro-dir-path(3839)
Reference: URL:http://xforce.iss.net/static/3839.php

O'Reilly Website Professional 2.5.4 and earlier allows remote
attackers to determine the physical path to the root directory via a
URL request containing a ":" character.


Modifications:
  ADDREF XF:website-pro-dir-path(3839)

INFERRED ACTION: CAN-2001-0626 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Williams, Prosser, Baker
   MODIFY(1) Frech
   NOOP(5) Wall, Foat, Cole, Bishop, Ziese

Voter Comments:
 Frech> XF:website-pro-dir-path(3839)
   Possible duplicate with CAN-2000-0066: WebSite Pro allows
   remote attackers to determine the real pathname of web directories
   via a malformed URL request.
 Baker> I am not sure it is the same.  2000-0066 discusses modifying a Get
   statement with a space before the last backslash of the command line
   which results in those versions disclosing the real path in the 404
   message.  Could be same, but could be different.  Now that O'Reilley
   has turned it over to Deerfield, we could lose the old release notes...
   Nothing is yet available at website.deerfield.com
 Williams> this is NOT the same as the 2000-0066 issue.  exploit is slightly different and affects different versions of the product.  the solution is the same for both though - install freely available WSAPI extensions that allow custom 404 error messages.
 CHANGE> [Baker changed vote from REVIEWING to ACCEPT]
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0627
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html
Reference: CALDERA:CSSA-2001-SCO.17
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.17/CSSA-2001-SCO.17.txt
Reference: CERT-VN:VU#747736
Reference: URL:http://www.kb.cert.org/vuls/id/747736
Reference: BID:2752
Reference: URL:http://www.securityfocus.com/bid/2752
Reference: XF:sco-openserver-vi-symlink(6588)
Reference: URL:http://xforce.iss.net/static/6588.php

vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker
to overwrite arbitrary files via a symlink attack.


Modifications:
  ADDREF XF:sco-openserver-vi-symlink(6588)
  ADDREF CERT-VN:VU#747736
  ADDREF CALDERA:CSSA-2001-SCO.17

INFERRED ACTION: CAN-2001-0627 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ziese
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Bishop

Voter Comments:
 Frech> XF:sco-openserver-vi-symlink(6588)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0628
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: MSKB:Q274228
Reference: URL:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp
Reference: BID:2760
Reference: URL:http://www.securityfocus.com/bid/2760
Reference: XF:word-asd-macro-execution(6614)
Reference: URL:http://xforce.iss.net/static/6614.php

Microsoft Word 2000 does not check AutoRecovery (.asd) files for
macros, which allows a local attacker to execute arbitrary macros with
the user ID of the Word user.


Modifications:
  DESC rephrase

INFERRED ACTION: CAN-2001-0628 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Foat, Cole, Frech, Bishop, Ziese


======================================================
Candidate: CAN-2001-0629
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0629
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html
Reference: HP:HPSBUX0107-158
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0006.html
Reference: BID:2761
Reference: URL:http://www.securityfocus.com/bid/2761
Reference: XF:openview-nnm-ecsd-bo(6582)
Reference: URL:http://xforce.iss.net/static/6582.php

HP Event Correlation Service (ecsd) as included with OpenView Network Node
Manager 6.1 allows a remote attacker to gain addition privileges via
a buffer overflow attack in the '-restore_config' command line parameter.

INFERRED ACTION: CAN-2001-0629 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Bishop, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0630
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010523 Vulnerability in viewsrc.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
Reference: BID:2762
Reference: URL:http://www.securityfocus.com/bid/2762
Reference: XF:viewsrc-cgi-view-files(6583)
Reference: URL:http://xforce.iss.net/static/6583.php

Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a
remote attacker to read arbitrary files via a '..' (dot dot) attack in
the 'loc' variable.


Modifications:
  ADDREF XF:viewsrc-cgi-view-files(6583)

INFERRED ACTION: CAN-2001-0630 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ziese
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Foat, Bishop

Voter Comments:
 Frech> XF:viewsrc-cgi-view-files(6583)
 CHANGE> [Bishop changed vote from REVIEWING to NOOP]
 Christey> I verified this via code review.


======================================================
Candidate: CAN-2001-0631
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0631
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html
Reference: XF:centrinity-firstclass-email-spoofing(6192)
Reference: URL:http://xforce.iss.net/static/6192.php
Reference: BID:2423
Reference: URL:http://www.securityfocus.com/bid/2423

Centrinity First Class Internet Services 5.50 allows for the
circumventing of the default 'spam' filters via the presence of '<@>'
in the 'From:' field, which allows remote attackers to send spoofed
email with the identity of local users.


Modifications:
  ADDREF XF:centrinity-firstclass-email-spoofing(6192)
  ADDREF BID:2423

INFERRED ACTION: CAN-2001-0631 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Prosser, Baker, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(3) Williams, Wall, Foat

Voter Comments:
 Frech> XF:centrinity-firstclass-email-spoofing(6192)
 Prosser> http://www.securityfocus.com/bid/2423. Vendor acknowledged and says fix will be in next upgrade.
 CHANGE> [Williams changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0634
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0634
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: CF
Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html
Reference: XF:chilisoft-asp-license-dos(6176)
Reference: URL:http://xforce.iss.net/static/6176.php
Reference: BID:2409
Reference: URL:http://www.securityfocus.com/bid/2409

Sun Chili!Soft ASP has weak permissions on various configuration
files, which allows a local attacker to gain additional privileges and
create a denial of service.


Modifications:
  ADDREF XF:chilisoft-asp-license-dos(6176)
  DESC rephrase
  ADDREF BID:2409

INFERRED ACTION: CAN-2001-0634 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Williams, Baker, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:chilisoft-asp-license-dos(6176)


======================================================
Candidate: CAN-2001-0635
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0635
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010727
Assigned: 20010727
Category: SF
Reference: REDHAT:RHSA-2001:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-058.html
Reference: XF:mount-swap-world-readable(6493)
Reference: URL:http://xforce.iss.net/static/6493.php

Red Hat Linux 7.1 sets insecure permissions on swap files created
during installation, which can allow a local attacker to gain
additional privileges by reading sensitive information from the swap
file, such as passwords.


Modifications:
  ADDREF XF:mount-swap-world-readable(6493)

INFERRED ACTION: CAN-2001-0635 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mount-swap-world-readable(6493)


======================================================
Candidate: CAN-2001-0641
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0641
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010513 RH 7.0:/usr/bin/man exploit: gid man + more
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
Reference: BUGTRAQ:20010612 man 1.5h10 + man 1.5i-4 exploits
Reference: URL:http://www.securityfocus.com/archive/1/190136
Reference: REDHAT:RHSA-2001:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-069.html
Reference: SUSE:SuSE-SA:2001:019
Reference: URL:http://www.suse.de/de/support/security/2001_019_man_txt.txt
Reference: XF:man-s-bo(6530)
Reference: URL:http://xforce.iss.net/static/6530.php
Reference: BID:2711
Reference: URL:http://www.securityfocus.com/bid/2711

Buffer overflow in man program in various distributions of Linux
allows local user to execute arbitrary code as group man via a long -S
option.

INFERRED ACTION: CAN-2001-0641 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0644
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0644
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: BID:2718
Reference: URL:http://www.securityfocus.com/bid/2718
Reference: XF:rumpus-plaintext-passwords(6543)
Reference: URL:http://xforce.iss.net/static/6543.php

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in
plaintext in the "Rumpus User Database" file in the prefs folder,
which could allow attackers to gain privileges on the server.

INFERRED ACTION: CAN-2001-0644 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(3) Wall, Foat, Stracener


======================================================
Candidate: CAN-2001-0646
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0646
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: BID:2716
Reference: URL:http://www.securityfocus.com/bid/2716
Reference: XF:rumpus-long-directory-dos(6542)
Reference: URL:http://xforce.iss.net/static/6542.php

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker
to perform a denial of service (hang) by creating a directory name of
a specific length.

INFERRED ACTION: CAN-2001-0646 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Ziese, Stracener
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0648
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0648
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: BUGTRAQ:20010508 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/184215
Reference: BID:2702
Reference: URL:http://www.securityfocus.com/bid/2702
Reference: XF:phprojekt-dot-directory-traversal(6522)
Reference: URL:http://xforce.iss.net/static/6522.php

Directory traversal vulnerability in PHProjekt 2.1 and earlier allows
a remote attacker to conduct unauthorized activities via a dot dot
(..) attack on the file module.

INFERRED ACTION: CAN-2001-0648 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Frech, Ziese, Stracener
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0650
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0650
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010806
Category: SF
Reference: CISCO:20010510 Cisco IOS BGP Attribute Corruption Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml
Reference: CERT-VN:VU#106392
Reference: URL:http://www.kb.cert.org/vuls/id/106392
Reference: CIAC:L-082
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-082.shtml
Reference: XF:cisco-ios-bgp-dos(6566)
Reference: URL:http://xforce.iss.net/static/6566.php
Reference: BID:2733
Reference: URL:http://www.securityfocus.com/bid/2733

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a
crash, or bad route updates, via malformed BGP updates with
unrecognized transitive attribute.


Modifications:
  ADDREF BID:2733

INFERRED ACTION: CAN-2001-0650 ACCEPT (7 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener
   NOOP(1) Wall

Voter Comments:
 Prosser> http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml


======================================================
Candidate: CAN-2001-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0652
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010809
Category: SF
Reference: BUGTRAQ:20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99745571104126&w=2
Reference: SUNBUG:4483090
Reference: XF:solaris-xlock-bo(6967)
Reference: URL:http://xforce.iss.net/static/6967.php
Reference: BID:3160
Reference: URL:http://online.securityfocus.com/bid/3160

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to
gain root privileges via a long (1) XFILESEARCHPATH or (2)
XUSERFILESEARCHPATH environmental variable.


Modifications:
  ADDREF XF:solaris-xlock-bo(6967)
  ADDREF BID:3160
  ADDREF SUNBUG:4483090

INFERRED ACTION: CAN-2001-0652 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Foat, Dik
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Cole, Armstrong

Voter Comments:
 Frech> XF:solaris-xlock-bo(6967)
   CONFIRM:4483090 xlock buffer overflow
 Christey> CALDERA:CSSA-2001-SCO.34 may also address this problem,
   but the advisory does not have sufficient details to
   be absolutely certain.
   ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/CSSA-2001-SCO.34.txt


======================================================
Candidate: CAN-2001-0653
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0653
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010814
Category: SF
Reference: BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99841063100516&w=2
Reference: CONFIRM:http://www.sendmail.org/8.11.html
Reference: NETBSD:NetBSD-SA2001-017
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc
Reference: REDHAT:RHSA-2001-106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-106.html
Reference: MANDRAKE:MDKSA-2001:075
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3
Reference: IMMUNIX:IMNX-2001-70-032-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01
Reference: CONECTIVA:CLA-2001:412
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412
Reference: SUSE:SuSE-SA:2001:028
Reference: URL:http://www.suse.de/de/support/security/2001_028_sendmail_txt.txt
Reference: CALDERA:CSSA-2001-032.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt
Reference: CIAC:L-133
Reference: URL:http://www.ciac.org/ciac/bulletins/l-133.shtml
Reference: BID:3163
Reference: URL:http://www.securityfocus.com/bid/3163
Reference: XF:sendmail-debug-signed-int-overflow(7016)
Reference: URL:http://xforce.iss.net/static/7016.php

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to
modify process memory and possibly gain privileges via a large value
in the 'category' part of debugger (-d) command line arguments, which
is interpreted as a negative number.


Modifications:
  ADDREF XF:sendmail-debug-signed-int-overflow(7016)
  ADDREF NETBSD:NetBSD-SA2001-017
  ADDREF REDHAT:RHSA-2001-106
  ADDREF MANDRAKE:MDKSA-2001:075
  ADDREF IMMUNIX:IMNX-2001-70-032-01
  ADDREF CONECTIVA:CLA-2001:412
  ADDREF SUSE:SuSE-SA:2001:028
  ADDREF CALDERA:CSSA-2001-032.0
  ADDREF CIAC:L-133

INFERRED ACTION: CAN-2001-0653 ACCEPT (7 accept, 6 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:sendmail-debug-signed-int-overflow(7016)
 Christey> ADDREF NETBSD:NetBSD-SA2001-017
   URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc
   REDHAT:RHSA-2001-106
   URL:http://www.redhat.com/support/errata/RHSA-2001-106.html
   MANDRAKE:MDKSA-2001:075
   URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3
   IMMUNIX:IMNX-2001-70-032-01
   URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01
   CONECTIVA:CLA-2001:412
   URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412
   SUSE:SuSE-SA:2001:028
   URL:http://www.suse.de/de/support/security/2001_028_sendmail_txt.txt
   CALDERA:CSSA-2001-032.0
   URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt


======================================================
Candidate: CAN-2001-0658
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0658
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010815
Category: SF
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp
Reference: XF:isa-cross-site-scripting(6991)
Reference: URL:http://xforce.iss.net/static/6991.php
Reference: BID:3198
Reference: URL:http://online.securityfocus.com/bid/3198

Cross-site scripting (CSS) vulnerability in Microsoft Internet
Security and Acceleration (ISA) Server 2000 allows remote attackers to
cause other clients to execute certain script or read cookies via
malicious script in an invalid URL that is not properly quoted in an
error message.


Modifications:
  ADDREF XF:isa-cross-site-scripting(6991)
  ADDREF BID:3198

INFERRED ACTION: CAN-2001-0658 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:isa-cross-site-scripting(6991)


======================================================
Candidate: CAN-2001-0659
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0659
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010815
Category: SF
Reference: BUGTRAQ:20010821 IrDA semiremote vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/209385
Reference: MS:MS01-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-046.asp
Reference: XF:win2k-irda-dos(7008)
Reference: URL:http://xforce.iss.net/static/7008.php
Reference: BID:3215
Reference: URL:http://online.securityfocus.com/bid/3215

Buffer overflow in IrDA driver providing infrared data exchange on
Windows 2000 allows attackers who are physically close to the machine
to cause a denial of service (reboot) via a malformed IrDA packet.


Modifications:
  ADDREF XF:win2k-irda-dos(7008)
  ADDREF BID:3215
  ADDREF BUGTRAQ:20010821 IrDA semiremote vulnerability

INFERRED ACTION: CAN-2001-0659 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:win2k-irda-dos(7008)


======================================================
Candidate: CAN-2001-0660
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0660
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-047.asp
Reference: MSKB:Q307195
Reference: URL:http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP
Reference: XF:exchange-owa-obtain-addresses(7089)
Reference: URL:http://xforce.iss.net/static/7089.php
Reference: BID:3301
Reference: URL:http://online.securityfocus.com/bid/3301

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier,
allows remote attackers to identify valid user email addresses by
directly accessing a back-end function that processes the global
address list (GAL).


Modifications:
  ADDREF XF:exchange-owa-obtain-addresses(7089)
  ADDREF BID:3301

INFERRED ACTION: CAN-2001-0660 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:exchange-owa-obtain-addresses(7089)


======================================================
Candidate: CAN-2001-0662
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0662
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-048.asp
Reference: XF:winnt-rpc-endpoint-dos(7105)
Reference: URL:http://xforce.iss.net/static/7105.php
Reference: CIAC:L-142
Reference: URL:http://www.ciac.org/ciac/bulletins/l-142.shtml
Reference: BID:3313
Reference: URL:http://www.securityfocus.com/bid/3313

RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause
a denial of service (loss of RPC services) via a malformed request.


Modifications:
  ADDREF XF:winnt-rpc-endpoint-dos(7105)
  ADDREF CIAC:L-142
  ADDREF BID:3313

INFERRED ACTION: CAN-2001-0662 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:winnt-rpc-endpoint-dos(7105)


======================================================
Candidate: CAN-2001-0663
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0663
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011122
Assigned: 20010815
Category: SF
Reference: MS:MS01-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-052.asp
Reference: XF:win-rdp-packet-dos(7302)
Reference: URL:http://xforce.iss.net/static/7302.php
Reference: BID:3445
Reference: URL:http://online.securityfocus.com/bid/3445

Terminal Server in Windows NT and Windows 2000 allows remote
attackers to cause a denial of service via a sequence of invalid
Remote Data Protocol (RDP) packets.


Modifications:
  ADDREF XF:win-rdp-packet-dos(7302)
  ADDREF BID:3445

INFERRED ACTION: CAN-2001-0663 ACCEPT (8 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(2) Frech, Meunier
   NOOP(1) Christey

Voter Comments:
 Frech> XF:win-rdp-packet-dos(7302)
 Meunier> Unless there are two Microsoft protocols called RDP, Microsoft says it's called the "remote display protocol", not "Remote Data Protocol". http://www.microsoft.com/windows2000/techinfo/howitworks/terminal/rdpfandp.asp
 Christey> MS:MS01-052 explicitly states that RDP means "Remote Data
   Protocol," so one would assume this is correct.  MS01-040
   also uses "remote data protocol."  However, a search on
   microsoft.com for "RDP" includes "Remote Desktop Protocol"


======================================================
Candidate: CAN-2001-0664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0664
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100281551611595&w=2
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp
Reference: XF:ie-incorrect-security-zone(7258)
Reference: URL:http://xforce.iss.net/static/7258.php
Reference: BID:3420
Reference: URL:http://www.securityfocus.com/bid/3420

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass
security restrictions via malformed URLs that contain dotless IP
addresses, which causes Internet Explorer to process the page in the
Intranet Zone, which may have fewer security restrictions, aka the
"Zone Spoofing vulnerability."


Modifications:
  ADDREF XF:ie-incorrect-security-zone(7258)
  ADDREF BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
  ADDREF BID:3420

INFERRED ACTION: CAN-2001-0664 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-incorrect-security-zone(7258)


======================================================
Candidate: CAN-2001-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0665
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp
Reference: XF:ie-url-http-requests(7259)
Reference: URL:http://xforce.iss.net/static/7259.php
Reference: BID:3421
Reference: URL:http://online.securityfocus.com/bid/3421

Internet Explorer 6 and earlier allows remote attackers to cause
certain HTTP requests to be automatically executed and appear to come
from the user, which could allow attackers to gain privileges or
execute operations within web-based services, aka the "HTTP Request
Encoding vulnerability."


Modifications:
  ADDREF XF:ie-url-http-requests(7259)
  ADDREF BID:3421

INFERRED ACTION: CAN-2001-0665 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-url-http-requests(7259)


======================================================
Candidate: CAN-2001-0666
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0666
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-049.asp
Reference: XF:exchange-owa-folder-request-dos(7168)
Reference: URL:http://xforce.iss.net/static/7168.php
Reference: BID:3368
Reference: URL:http://www.securityfocus.com/bid/3368

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an
authenticated user to cause a denial of service (CPU consumption) via
a malformed OWA request for a deeply nested folder within the user's
mailbox.


Modifications:
  ADDREF XF:exchange-owa-folder-request-dos(7168)
  ADDREF BID:3368

INFERRED ACTION: CAN-2001-0666 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:exchange-owa-folder-request-dos(7168)
 Christey> ADDREF BID:3368
   URL:http://www.securityfocus.com/bid/3368


======================================================
Candidate: CAN-2001-0667
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0667
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp
Reference: CIAC:M-024
Reference: URL:http://www.ciac.org/ciac/bulletins/m-024.shtml
Reference: CERT-VN:VU#952611
Reference: URL:http://www.kb.cert.org/vuls/id/952611
Reference: XF:ie-telnet-command-execution-variant(7260)
Reference: URL:http://xforce.iss.net/static/7260.php

Internet Explorer 6 and earlier, when used with the Telnet client in
Services for Unix (SFU) 2.0, allows remote attackers to execute
commands by spawning Telnet with a log file option on the command line
and writing arbitrary code into an executable file which is later
executed, aka a new variant of the Telnet Invocation vulnerability as
described in CVE-2001-0150.


Modifications:
  ADDREF XF:ie-telnet-command-execution-variant(7260)
  ADDREF CIAC:M-024
  ADDREF CERT-VN:VU#952611

INFERRED ACTION: CAN-2001-0667 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-telnet-command-execution-variant(7260)


======================================================
Candidate: CAN-2001-0668
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0668
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010823
Category: SF
Reference: ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise93.php
Reference: HP:HPSBUX0108-163
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0047.html
Reference: CIAC:L-134
Reference: URL:http://www.ciac.org/ciac/bulletins/l-134.shtml
Reference: CERT-VN:VU#966075
Reference: URL:http://www.kb.cert.org/vuls/id/966075
Reference: CERT:CA-2001-30
Reference: URL:http://www.cert.org/advisories/CA-2001-30.html
Reference: XF:hpux-rlpd-bo(6811)
Reference: URL:http://xforce.iss.net/static/6811.php
Reference: BID:3240
Reference: URL:http://www.securityfocus.com/bid/3240

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01
through 11.11 allows remote attackers to execute arbitrary commands.


Modifications:
  ADDREF XF:hpux-rlpd-bo(6811)
  ADDREF BID:3240
  ADDREF CIAC:L-134
  ADDREF CERT-VN:VU#966075
  ADDREF CERT:CA-2001-30

INFERRED ACTION: CAN-2001-0668 ACCEPT (5 accept, 5 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Armstrong

Voter Comments:
 Frech> XF:hpux-rlpd-bo(6811)
 Christey> BID:3240
   URL:http://www.securityfocus.com/bid/3240
   CIAC:L-134
   URL:http://www.ciac.org/ciac/bulletins/l-134.shtml
   CERT-VN:VU#966075
   URL:http://www.kb.cert.org/vuls/id/966075
   CERT:CA-2001-30
   URL:http://www.cert.org/advisories/CA-2001-30.html
 Christey> BID:3240


======================================================
Candidate: CAN-2001-0670
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0670
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010827
Category: SF
Reference: ISS:20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise94.php
Reference: CERT:CA-2001-30
Reference: URL:http://www.cert.org/advisories/CA-2001-30.html
Reference: OPENBSD:20010829
Reference: URL:http://www.openbsd.com/errata28.html
Reference: CALDERA:CSSA-2001-SCO.20
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt
Reference: NETBSD:NetBSD-SA2001-018
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc
Reference: CERT-VN:VU#274043
Reference: URL:http://www.kb.cert.org/vuls/id/274043
Reference: XF:bsd-lpd-bo(7046)
Reference: URL:http://xforce.iss.net/static/7046.php
Reference: BID:3252
Reference: URL:http://www.securityfocus.com/bid/3252

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various
BSD-based operating systems allows remote attackers to execute
arbitrary code via an incomplete print job followed by a request to
display the printer queue.


Modifications:
  ADDREF XF:bsd-lpd-bo(7046)
  ADDREF CERT-VN:VU#274043
  ADDREF CERT:CA-2001-30
  ADDREF BID:3252
  ADDREF NETBSD:NetBSD-SA2001-018

INFERRED ACTION: CAN-2001-0670 ACCEPT (4 accept, 6 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:bsd-lpd-bo(7046)
 Christey> ADDREF CERT-VN:VU#274043
   http://www.kb.cert.org/vuls/id/274043
   ADDREF CERT:CA-2001-30
   URL:http://www.cert.org/advisories/CA-2001-30.html
   BID:3252
   http://www.securityfocus.com/bid/3252
 Christey> NETBSD:NetBSD-SA2001-018
 Christey> NETBSD:NetBSD-SA2001-018
   URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc


======================================================
Candidate: CAN-2001-0675
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0675
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010418 SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html
Reference: BUGTRAQ:20010421 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html
Reference: BUGTRAQ:20010423 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html
Reference: XF:thebat-pop3-dos(6423)
Reference: URL:http://xforce.iss.net/static/6423.php
Reference: BID:2636
Reference: URL:http://online.securityfocus.com/bid/2636

Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker
to cause a denial of service by sending an email to a user's account
containing a carrage return <CR> that is not followed by a line feed
<LF>.


Modifications:
  ADDREF BID:2636

INFERRED ACTION: CAN-2001-0675 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Frech, Ziese
   NOOP(2) Foat, Stracener

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0676
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0676
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release)
Reference: URL:http://www.securityfocus.com/archive/1/154359
Reference: XF:thebat-attachment-directory-traversal(5871)
Reference: URL:http://xforce.iss.net/static/5871.php

Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f
and earlier allows a remote attacker to create arbitrary files via a
"dot dot" attack in the filename for an attachment.

INFERRED ACTION: CAN-2001-0676 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Frech, Ziese
   NOOP(2) Foat, Stracener

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0677
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010418 Eudora file leakage problem (still)
Reference: URL:http://www.securityfocus.com/archive/1/177369
Reference: XF:eudora-plain-text-attachment(6431)
Reference: URL:http://xforce.iss.net/static/6431.php
Reference: BID:2616
Reference: URL:http://online.securityfocus.com/bid/2616

Eudora 5.0.2 allows a remote attacker to read arbitrary files via an
email with the path of the target file in the "Attachment Converted"
MIME header, which sends the file when the email is forwarded to the
attacker by the user.


Modifications:
  ADDREF BID:2616

INFERRED ACTION: CAN-2001-0677 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Frech, Ziese
   NOOP(2) Foat, Stracener

Voter Comments:
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0680
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0680
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/176712
Reference: BUGTRAQ:20010925 Vulnerabilities in QVT/Term
Reference: URL:http://online.securityfocus.com/archive/1/216555
Reference: XF:qpc-ftpd-directory-traversal(6375)
Reference: URL:http://xforce.iss.net/static/6375.php
Reference: BID:2618
Reference: URL:http://online.securityfocus.com/bid/2618

Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and
AVT/Term 5.0 allows a remote attacker to traverse directories on the
web server via a "dot dot" attack in a LIST (ls) command.


Modifications:
  ADDREF BID:2618
  ADDREF BUGTRAQ:20010925 Vulnerabilities in QVT/Term

INFERRED ACTION: CAN-2001-0680 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0682
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0682
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010912
Assigned: 20010829
Category: SF
Reference: NTBUGTRAQ:20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97818917222992&w=2
Reference: XF:zonealarm-mutex-dos(5821)
Reference: URL:http://xforce.iss.net/static/5821.php

ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial
of service by running a trojan to initialize a ZoneAlarm mutex object
which prevents ZoneAlarm from starting.

INFERRED ACTION: CAN-2001-0682 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Foat, Cole, Frech, Stracener, Levy
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0685
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0685
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98339581702282&w=2
Reference: CONFIRM:http://fcron.free.fr/CHANGES.html
Reference: BID:2835
Reference: URL:http://www.securityfocus.com/bid/2835
Reference: XF:fcron-tmpfile-symlink(7127)
Reference: URL:http://xforce.iss.net/static/7127.php

Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt
another user's crontab file via a symlink attack on the fcrontab
temporary file.


Modifications:
  ADDREF XF:fcron-tmpfile-symlink(7127)
  ADDREF CONFIRM:http://fcron.free.fr/CHANGES.html

INFERRED ACTION: CAN-2001-0685 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Bishop, Ziese
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Armstrong

Voter Comments:
 Frech> XF:fcron-tmpfile-symlink(7127)
 Christey> CONFIRM:http://fcron.free.fr/CHANGES.html
   The section "From version 1.1.0 to 1.1.1" says:
   "security fix : sym link attack against fcrontab."


======================================================
Candidate: CAN-2001-0686
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0686
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html
Reference: SUNBUG:4465086
Reference: BID:2819
Reference: URL:http://www.securityfocus.com/bid/2819
Reference: XF:solaris-mail-home-bo(6638)
Reference: URL:http://xforce.iss.net/static/6638.php

Buffer overflow in mail included with SunOS 5.8 for x86 allows a local
user to gain privileges via a long HOME environment variable.


Modifications:
  ADDREF XF:solaris-mail-home-bo(6638)
  ADDREF SUNBUG:4465086
  DESC rephrase

INFERRED ACTION: CAN-2001-0686 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Dik, Ziese
   MODIFY(1) Frech
   NOOP(4) Wall, Cole, Armstrong, Bishop

Voter Comments:
 Frech> XF:solaris-mail-home-bo(6638)
 Dik> sub bug: 4465086


======================================================
Candidate: CAN-2001-0690
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0690
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010606 lil' exim format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
Reference: DEBIAN:DSA-058
Reference: URL:http://www.debian.org/security/2001/dsa-058
Reference: CONECTIVA:CLA-2001:402
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
Reference: REDHAT:RHSA-2001:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-078.html
Reference: XF:exim-syntax-format-string(6671)
Reference: URL:http://xforce.iss.net/static/6671.php
Reference: BID:2828
Reference: URL:http://online.securityfocus.com/bid/2828

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in
Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote
attacker to execute arbitrary code via format strings in SMTP mail
headers.


Modifications:
  ADDREF XF:exim-syntax-format-string(6671)
  ADDREF BID:2828

INFERRED ACTION: CAN-2001-0690 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Bishop, Ziese

Voter Comments:
 Frech> XF:exim-syntax-format-string(6671)
 CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0692
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0692
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010608 WatchGuard SMTP Proxy issue
Reference: URL:http://www.securityfocus.com/archive/1/189783
Reference: BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99379787421319&w=2
Reference: XF:firebox-smtp-bypass-filter(6682)
Reference: URL:http://xforce.iss.net/static/6682.php
Reference: BID:2855
Reference: URL:http://www.securityfocus.com/bid/2855

SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a
remote attacker to bypass firewall filtering via a base64 MIME encoded
email attachment whose boundary name ends in two dashes.

INFERRED ACTION: CAN-2001-0692 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Bishop, Ziese
   NOOP(1) Foat


======================================================
Candidate: CAN-2001-0696
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0696
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: MISC:http://netwinsite.com/surgeftp/manual/updates.htm
Reference: BID:2891
Reference: URL:http://www.securityfocus.com/bid/2891
Reference: XF:surgeftp-concon-dos(6712)
Reference: URL:http://xforce.iss.net/static/6712.php

NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a
denial of service (crash) via a CD command to a directory with an
MS-DOS device name such as con.


Modifications:
  ADDREF MISC:http://netwinsite.com/surgeftp/manual/updates.htm

INFERRED ACTION: CAN-2001-0696 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Frech, Ziese
   NOOP(4) Wall, Foat, Armstrong, Bishop


======================================================
Candidate: CAN-2001-0697
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0697
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010228 SurgeFTP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/165816
Reference: WIN2KSEC:20010301 SurgeFTP 1.0b Denial of Service
Reference: URL:http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200
Reference: CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm
Reference: XF:surgeftp-listing-dos(6168)
Reference: URL:http://xforce.iss.net/static/6168.php
Reference: BID:2442
Reference: URL:http://online.securityfocus.com/bid/2442

NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a
denial of service (crash) via an 'ls ..' command.


Modifications:
  ADDREF CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm
  ADDREF BID:2442

INFERRED ACTION: CAN-2001-0697 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Ziese, Stracener
   NOOP(3) Wall, Foat, Cole

Voter Comments:
 Stracener> CONFIRM: http://www.netwinsite.com/surgeftp/manual/updates.htm


======================================================
Candidate: CAN-2001-0698
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0698
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm
Reference: BID:2892
Reference: URL:http://www.securityfocus.com/bid/2892
Reference: XF:surgeftp-nlist-directory-traversal(6711)
Reference: URL:http://xforce.iss.net/static/6711.php

Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b
allows a remote attacker to list arbitrary files and directories via
the 'nlist ...' command.


Modifications:
  ADDREF CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm

INFERRED ACTION: CAN-2001-0698 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Frech, Ziese
   NOOP(4) Wall, Foat, Armstrong, Bishop

Voter Comments:
 Frech> CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm


======================================================
Candidate: CAN-2001-0699
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0699
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192299
Reference: SUNBUG:4469366
Reference: BID:2893
Reference: URL:http://www.securityfocus.com/bid/2893
Reference: XF:sun-cbreset-bo(6726)
Reference: URL:http://xforce.iss.net/static/6726.php

Buffer overflow in cb_reset in the System Service Processor (SSP)
package of SunOS 5.8 allows a local user to execute arbitrary code via
a long argument.


Modifications:
  ADDREF SUNBUG:4469366

INFERRED ACTION: CAN-2001-0699 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Frech, Dik, Ziese
   NOOP(3) Wall, Armstrong, Bishop

Voter Comments:
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]
 Dik> sun bug: 4469366


======================================================
Candidate: CAN-2001-0700
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0700
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192371
Reference: CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
Reference: XF:w3m-mime-header-bo(6725)
Reference: URL:http://xforce.iss.net/static/6725.php
Reference: BID:2895
Reference: URL:http://www.securityfocus.com/bid/2895

Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to
execute arbitrary code via a long base64 encoded MIME header.

INFERRED ACTION: CAN-2001-0700 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Frech, Bishop, Ziese
   NOOP(3) Wall, Foat, Armstrong


======================================================
Candidate: CAN-2001-0701
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0701
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192667
Reference: SUNBUG:4469370
Reference: BID:2898
Reference: URL:http://www.securityfocus.com/bid/2898
Reference: XF:sunvts-ptexec-bo(6736)
Reference: URL:http://xforce.iss.net/static/6736.php

Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and
earlier allows a local user to gain privileges via a long -o argument.


Modifications:
  ADDREF SUNBUG:4469370

INFERRED ACTION: CAN-2001-0701 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Frech, Dik, Ziese
   NOOP(3) Wall, Armstrong, Bishop

Voter Comments:
 Dik> Sun bug: 4469370


======================================================
Candidate: CAN-2001-0706
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0706
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20010829
Assigned: 20010829
Category: SF
Reference: BUGTRAQ:20010612 Rumpus FTP DoS vol. 2
Reference: URL:http://www.securityfocus.com/archive/1/190932
Reference: XF:rumpus-ftp-directory-dos(6699)
Reference: URL:http://xforce.iss.net/static/6699.php
Reference: BID:2864
Reference: URL:http://www.securityfocus.com/bid/2864

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to
cause a denial of service (crash) via a mkdir command that specifies a
large number of sub-folders.

INFERRED ACTION: CAN-2001-0706 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Prosser, Frech, Ziese
   NOOP(5) Wall, Foat, Cole, Armstrong, Bishop

Voter Comments:
 Prosser> http://www.securityfocus.com/archive/1/190932


======================================================
Candidate: CAN-2001-0710
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0710
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20010829
Assigned: 20010829
Category:
Reference: FREEBSD:FreeBSD-SA-01:52
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc
Reference: NETBSD:NetBSD-SA2001-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
Reference: XF:bsd-ip-fragments-dos(6636)
Reference: URL:http://xforce.iss.net/static/6636.php
Reference: BID:2799
Reference: URL:http://www.securityfocus.com/bid/2799

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote
attacker to cause a denial of service by sending a large number of IP
fragments to the machine, exhausting the mbuf pool.


Modifications:
  DESC fix typo
  CHANGEREF XF [fix typo]

INFERRED ACTION: CAN-2001-0710 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(7) Prosser, Baker, Foat, Cole, Frech, Ziese, Stracener
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> I love spotting a "fragements" typo less than a day after
   actually creating a candidate! :-)
 Frech> In description, "fragements" should be "fragments".
   XF:bsd-ip fragments-dos(6636) should be XF:bsd-ip-fragments-dos(6636)
   (missing hyphen)


======================================================
Candidate: CAN-2001-0716
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0716
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20010926
Category: SF
Reference: ISS:20011016 Citrix MetaFrame Remote Denial of Service Vulnerability
Reference: URL:http://xforce.iss.net/alerts/advise99.php
Reference: XF:metaframe-multiple-sessions-dos(7068)
Reference: URL:http://xforce.iss.net/static/7068.php
Reference: BID:3440
Reference: URL:http://online.securityfocus.com/bid/3440

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service
Pack 1 and earlier, allows remote attackers to cause a denial of
service (crash) via a large number of incomplete connections to the
server.


Modifications:
  ADDREF XF:metaframe-multiple-sessions-dos(7068)
  ADDREF BID:3440

INFERRED ACTION: CAN-2001-0716 ACCEPT_REV (4 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Foat
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:metaframe-multiple-sessions-dos(7068)


======================================================
Candidate: CAN-2001-0717
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0717
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010926
Category: SF
Reference: ISS:20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service
Reference: URL:http://xforce.iss.net/alerts/advise98.php
Reference: CERT:CA-2001-27
Reference: URL:http://www.cert.org/advisories/CA-2001-27.html
Reference: CIAC:M-002
Reference: URL:http://www.ciac.org/ciac/bulletins/m-002.shtml
Reference: HP:HPSBUX0110-168
Reference: SUN:00212
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212
Reference: COMPAQ:SSRT0767U
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml
Reference: HP:HPSBUX0110-168
Reference: URL:http://online.securityfocus.com/advisories/3584
Reference: CALDERA:CSSA-2001-SCO.28
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt
Reference: BID:3382
Reference: URL:http://www.securityfocus.com/bid/3382
Reference: XF:tooltalk-ttdbserverd-format-string(7069)
Reference: URL:http://xforce.iss.net/static/7069.php

Format string vulnerability in ToolTalk database server
rpc.ttdbserverd allows remote attackers to execute arbitrary commands
via format string specifiers that are passed to the syslog function.


Modifications:
  ADDREF XF:tooltalk-ttdbserverd-format-string(7069)
  ADDREF SUN:00212
  ADDREF CERT:CA-2001-27
  ADDREF COMPAQ:SSRT0767U
  ADDREF HP:HPSBUX0110-168
  ADDREF CIAC:M-002
  ADDREF CALDERA:CSSA-2001-SCO.28
  ADDREF BID:3382

INFERRED ACTION: CAN-2001-0717 ACCEPT (5 accept, 7 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:tooltalk-ttdbserverd-format-string(7069)
 Christey> SUN:00212
   URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212
   (anyway, that's where it SHOULD be.  But currently it's not,
   so try http://marc.theaimsgroup.com/?l=bugtraq&m=100568936023605&w=2)
   CERT:CA-2001-27
   http://www.cert.org/advisories/CA-2001-27.html
 Christey> COMPAQ:SSRT0767U
   URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml


======================================================
Candidate: CAN-2001-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0718
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features
Reference: URL:http://online.securityfocus.com/archive/1/218802
Reference: MS:MS01-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-050.asp
Reference: CERT:CA-2001-28
Reference: URL:http://www.cert.org/advisories/CA-2001-28.html
Reference: XF:ms-malformed-document-macro(7223)
Reference: URL:http://xforce.iss.net/static/7223.php
Reference: BID:3402
Reference: URL:http://online.securityfocus.com/bid/3402

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2)
Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro
restrictions and execute arbitrary commands by modifying the data
stream in the document.


Modifications:
  ADDREF XF:ms-malformed-document-macro(7223)
  ADDREF BID:3402
  ADDREF BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features

INFERRED ACTION: CAN-2001-0718 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ms-malformed-document-macro(7223)


======================================================
Candidate: CAN-2001-0719
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0719
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/202470
Reference: MS:MS01-056
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-056.asp
Reference: XF:mediaplayer-asf-marker-bo(6962)
Reference: URL:http://www.iss.net/security_center/static/6962.php
Reference: BID:3156
Reference: URL:http://online.securityfocus.com/bid/3156

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote
attackers to execute arbitrary code via a malformed Advanced Streaming
Format (ASF) file.


Modifications:
  ADDREF XF:mediaplayer-asf-marker-bo(6962)
  ADDREF BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow
  ADDREF BID:3156

INFERRED ACTION: CAN-2001-0719 ACCEPT (7 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:mediaplayer-asf-marker-bo(6962)


======================================================
Candidate: CAN-2001-0720
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0720
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: MS:MS01-053
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-053.asp
Reference: CIAC:M-013
Reference: URL:http://www.ciac.org/ciac/bulletins/m-013.shtml
Reference: XF:ie-mac-downloaded-file-execution(7336)
Reference: URL:http://xforce.iss.net/static/7336.php
Reference: BID:3471
Reference: URL:http://online.securityfocus.com/bid/3471

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote
attackers to execute arbitrary commands by causing a BinHex or
MacBinary file type to be downloaded, which causes the files to be
executed if automatic decoding is enabled.


Modifications:
  ADDREF XF:ie-mac-downloaded-file-execution(7336)
  ADDREF CIAC:M-013
  ADDREF BID:3471

INFERRED ACTION: CAN-2001-0720 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:ie-mac-downloaded-file-execution(7336)


======================================================
Candidate: CAN-2001-0722
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0722
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011122
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100527618108521&w=2
Reference: BUGTRAQ:20011019 Minor IE vulnerability: about: URLs
Reference: URL:http://www.securityfocus.com/archive/1/221612
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp
Reference: XF:ie-about-cookie-information(7486)
Reference: URL:http://xforce.iss.net/static/7486.php
Reference: CIAC:M-016
Reference: URL:http://www.ciac.org/ciac/bulletins/m-016.shtml
Reference: BID:3513
Reference: URL:http://online.securityfocus.com/bid/3513

Internet Explorer 5.5 and 6.0 allows remote attackers to read and
modify user cookies via Javascript in an about: URL, aka the "First
Cookie Handling Vulnerability."


Modifications:
  ADDREF XF:ie-about-cookie-information(7486)
  ADDREF CIAC:M-016
  ADDREF BID:3513
  DESC add "aka"

INFERRED ACTION: CAN-2001-0722 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:ie-about-cookie-information(7486)
 Christey> aka "First Cookie Handling Vulnerability"


======================================================
Candidate: CAN-2001-0723
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0723
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp
Reference: BID:3546
Reference: URL:http://online.securityfocus.com/bid/3546

Internet Explorer 5.5 and 6.0 allows remote attackers to read and
modify user cookies via Javascript, aka the "Second Cookie Handling
Vulnerability."


Modifications:
  ADDREF BID:3546

INFERRED ACTION: CAN-2001-0723 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Baker, Cole
   NOOP(1) Foat


======================================================
Candidate: CAN-2001-0728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0728
Final-Decision:
Interim-Decision: 20020301
Modified: 20020225-01
Proposed: 20011012
Assigned: 20011002
Category: SF
Reference: COMPAQ:SSRT0758
Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory2.html
Reference: CERT-VN:VU#275979
Reference: URL:http://www.kb.cert.org/vuls/id/275979
Reference: XF:compaq-wbm-bo(7189)
Reference: URL:http://xforce.iss.net/static/7189.php
Reference: BID:3376
Reference: URL:http://www.securityfocus.com/bid/3376

Buffer overflow in Compaq Management Agents before 5.2, included in
Compaq Web-enabled Management Software, allows local users to gain
privileges.


Modifications:
  ADDREF XF:compaq-wbm-bo(7189)
  ADDREF CERT-VN:VU#275979
  ADDREF BID:3376

INFERRED ACTION: CAN-2001-0728 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Frech> XF:compaq-wbm-bo(7189)
 Christey> CERT-VN:VU#275979
   URL:http://www.kb.cert.org/vuls/id/275979
   BID:3376
   URL:http://www.securityfocus.com/bid/3376


======================================================
Candidate: CAN-2001-0730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0730
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011012
Assigned: 20011008
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/01-09-28#security
Reference: MANDRAKE:MDKSA-2001:077
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3
Reference: CONECTIVA:CLA-2001:430
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430
Reference: ENGARDE:ESA-20011019-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1649.html
Reference: XF:apache-log-file-overwrite(7419)
Reference: URL:http://xforce.iss.net/static/7419.php

split-logfile in Apache 1.3.20 allows remote attackers to overwrite
arbitrary files that end in the .log extension via an HTTP request
with a / (slash) in the Host: header.


Modifications:
  ADDREF XF:apache-log-file-overwrite(7419)
  ADDREF MANDRAKE:MDKSA-2001:077
  ADDREF CONECTIVA:CLA-2001:430
  ADDREF ENGARDE:ESA-20011019-01

INFERRED ACTION: CAN-2001-0730 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:apache-log-file-overwrite(7419)


======================================================
Candidate: CAN-2001-0733
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0733
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010621 bugtraq submission
Reference: URL:http://www.securityfocus.com/archive/1/192711
Reference: BID:2912
Reference: URL:http://www.securityfocus.com/bid/2912
Reference: XF:eperl-embedded-code-execution(6743)
Reference: URL:http://xforce.iss.net/static/6743.php

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier
allows a remote attacker to execute arbitrary code by modifying the
'sinclude' file to point to another file that contains a #include
directive that references a file that contains the code.

INFERRED ACTION: CAN-2001-0733 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Foat, Cole, Armstrong, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0738
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0738
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-02
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99258618906506&w=2
Reference: CERT-VN:VU#249579
Reference: URL:http://www.kb.cert.org/vuls/id/249579
Reference: IMMUNIX:IMNX-2001-70-026-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01
Reference: XF:klogd-null-byte-dos(7098)
Reference: URL:http://xforce.iss.net/static/7098.php

LogLine function in klogd in sysklogd 1.3 in various Linux
distributions allows an attacker to cause a denial of service (hang)
by causing null bytes to be placed in log messages.


Modifications:
  Changed CERT-VU: source to CERT-VN
  ADDREF IMMUNIX:IMNX-2001-70-026-01

INFERRED ACTION: CAN-2001-0738 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> IMMUNIX:IMNX-2001-70-026-01
   URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01


======================================================
Candidate: CAN-2001-0739
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0739
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: ENGARDE:ESA-20010529-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1404.html
Reference: XF:linux-webtool-inherit-privileges(7404)
Reference: URL:http://xforce.iss.net/static/7404.php

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows
restarted services to inherit some environmental variables, which
could allow local users to gain root privileges.


Modifications:
  ADDREF XF:linux-webtool-inherit-privileges(7404)

INFERRED ACTION: CAN-2001-0739 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:linux-webtool-inherit-privileges(7404)


======================================================
Candidate: CAN-2001-0740
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0740
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html
Reference: BUGTRAQ:20010921 3Com OfficeConnect 812/840  Router DoS exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100119572524232&w=2
Reference: BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100137290421828&w=2
Reference: XF:3com-officeconnect-http-dos(6573)
Reference: URL:http://xforce.iss.net/static/6573.php
Reference: BID:2721
Reference: URL:http://www.securityfocus.com/bid/2721

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router
software 1.1.9 and earlier, allows remote attackers to cause a denial
of service via a long string containing a large number of "%s"
strings, possibly triggering a format string vulnerability.

INFERRED ACTION: CAN-2001-0740 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Frech
   MODIFY(1) Armstrong
   NOOP(1) Wall

Voter Comments:
 Armstrong> The 840 apperas to be an SDSL router vice an ADSL one.  Minor correction.


======================================================
Candidate: CAN-2001-0745
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0745
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html
Reference: XF:netscape-user-info-retrieval(7417)
Reference: URL:http://xforce.iss.net/static/7417.php

Netscape 4.7x allows remote attackers to obtain sensitive information
such as the user's login, mailbox location and installation path via
Javascript that accesses the mailbox: URL in the document.referrer
property.


Modifications:
  ADDREF XF:netscape-user-info-retrieval(7417)

INFERRED ACTION: CAN-2001-0745 ACCEPT_REV (4 accept, 0 ack, 1 review)

Current Votes:
   ACCEPT(3) Baker, Foat, Cole
   MODIFY(1) Frech
   NOOP(1) Armstrong
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:netscape-user-info-retrieval(7417)
 CHANGE> [Armstrong changed vote from REVIEWING to NOOP]


======================================================
Candidate: CAN-2001-0750
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0750
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010524 IOS Reload after Scanning Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml
Reference: XF:cisco-ios-tcp-dos(6589)
Reference: URL:http://xforce.iss.net/static/6589.php
Reference: BID:2804
Reference: URL:http://online.securityfocus.com/bid/2804

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial
of service (reload) via a connection to TCP ports 3100-3999,
5100-5999, 7100-7999 and 10100-10999.


Modifications:
  ADDREF BID:2804

INFERRED ACTION: CAN-2001-0750 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0751
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0751
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: XF:tcp-seq-predict(139)
Reference: URL:http://xforce.iss.net/static/139.php

Cisco switches and routers running CBOS 2.3.8 and earlier use
predictable TCP Initial Sequence Numbers (ISN), which allows remote
attackers to spoof or hijack TCP connections.


Modifications:
  ADDREF XF:tcp-seq-predict(139)

INFERRED ACTION: CAN-2001-0751 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:tcp-seq-predict(139)


======================================================
Candidate: CAN-2001-0752
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0752
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: XF:cisco-cbos-record-dos(7298)
Reference: URL:http://xforce.iss.net/static/7298.php

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial
of service via an ICMP ECHO REQUEST (ping) with the IP Record Route
option set.


Modifications:
  ADDREF XF:cisco-cbos-record-dos(7298)

INFERRED ACTION: CAN-2001-0752 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-cbos-record-dos(7298)


======================================================
Candidate: CAN-2001-0754
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0754
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: XF:cisco-cbos-multiple-echo(7299)
Reference: URL:http://xforce.iss.net/static/7299.php

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial
of service via a series of large ICMP ECHO REPLY (ping) packets, which
cause it to enter ROMMON mode and stop forwarding packets.


Modifications:
  ADDREF XF:cisco-cbos-multiple-echo(7299)

INFERRED ACTION: CAN-2001-0754 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Christey> Need to see what the difference is between this and CVE-2001-0057.
 Frech> XF:cisco-cbos-multiple-echo(7299)
 Christey> OK, the difference is in the affected version numbers.


======================================================
Candidate: CAN-2001-0757
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0757
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml
Reference: BID:2874
Reference: URL:http://www.securityfocus.com/bid/2874
Reference: XF:cisco-nrp2-telnet-access(6691)
Reference: URL:http://xforce.iss.net/static/6691.php
Reference: CERT-VN:VU#516659
Reference: URL:http://www.kb.cert.org/vuls/id/516659
Reference: CIAC:L-097
Reference: URL:http://www.ciac.org/ciac/bulletins/l-097.shtml

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC
card does not properly disable access when a password has not been set
for vtys, which allows remote attackers to obtain access via telnet.


Modifications:
  ADDREF XF:cisco-nrp2-telnet-access(6691)
  ADDREF CERT-VN:VU#516659
  ADDREF CIAC:L-097

INFERRED ACTION: CAN-2001-0757 ACCEPT (5 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:cisco-nrp2-telnet-access(6691)


======================================================
Candidate: CAN-2001-0760
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0760
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010630 Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194449
Reference: BUGTRAQ:20010702 Re: Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194522
Reference: BID:2956
Reference: URL:http://www.securityfocus.com/bid/2956
Reference: XF:citrix-nfuse-path-disclosure(6786)
Reference: URL:http://xforce.iss.net/static/6786.php

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path
of the web root via a malformed request to launch.asp that does not
provide the session field.


Modifications:
  ADDREF XF:citrix-nfuse-path-disclosure(6786)
  DESC add launch.asp

INFERRED ACTION: CAN-2001-0760 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(2) Foat, Frech
   NOOP(5) Christey, Oliver, Wall, Cole, Armstrong

Voter Comments:
 Frech> XF:citrix-nfuse-path-disclosure(6786)
 Christey> Consider adding launch.asp to the description to facilitate
   search.
 Foat> Be sure to include the / at the end of the URL to verify the
   vulnerability.


======================================================
Candidate: CAN-2001-0764
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0764
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: VULN-DEV:20010609 suid scotty / ntping overflow
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html
Reference: VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html
Reference: BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/192664
Reference: SUSE:SuSE-SA:2001:023
Reference: URL:http://www.suse.de/de/support/security/2001_023_scotty_txt.txt
Reference: XF:scotty-ntping-bo(6735)
Reference: URL:http://xforce.iss.net/static/6735.php
Reference: BID:2911
Reference: URL:http://www.securityfocus.com/bid/2911

Buffer overflow in ntping in scotty 2.1.0 allows local users to
execute arbitrary code via a long hostname as a command line argument.

INFERRED ACTION: CAN-2001-0764 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0765
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0765
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html
Reference: CONFIRM:http://www.bisonftp.com/ServRev.htm
Reference: BID:2963
Reference: URL:http://www.securityfocus.com/bid/2963
Reference: XF:bisonftp-bdl-directory-traversal(6782)
Reference: URL:http://xforce.iss.net/static/6782.php

BisonFTP V4R1 allows local users to access directories outside of
their home directory by uploading .bdl files, which can then be linked
to other directories.


Modifications:
  ADDREF XF:bisonftp-bdl-directory-traversal(6782)

INFERRED ACTION: CAN-2001-0765 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:bisonftp-bdl-directory-traversal(6782)


======================================================
Candidate: CAN-2001-0773
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0773
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap
Reference: URL:http://www.securityfocus.com/archive/1/195644
Reference: BID:3001
Reference: URL:http://www.securityfocus.com/bid/3001
Reference: XF:cayman-dsl-portscan-dos(6825)
Reference: URL:http://xforce.iss.net/static/6825.php
Reference: CERT-VN:VU#312761
Reference: URL:http://www.kb.cert.org/vuls/id/312761

Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial
of service (crash) via a series of SYN or TCP connect requests.


Modifications:
  ADDREF XF:cayman-dsl-portscan-dos(6825)
  ADDREF CERT-VN:VU#312761

INFERRED ACTION: CAN-2001-0773 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Armstrong
   MODIFY(1) Frech
   NOOP(5) Christey, Oliver, Wall, Foat, Cole

Voter Comments:
 Frech> XF:cayman-dsl-portscan-dos(6825)
 Christey> CERT-VN:VU#312761
   URL:http://www.kb.cert.org/vuls/id/312761


======================================================
Candidate: CAN-2001-0774
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0774
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010709 Tripwire temporary files
Reference: URL:http://www.securityfocus.com/archive/1/195617
Reference: BID:3003
Reference: URL:http://www.securityfocus.com/bid/3003
Reference: XF:tripwire-tmpfile-symlink(6820)
Reference: URL:http://xforce.iss.net/static/6820.php
Reference: CERT-VN:VU#349019
Reference: URL:http://www.kb.cert.org/vuls/id/349019
Reference: MANDRAKE:MDKSA-2001:064
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite
arbitrary files and possible gain privileges via a symbolic link
attack on temporary files.


Modifications:
  ADDREF XF:tripwire-tmpfile-symlink(6820)
  ADDREF CERT-VN:VU#349019
  ADDREF MANDRAKE:MDKSA-2001:064
  DESC fix typo

INFERRED ACTION: CAN-2001-0774 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:tripwire-tmpfile-symlink(6820)
   CONFIRM:http://www.linux-mandrake.com/en/security/2001/MDKSA-
   2001-064.php3?dis=8.0
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]
 Christey> Fix typo: "ovperwrite"


======================================================
Candidate: CAN-2001-0779
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0779
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187086
Reference: BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available
Reference: URL:http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu
Reference: SUNBUG:4456994
Reference: CERT-VN:VU#327281
Reference: URL:http://www.kb.cert.org/vuls/id/327281
Reference: SUN:00209
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/209
Reference: CIAC:M-008
Reference: URL:http://www.ciac.org/ciac/bulletins/m-008.shtml
Reference: XF:solaris-yppasswd-bo(6629)
Reference: URL:http://xforce.iss.net/static/6629.php
Reference: BID:2763
Reference: URL:http://www.securityfocus.com/bid/2763

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7
and 8 allows remote attackers to gain root access via a long username.


Modifications:
  ADDREF SUNBUG:4456994
  ADDREF CERT-VN:VU#327281
  ADDREF SUN:00209
  ADDREF CIAC:M-008

INFERRED ACTION: CAN-2001-0779 ACCEPT (5 accept, 4 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Armstrong, Frech, Dik
   NOOP(1) Cole

Voter Comments:
 Frech> Sun Bug ID 4456994 rpc.yppasswdd contains a buffer overflow
 CHANGE> [Wall changed vote from REVIEWING to ACCEPT]


======================================================
Candidate: CAN-2001-0784
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: BUGTRAQ:20010626 Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html
Reference: BID:2932
Reference: URL:http://www.securityfocus.com/bid/2932
Reference: XF:icecast-dot-directory-traversal(6752)
Reference: URL:http://xforce.iss.net/static/6752.php
Reference: DEBIAN:DSA-089
Reference: URL:http://www.debian.org/security/2001/dsa-089

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows
remote attackers to read arbitrary files via a modified .. (dot dot)
attack using encoded URL characters.


Modifications:
  ADDREF XF:icecast-dot-directory-traversal(6752)
  ADDREF DEBIAN:DSA-089

INFERRED ACTION: CAN-2001-0784 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:icecast-dot-directory-traversal(6752)
 Christey> MISC:http://www.icecast.org/index.html
   On August 7, 2001 (more than a month after the initial
   disclosure), the news page states "contains a couple security
   updates."  There is insufficient information to be confident whether
   the vendor is fixing the DoS or directory traversal problems
   identified on Bugtraq.
 Christey> Inquiry sent to team@icecast.org on 2/25/2002 for
   completeness, received a reply stating "Afaik, the current
   released version of icecast resolves all reported security
   issues.  Debian advisory is certainly sufficient
   acknowledgement.


======================================================
Candidate: CAN-2001-0787
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0787
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011012
Assigned: 20011012
Category: SF
Reference: REDHAT:RHSA-2001:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-077.html
Reference: CIAC:L-096
Reference: URL:http://www.ciac.org/ciac/bulletins/l-096.shtml
Reference: BID:2865
Reference: URL:http://www.securityfocus.com/bid/2865
Reference: XF:lprng-supplementary-groups(6703)
Reference: URL:http://xforce.iss.net/static/6703.php

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships
in supplemental groups when lowering privileges, which could allow a
local user to elevate privileges.


Modifications:
  ADDREF CIAC:L-096
  ADDREF BID:2865
  ADDREF XF:lprng-supplementary-groups(6703)

INFERRED ACTION: CAN-2001-0787 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Foat, Cole, Armstrong
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:lprng-supplementary-groups(6703)
 Christey> CIAC:L-096
   http://www.ciac.org/ciac/bulletins/l-096.shtml
   BID:2865
   http://www.securityfocus.com/bid/2865


======================================================
Candidate: CAN-2001-0796
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0796
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011023
Category: SF
Reference: SGI:20011001-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=8990
Reference: XF:irix-igmp-dos(7332)
Reference: URL:http://xforce.iss.net/static/7332.php
Reference: BID:3463
Reference: URL:http://online.securityfocus.com/bid/3463

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and
FreeBSD 3.0, allows remote attackers to cause a denial of service via
a malformed IGMP multicast packet with a small response delay.


Modifications:
  ADDREF XF:irix-igmp-dos(7332)
  ADDREF BID:3463

INFERRED ACTION: CAN-2001-0796 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:irix-igmp-dos(7332)


======================================================
Candidate: CAN-2001-0801
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0801
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011025
Category: SF
Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2
Reference: SGI:20011003-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
Reference: XF:irix-lpstat-net-type-library(7639)
Reference: URL:http://xforce.iss.net/static/7639.php

lpstat in IRIX 6.5.13f and earlier allows local users to gain root
privileges by specifying a Trojan Horse nettype shared library


Modifications:
  ADDREF XF:irix-lpstat-net-type-library(7639)

INFERRED ACTION: CAN-2001-0801 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:irix-lpstat-net-type-library(7639)


======================================================
Candidate: CAN-2001-0803
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0803
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011029
Category: SF
Reference: ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
Reference: URL:http://xforce.iss.net/alerts/advise101.php
Reference: CERT:CA-2001-31
Reference: URL:http://www.cert.org/advisories/CA-2001-31.html
Reference: CERT:CA-2002-01
Reference: URL:http://www.cert.org/advisories/CA-2002-01.html
Reference: CERT-VN:VU#172583
Reference: URL:http://www.kb.cert.org/vuls/id/172583
Reference: SUN:00214
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214
Reference: HP:HPSBUX0111-175
Reference: URL:http://www.securityfocus.com/advisories/3651
Reference: CALDERA:CSSA-2001-SCO.30
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
Reference: SGI:20011107-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P
Reference: BID:3517
Reference: URL:http://www.securityfocus.com/bid/3517
Reference: XF:cde-dtspcd-bo(7396)
Reference: URL:http://xforce.iss.net/static/7396.php

Buffer overflow in the client connection routine of libDtSvc.so.1 in
CDE Subprocess Control Service (dtspcd) allows remote attackers to
execute arbitrary commands


Modifications:
  ADDREF XF:cde-dtspcd-bo(7396)
  ADDREF SUN:00214
  ADDREF CERT:CA-2002-01
  ADDREF SGI:20011107-01-P

INFERRED ACTION: CAN-2001-0803 ACCEPT (5 accept, 7 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Armstrong, Dik, Bishop
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:cde-dtspcd-bo(7396)
 Christey> ADDREF SUN:00214
 Christey> ADDREF CERT:CA-2002-01
 Dik> Sun bug: 4527363


======================================================
Candidate: CAN-2001-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0804
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com
Reference: CONFIRM:http://www.valeriemates.com/story_download.html
Reference: XF:interactive-story-next-directory-traversal(6843)
Reference: URL:http://xforce.iss.net/static/6843.php
Reference: BID:3028
Reference: URL:http://www.securityfocus.com/bid/3028

Directory traversal vulnerability in story.pl in Interactive Story 1.3
allows a remote attacker to read arbitrary files via a .. (dot dot)
attack on the "next" parameter.

INFERRED ACTION: CAN-2001-0804 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Cole, Armstrong, Frech, Bishop
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0805
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011122
Assigned: 20011030
Category: SF
Reference: BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com
Reference: BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com
Reference: XF:tarantella-ttawebtop-read-files(6723)
Reference: URL:http://xforce.iss.net/static/6723.php
Reference: BID:2890
Reference: URL:http://www.securityfocus.com/bid/2890

Directory traversal vulnerability in ttawebtop.cgi in Tarantella
Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary
files via a .. (dot dot) in the pg parameter.

INFERRED ACTION: CAN-2001-0805 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Frech, Bishop
   NOOP(3) Wall, Foat, Armstrong


======================================================
Candidate: CAN-2001-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0806
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011030
Category: CF
Reference: BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99358249631139&w=2
Reference: BUGTRAQ:20011007 OS X 10.1 and localized desktop folder still vulnerable
Reference: URL:http://online.securityfocus.com/archive/1/219166
Reference: BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99436289015729&w=2
Reference: BID:2930
Reference: URL:http://www.securityfocus.com/bid/2930
Reference: XF:macos-desktop-insecure-permissions(6750)
Reference: URL:http://xforce.iss.net/static/6750.php

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a
user's desktop folder via insecure default permissions for the Desktop
when it is created in some languages.


Modifications:
  ADDREF XF:macos-desktop-insecure-permissions(6750)
  CHANGEREF BUGTRAQ add date

INFERRED ACTION: CAN-2001-0806 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Foat, Cole
   MODIFY(1) Frech
   NOOP(3) Wall, Armstrong, Bishop

Voter Comments:
 Frech> XF:macos-desktop-insecure-permissions(6750)


======================================================
Candidate: CAN-2001-0815
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0815
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011113
Category: SF
Reference: BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100583978302585&w=2
Reference: CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062
Reference: BID:3526
Reference: URL:http://www.securityfocus.com/bid/3526
Reference: XF:activeperl-perlis-filename-bo(7539)
Reference: URL:http://xforce.iss.net/static/7539.php

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and
earlier allows remote attackers to exute arbitrary code via an HTTP
request for a long filename that ends in a .pl extension.


Modifications:
  ADDREF XF:activeperl-perlis-filename-bo(7539)

INFERRED ACTION: CAN-2001-0815 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Frech
   NOOP(4) Wall, Foat, Armstrong, Bishop

Voter Comments:
 Frech> XF:activeperl-perlis-filename-bo(7539)


======================================================
Candidate: CAN-2001-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011113
Category: SF
Reference: BUGTRAQ:20010918 OpenSSH: sftp & bypassing keypair auth restrictions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html
Reference: CONECTIVA:CLSA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: REDHAT:RHSA-2001:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-154.html
Reference: XF:openssh-sftp-bypass-restrictions(7634)
Reference: URL:http://xforce.iss.net/static/7634.php

OpenSSH before 2.9.9, when running sftp using sftp-server and using
restricted keypairs, allows remote authenticated users to bypass
authorized_keys2 command= restrictions using sftp commands.


Modifications:
  ADDREF XF:openssh-sftp-bypass-restrictions(7634)
  ADDREF CONECTIVA:CLSA-2001:431
  ADDREF IMMUNIX:IMNX-2001-70-034-01
  ADDREF REDHAT:RHSA-2001:154

INFERRED ACTION: CAN-2001-0816 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Foat

Voter Comments:
 Frech> XF:openssh-sftp-bypass-restrictions(7634)


======================================================
Candidate: CAN-2001-0819
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0819
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: DEBIAN:DSA-060
Reference: URL:http://www.debian.org/security/2001/dsa-060
Reference: ENGARDE:ESA-20010620-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1451.html
Reference: MANDRAKE:MDKSA-2001:063
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1
Reference: CALDERA:CSSA-2001-022.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt
Reference: CONECTIVA:CLA-2001:403
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403
Reference: FREEBSD:FreeBSD-SA-01:43
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:43.fetchmail.asc
Reference: IMMUNIX:IMNX-2001-70-025-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-025-01
Reference: BID:2877
Reference: URL:http://www.securityfocus.com/bid/2877
Reference: XF:fetchmail-long-header-bo(6704)
Reference: URL:http://xforce.iss.net/static/6704.php
Reference: SUSE:SuSE-SA:2001:026
Reference: URL:http://www.suse.com/de/support/security/2001_026_fetchmail_txt.html

A buffer overflow in Linux fetchmail before 5.8.6 allows remote
attackers to execute arbitrary code via a large 'To:' field in an
email header.


Modifications:
  ADDREF FREEBSD:FreeBSD-SA-01:43
  ADDREF IMMUNIX:IMNX-2001-70-025-01
  ADDREF SUSE:SuSE-SA:2001:026

INFERRED ACTION: CAN-2001-0819 ACCEPT (6 accept, 4 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0822
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0822
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99167206319643&w=2
Reference: CONFIRM:http://www.pkcrew.org/news.php
Reference: XF:linux-fpf-kernel-dos(6659)
Reference: URL:http://xforce.iss.net/static/6659.php
Reference: BID:2816
Reference: URL:http://www.securityfocus.com/bid/2816

FPF kernel module 1.0 allows a remote attacker to cause a denial of
service via fragmented packets.

INFERRED ACTION: CAN-2001-0822 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0823
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0823
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010618 pmpost - another nice symlink follower
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99290754901708&w=2
Reference: BUGTRAQ:20010619 Re: pmpost - another nice symlink follower
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html
Reference: SGI:20010601-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A
Reference: XF:irix-pcp-pmpost-symlink(6724)
Reference: URL:http://xforce.iss.net/static/6724.php
Reference: BID:2887
Reference: URL:http://www.securityfocus.com/bid/2887

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows
a local user to gain privileges via a symlink attack on the NOTICES
file in the PCP log directory (PCP_LOG_DIR).

INFERRED ACTION: CAN-2001-0823 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Baker, Foat, Cole, Armstrong, Frech, Bishop
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0828
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0828
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194464
Reference: CONFIRM:http://www.caucho.com/products/resin/changes.xtp
Reference: BID:2981
Reference: URL:http://www.securityfocus.com/bid/2981
Reference: XF:java-servlet-crosssite-scripting(6793)
Reference: URL:http://xforce.iss.net/static/6793.php
Reference: CERT-VN:VU#981651
Reference: URL:http://www.kb.cert.org/vuls/id/981651

A cross-site scripting vulnerability in Caucho Technology Resin before
1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink
that ends in a .jsp extension, which causes an error message that does
not properly quote the Javascript.


Modifications:
  ADDREF XF:java-servlet-crosssite-scripting(6793)
  ADDREF CERT-VN:VU#981651

INFERRED ACTION: CAN-2001-0828 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(4) Christey, Wall, Foat, Cole

Voter Comments:
 Frech> XF:java-servlet-crosssite-scripting(6793)
 Christey> CERT-VN:VU#981651
   URL:http://www.kb.cert.org/vuls/id/981651


======================================================
Candidate: CAN-2001-0830
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0830
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011023 Remote DoS in 6tunnel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386451702966&w=2
Reference: CONFIRM:ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
Reference: XF:6tunnel-open-socket-dos(7337)
Reference: URL:http://xforce.iss.net/static/7337.php
Reference: BID:3467
Reference: URL:http://online.securityfocus.com/bid/3467

6tunnel 0.08 and earlier does not properly close sockets that were
initiated by a client, which allows remote attackers to cause a denial
of service (resource exhaustion) by repeatedly connecting to and
disconnecting from the server.


Modifications:
  ADDREF XF:6tunnel-open-socket-dos(7337)
  ADDREF BID:3467

INFERRED ACTION: CAN-2001-0830 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Baker
   MODIFY(1) Frech
   NOOP(5) Wall, Foat, Cole, Armstrong, Bishop

Voter Comments:
 Frech> XF:6tunnel-open-socket-dos(7337)


======================================================
Candidate: CAN-2001-0833
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0833
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: CF
Reference: BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5.
Reference: URL:http://online.securityfocus.com/archive/1/201295
Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100386756715645&w=2
Reference: BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/222612
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
Reference: XF:oracle-binary-symlink(6940)
Reference: URL:http://xforce.iss.net/static/6940.php
Reference: BID:3139
Reference: URL:http://online.securityfocus.com/bid/3139

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local
users to execute arbitrary code via a long ORACLE_HOME environment
variable, aka the "Oracle Trace Collection Security Vulnerability."


Modifications:
  ADDREF XF:oracle-binary-symlink(6940)
  ADDREF BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5.
  ADDREF BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability
  ADDREF BID:3139

INFERRED ACTION: CAN-2001-0833 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:oracle-otrcrep-bo(6933)


======================================================
Candidate: CAN-2001-0834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0834
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
Reference: BUGTRAQ:20011007 Re: Bug found in ht://Dig htsearch CGI
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100260195401753&w=2
Reference: CONECTIVA:CLA-2001:429
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
Reference: SUSE:SuSE-SA:2001:035
Reference: URL:http://www.suse.com/de/support/security/2001_035_htdig_txt.txt
Reference: DEBIAN:DSA-080
Reference: URL:http://www.debian.org/security/2001/dsa-080
Reference: REDHAT:RHSA-2001:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-139.html
Reference: CALDERA:CSSA-2001-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
Reference: MANDRAKE:MDKSA-2001:083
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3
Reference: BID:3410
Reference: URL:http://www.securityfocus.com/bid/3410
Reference: XF:htdig-htsearch-infinite-loop(7262)
Reference: URL:http://xforce.iss.net/static/7262.php
Reference: XF:htdig-htsearch-retrieve-files(7263)
Reference: URL:http://xforce.iss.net/static/7263.php

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows
remote attackers to use the -c option to specify an alternate
configuration file, which could be used to (1) cause a denial of
service (CPU consumption) by specifying a large file such as
/dev/zero, or (2) read arbitrary files by uploading an alternate
configuration file that specifies the target file.


Modifications:
  ADDREF XF:htdig-htsearch-infinite-loop(7262)
  ADDREF XF:htdig-htsearch-retrieve-files(7263)
  ADDREF REDHAT:RHSA-2001:139
  ADDREF CALDERA:CSSA-2001-035.0
  ADDREF BID:3410
  ADDREF MANDRAKE:MDKSA-2001:083

INFERRED ACTION: CAN-2001-0834 ACCEPT (6 accept, 4 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:htdig-htsearch-infinite-loop(7262)
   XF:htdig-htsearch-retrieve-files(7263)
 Christey> ADDREF RHSA-2001:139 (per Mark Cox of Red Hat)
 Christey> MANDRAKE:MDKSA-2001:083
   URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3
   CALDERA:CSSA-2001-035.0
   URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
   BID:3410
   URL:http://www.securityfocus.com/bid/3410


======================================================
Candidate: CAN-2001-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0836
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category:
Reference: BUGTRAQ:20011018 def-2001-30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100342151132277&w=2
Reference: BUGTRAQ:20011024 Oracle9iAS Web Cache Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395487007578&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf
Reference: CERT:CA-2001-29
Reference: URL:http://www.cert.org/advisories/CA-2001-29.html
Reference: CERT-VN:VU#649979
Reference: URL:http://www.kb.cert.org/vuls/id/649979
Reference: XF:oracle-appserver-http-bo(7306)
Reference: URL:http://xforce.iss.net/static/7306.php

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote
attackers to execute arbitrary code via a long HTTP GET request.


Modifications:
  ADDREF XF:oracle-appserver-http-bo(7306)
  ADDREF CERT:CA-2001-29
  ADDREF CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf
  ADDREF CERT-VN:VU#649979

INFERRED ACTION: CAN-2001-0836 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:oracle-appserver-http-bo(7306)


======================================================
Candidate: CAN-2001-0843
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0843
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20010921 squid DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100109679010256&w=2
Reference: REDHAT:RHSA-2001:113
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-113.html
Reference: SUSE:SuSE-SA:2001:037
Reference: URL:http://www.suse.de/de/support/security/2001_037_squid_txt.txt
Reference: MANDRAKE:MDKSA-2001:088
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3
Reference: DEBIAN:DSA-077
Reference: URL:http://www.debian.org/security/2001/dsa-077
Reference: XF:squid-mkdir-put-dos(7157)
Reference: URL:http://xforce.iss.net/static/7157.php
Reference: BID:3354
Reference: URL:http://online.securityfocus.com/bid/3354

Squid proxy server 2.4 and earlier allows remote attackers to cause a
denial of service (crash) via a mkdir-only FTP PUT request.


Modifications:
  ADDREF XF:squid-mkdir-put-dos(7157)
  ADDREF MANDRAKE:MDKSA-2001:088
  ADDREF DEBIAN:DSA-077
  ADDREF BID:3354

INFERRED ACTION: CAN-2001-0843 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:squid-mkdir-put-dos(7157)
 Christey> MANDRAKE:MDKSA-2001:088
   URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3


======================================================
Candidate: CAN-2001-0846
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0846
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100448721830960&w=2
Reference: XF:lotus-domino-replicaid-access(7424)
Reference: URL:http://xforce.iss.net/static/7424.php
Reference: BID:3491
Reference: URL:http://www.iss.net/security_center/static/7424.php

Lotus Domino 5.x allows remote attackers to read files or execute
arbitrary code by requesting the ReplicaID of the Web Administrator
template file (webadmin.ntf).


Modifications:
  ADDREF XF:lotus-domino-replicaid-access(7424)
  ADDREF BID:3491

INFERRED ACTION: CAN-2001-0846 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Bishop

Voter Comments:
 Frech> XF:lotus-domino-replicaid-access(7424)


======================================================
Candidate: CAN-2001-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0850
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CALDERA:CSSA-2001-037.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt
Reference: XF:openlinux-libdb-bo(7427)
Reference: URL:http://xforce.iss.net/static/7427.php

A configuration error in the libdb1 package in OpenLinux 3.1 uses
insecure versions of the snprintf and vsnprintf functions, which could
allow local or remote users to exploit those functions with a buffer
overflow.


Modifications:
  ADDREF XF:openlinux-libdb-bo(7427)

INFERRED ACTION: CAN-2001-0850 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Wall

Voter Comments:
 Frech> XF:openlinux-libdb-bo(7427)


======================================================
Candidate: CAN-2001-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0851
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: ENGARDE:ESA-20011106-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1683.html
Reference: CALDERA:CSSA-2001-38.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
Reference: SUSE:SuSE-SA:2001:039
Reference: URL:http://www.suse.de/de/support/security/2001_039_kernel2_txt.txt
Reference: XF:linux-syncookie-bypass-filter(7461)
Reference: URL:http://xforce.iss.net/static/7461.php
Reference: REDHAT:RHSA-2001:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html
Reference: CONECTIVA:CLA-2001:432
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote
attackers to bypass firewall rules by brute force guessing the cookie.


Modifications:
  ADDREF XF:linux-syncookie-bypass-filter(7461)
  ADDREF REDHAT:RHSA-2001:142
  ADDREF CONECTIVA:CLA-2001:432
  ADDREF MANDRAKE:MDKSA-2001:082

INFERRED ACTION: CAN-2001-0851 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Christey, Wall

Voter Comments:
 Frech> XF:linux-syncookie-bypass-filter(7461)
 Christey> ADDREF RHSA-2001:142 (per Mark Cox of Red Hat)


======================================================
Candidate: CAN-2001-0852
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0852
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011105 RH Linux Tux HTTPD DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498100112191&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tux-list&m=100584714702328&w=2
Reference: REDHAT:RHSA-2001:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html
Reference: XF:tux-http-host-dos(7464)
Reference: URL:http://xforce.iss.net/static/7464.php
Reference: BID:3506
Reference: URL:http://online.securityfocus.com/bid/3506

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to
cause a denial of service via a long Host: header.


Modifications:
  ADDREF XF:tux-http-host-dos(7464)
  ADDREF BID:3506
  DESC rephrase, add details

INFERRED ACTION: CAN-2001-0852 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(1) Christey

Voter Comments:
 Frech> XF:tux-http-host-dos(7464)
 Christey> ADDREF RHSA-2001:142 (per Mark Cox of Red Hat)


======================================================
Candidate: CAN-2001-0857
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0857
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2
Reference: BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2
Reference: CONECTIVA:CLA-2001:437
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
Reference: CALDERA:CSSA-2001-039.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
Reference: XF:imp-css-steal-cookies(7496)
Reference: URL:http://xforce.iss.net/static/7496.php
Reference: BID:3525
Reference: URL:http://www.securityfocus.com/bid/3525

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6
and earlier allows remote attackers to gain access to the e-mail of
other users by hijacking session cookies via the message parameter.


Modifications:
  ADDREF XF:imp-css-steal-cookies(7496)
  ADDREF CONECTIVA:CLA-2001:437
  ADDREF BID:3525
  ADDREF CALDERA:CSSA-2001-039.0

INFERRED ACTION: CAN-2001-0857 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(3) Christey, Wall, Foat

Voter Comments:
 Frech> XF:imp-css-steal-cookies(7496)
   CONFIRM:http://www.horde.org/imp/2.2/
 Christey> CONECTIVA:CLA-2001:437
   URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100595247710753&w=2
   BID:3525
   URL:http://www.securityfocus.com/bid/3525
 Christey> CALDERA:CSSA-2001-039.0
   URL:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt


======================================================
Candidate: CAN-2001-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0859
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: REDHAT:RHSA-2001:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-148.html
Reference: HP:HPSBTL0112-006
Reference: URL:http://online.securityfocus.com/advisories/3725
Reference: XF:linux-korean-default-umask(7549)
Reference: URL:http://xforce.iss.net/static/7549.php
Reference: BID:3527
Reference: URL:http://online.securityfocus.com/bid/3527

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets
the setting default umask for init to 000, which installs files with
world-writeable permissions.


Modifications:
  ADDREF XF:linux-korean-default-umask(7549)
  ADDREF BID:3527
  ADDREF HP:HPSBTL0112-006

INFERRED ACTION: CAN-2001-0859 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Baker, Foat, Cole, Armstrong, Bishop
   MODIFY(1) Frech

Voter Comments:
 Frech> XF:linux-korean-default-umask(7549)


======================================================
Candidate: CAN-2001-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0860
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100578220002083&w=2
Reference: XF:win-terminal-spoof-address(7538)
Reference: URL:http://xforce.iss.net/static/7538.php
Reference: BID:3541
Reference: URL:http://online.securityfocus.com/bid/3541

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client
Address (IP address) that is provided by the client instead of
obtaining it from the packet headers, which allows clients to spoof
their public IP address, e.g. through a Network Address Translation
(NAT).


Modifications:
  ADDREF XF:win-terminal-spoof-address(7538)
  ADDREF BID:3541

INFERRED ACTION: CAN-2001-0860 ACCEPT_REV (5 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) LeBlanc, Prosser, Baker, Foat
   MODIFY(1) Frech
   NOOP(2) Cole, Bishop
   REVIEWING(1) Wall

Voter Comments:
 Frech> XF:win-terminal-spoof-address(7538)


======================================================
Candidate: CAN-2001-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0861
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: XF:cisco-icmp-unreachable-dos(7536)
Reference: URL:http://xforce.iss.net/static/7536.php
Reference: BID:3534
Reference: URL:http://online.securityfocus.com/bid/3534

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier
allows remote attackers to cause a denial of service (CPU consumption)
by flooding the router with traffic that generates a large number of
ICMP Unreachable replies.


Modifications:
  ADDREF XF:cisco-icmp-unreachable-dos(7536)
  ADDREF BID:3534
  ADDREF CIAC:M-018

INFERRED ACTION: CAN-2001-0861 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-icmp-unreachable-dos(7536)


======================================================
Candidate: CAN-2001-0862
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0862
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: XF:cisco-acl-noninital-dos(7550)
Reference: URL:http://xforce.iss.net/static/7550.php
Reference: BID:3535
Reference: URL:http://online.securityfocus.com/bid/3535

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
block non-initial packet fragments, which allows remote attackers to
bypass the ACL.


Modifications:
  ADDREF XF:cisco-acl-noninital-dos(7550)
  ADDREF BID:3535
  ADDREF CIAC:M-018

INFERRED ACTION: CAN-2001-0862 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-acl-noninital-dos(7550)


======================================================
Candidate: CAN-2001-0863
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0863
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: XF:cisco-acl-outgoing-fragment(7551)
Reference: URL:http://xforce.iss.net/static/7551.php
Reference: BID:3539
Reference: URL:http://online.securityfocus.com/bid/3539

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
handle the "fragment" keyword in a compiled ACL (Turbo ACL) for
packets that are sent to the router, which allows remote attackers to
cause a denial of service via a flood of fragments.


Modifications:
  ADDREF XF:cisco-acl-outgoing-fragment(7551)
  ADDREF CIAC:M-018
  ADDREF BID:3539

INFERRED ACTION: CAN-2001-0863 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-acl-outgoing-fragment(7551)


======================================================
Candidate: CAN-2001-0864
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0864
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.iss.net/security_center/static/7553.php
Reference: XF:cisco-acl-deny-ip(7553)
Reference: URL:http://xforce.iss.net/static/7553.php
Reference: BID:3536
Reference: URL:http://online.securityfocus.com/bid/3536

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
properly handle the implicit "deny ip any any" rule in an outgoing ACL
when the ACL contains exactly 448 entries, which can allow some
outgoing packets to bypass access restrictions.


Modifications:
  ADDREF CIAC:M-018
  ADDREF BID:3536
  ADDREF XF:cisco-acl-deny-ip(7553)

INFERRED ACTION: CAN-2001-0864 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-acl-deny-ip(7553)


======================================================
Candidate: CAN-2001-0865
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0865
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.iss.net/security_center/static/7552.php
Reference: BID:3540
Reference: URL:http://online.securityfocus.com/bid/3540
Reference: XF:cisco-turbo-acl-dos(7552)
Reference: URL:http://xforce.iss.net/static/7552.php

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
support the "fragment" keyword in an outgoing ACL, which could allow
fragmented packets in violation of the intended access.


Modifications:
  ADDREF XF:cisco-turbo-acl-dos(7552)
  ADDREF CIAC:M-018
  ADDREF BID:3540

INFERRED ACTION: CAN-2001-0865 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-turbo-acl-dos(7552)


======================================================
Candidate: CAN-2001-0866
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0866
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: XF:cisco-input-acl-configured(7554)
Reference: URL:http://www.iss.net/security_center/static/7554.php
Reference: BID:3537
Reference: URL:http://www.securityfocus.com/bid/3537

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not
properly handle an outbound ACL when an input ACL is not configured on
all the interfaces of a multi port line card, which could allow remote
attackers to bypass the intended access controls.


Modifications:
  ADDREF XF:cisco-input-acl-configured(7554)
  ADDREF CIAC:M-018
  ADDREF BID:3537

INFERRED ACTION: CAN-2001-0866 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Bishop
   MODIFY(1) Frech
   NOOP(2) Wall, Foat

Voter Comments:
 Frech> XF:cisco-input-acl-configured(7554)


======================================================
Candidate: CAN-2001-0867
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0867
Final-Decision:
Interim-Decision: 20020301
Modified: 20020226-01
Proposed: 20011122
Assigned: 20011122
Category: SF
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: XF:cisco-acl-fragment-bypass(7555)
Reference: URL:http://xforce.iss.net/static/7555.php
Reference: BID:3538
Reference: URL:http://www.securityfocus.com/bid/3538

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not
properly filter does not properly filter packet fragments even when
the "fragment" keyword is used in an ACL, which allows remote
attackers to bypass the intended access controls.


Modifications:
  ADDREF XF:cisco-acl-fragment-bypass(7555)
  ADDREF CIAC:M-018
  ADDREF BID:3538

INFERRED ACTION: CAN-2001-0867 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Bishop
   MODIFY(1) Frech
   NOOP(3) Wall, Foat, Armstrong

Voter Comments:
 Frech> XF:cisco-acl-fragment-bypass(7555)


======================================================
Candidate: CAN-2001-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0874
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-frame-verification-variant2(7702)
Reference: URL:http://xforce.iss.net/static/7702.php
Reference: BID:3693
Reference: URL:http://www.securityfocus.com/bid/3693

Internet Explorer 5.5 and 6.0 allow remote attackers to read certain
files via HTML that passes information from a frame in the client's
domain to a frame in the web site's domain, a variant of the "Frame
Domain Verification" vulnerability.

INFERRED ACTION: CAN-2001-0874 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech


======================================================
Candidate: CAN-2001-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0875
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog
Reference: URL:http://www.securityfocus.com/archive/1/245594
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-file-download-ext-spoof(7636)
Reference: URL:http://xforce.iss.net/static/7636.php
Reference: BID:3597
Reference: URL:http://www.securityfocus.com/bid/3597

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the
File Download dialogue box to misrepresent the name of the file in the
dialogue in a way that could fool users into thinking that the file
type is safe to download.

INFERRED ACTION: CAN-2001-0875 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech


======================================================
Candidate: CAN-2001-0876
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0876
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#951555
Reference: URL:http://www.kb.cert.org/vuls/id/951555
Reference: XF:win-upnp-notify-bo(7721)
Reference: URL:http://xforce.iss.net/static/7721.php
Reference: BID:3723
Reference: URL:http://www.securityfocus.com/bid/3723

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98E,
ME, and XP allows remote attackers to execute arbitrary code via a
NOTIFY directive with a long Location URL.

INFERRED ACTION: CAN-2001-0876 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech

Voter Comments:
 Frech> ADDREF:ISS:Multiple Vulnerabilities in Universal Plug and
   Play Service
   URL:http://xforce.iss.net/alerts/advise106.php
   Is Windows 98E perhaps supposed to be Windows 98SE (Second Edition)?


======================================================
Candidate: CAN-2001-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0877
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: BUGTRAQ:20020109 UPNP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/249238
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#411059
Reference: URL:http://www.kb.cert.org/vuls/id/411059
Reference: XF:win-upnp-udp-dos(7722)
Reference: URL:http://xforce.iss.net/static/7722.php

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows
remote attackers to cause a denial of service via (1) a spoofed SSDP
advertisement that causes the client to connect to a service on
another machine that generates a large amount of traffic (e.g.,
chargen), or (2) via a spoofed SSDP announcement to broadcast or
multicast addresses, which could cause all UPnP clients to send
traffic to a single target system.


Modifications:
  DESC fix typo

INFERRED ACTION: CAN-2001-0877 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech

Voter Comments:
 Frech> ADDREF:ISS:Multiple Vulnerabilities in Universal Plug and Play
   Service
   URL:http://xforce.iss.net/alerts/advise106.php
   Is Windows 98E perhaps supposed to be Windows 98SE (Second Edition)?


======================================================
Candidate: CAN-2001-0879
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0879
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp
Reference: XF:mssql-c-runtime-format-string(7725)
Reference: URL:http://xforce.iss.net/static/7725.php
Reference: BID:3732
Reference: URL:http://www.securityfocus.com/bid/3732

Format string vulnerability in the C runtime functions in SQL Server
7.0 and 2000 allows attackers to cause a denial of service.

INFERRED ACTION: CAN-2001-0879 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech


======================================================
Candidate: CAN-2001-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0954
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780146532131&w=2L:1
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
Reference: XF:lotus-domino-database-dos(7684)
Reference: URL:http://xforce.iss.net/static/7684.php
Reference: BID:3656
Reference: URL:http://www.securityfocus.com/bid/3656

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows
remote attackers to cause a denial of service (block access to
databases that have not been previously accessed) via a URL that
includes the . (dot) directory.

INFERRED ACTION: CAN-2001-0954 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech


======================================================
Candidate: CAN-2001-0963
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0963
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: XF:spoonftp-dot-directory-traversal(7147)
Reference: URL:http://xforce.iss.net/static/7147.php
Reference: BID:3351
Reference: URL:http://online.securityfocus.com/bid/3351

Directory traversal vulnerability in SpoonFTP 1.1 allows local and
sometimes remote attackers to access files outside of the FTP root via
a ... (modified dot dot) in the CD (CWD) command.


Modifications:
  ADDREF BID:3351

INFERRED ACTION: CAN-2001-0963 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0965
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html
Reference: CONFIRM:http://www.glftpd.org/
Reference: BID:3201
Reference: URL:http://www.securityfocus.com/bid/3201
Reference: XF:glftpd-list-dos(7001)
Reference: URL:http://www.iss.net/security_center/static/7001.php

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU
consumption) via a LIST command with an argument that contains a large
number of * (asterisk) characters.


Modifications:
  ADDREF XF:glftpd-list-dos(7001)

INFERRED ACTION: CAN-2001-0965 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0969
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
Reference: XF:ipfw-me-unauthorized-access(7002)
Reference: URL:http://xforce.iss.net/static/7002.php
Reference: BID:3206
Reference: URL:http://www.securityfocus.com/bid/3206

ipfw in FreeBSD does not properly handle the use of "me" in its rules
when point to point interfaces are used, which causes ipfw to allow
connections from arbitrary remote hosts.

INFERRED ACTION: CAN-2001-0969 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0973
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010822 BSCW symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html
Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt
Reference: CERT-VN:VU#465971
Reference: URL:http://www.kb.cert.org/vuls/id/465971
Reference: BID:3227
Reference: URL:http://online.securityfocus.com/bid/3227
Reference: XF:bscw-extracted-file-symlink(7029)
Reference: URL:http://www.iss.net/security_center/static/7029.php

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers
to read or modify arbitrary files by uploading and extracting a tar
file with a symlink into the data-bag space.


Modifications:
  ADDREF BID:3227
  ADDREF CERT-VN:VU#465971
  ADDREF XF:bscw-extracted-file-symlink(7029)

INFERRED ACTION: CAN-2001-0973 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Green, Baker, Foat, Cole, Armstrong
   NOOP(1) Wall


======================================================
Candidate: CAN-2001-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0980
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CALDERA:CSSA-2001-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt
Reference: XF:docview-httpd-command-execution(6854)
Reference: URL:http://xforce.iss.net/static/6854.php
Reference: BID:3052
Reference: URL:http://www.securityfocus.com/bid/3052

docview before 1.0-15 allows remote attackers to execute arbitrary
commands via shell metacharacters that are processed when converting a
man page to a web page.

INFERRED ACTION: CAN-2001-0980 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0982
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html
Reference: AIXAPAR:IY18152
Reference: CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README
Reference: XF:tivoli-secureway-dot-directory-traversal(6884)
Reference: URL:http://xforce.iss.net/static/6884.php
Reference: BID:3080
Reference: URL:http://www.securityfocus.com/bid/3080

Directory traversal vulnerability in IBM Tivoli WebSEAL Policy
Director 3.01 through 3.7.1 allows remote attackers to read arbitrary
files or directories via encoded .. (dot dot) sequences containing
"%2e" strings.

INFERRED ACTION: CAN-2001-0982 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Green, Baker, Bollinger, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0987
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
Reference: CONFIRM:http://cgiwrap.sourceforge.net/changes.html
Reference: BID:3084
Reference: URL:http://www.securityfocus.com/bid/3084
Reference: XF:cgiwrap-cross-site-scripting(6886)
Reference: URL:http://xforce.iss.net/static/6886.php

Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote
attackers to execute arbitrary Javascript on other web clients by
causing the Javascript to be inserted into error messages that are
generated by CGIWrap.

INFERRED ACTION: CAN-2001-0987 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0993
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: NETBSD:NetBSD-SA2001-011
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html
Reference: XF:bsd-kernel-sendmsg-dos(6908)
Reference: URL:http://xforce.iss.net/static/6908.php
Reference: BID:3088
Reference: URL:http://www.securityfocus.com/bid/3088

sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause
a denial of service (kernel trap or panic) via a msghdr structure with
a large msg_controllen length.

INFERRED ACTION: CAN-2001-0993 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0995
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/210349
Reference: MISC:http://www.phprojekt.com/ChangeLog
Reference: BID:3239
Reference: URL:http://www.securityfocus.com/bid/3239
Reference: XF:phprojekt-id-modify(7035)
Reference: URL:http://xforce.iss.net/static/7035.php

PHProjekt before 2.4a allows remote attackers to perform actions as
other PHProjekt users by modifying the ID number in an HTTP request to
PHProjekt CGI programs.

INFERRED ACTION: CAN-2001-0995 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Green, Baker, Cole, Armstrong
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-0998
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0998
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010924 HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216105
Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"
Reference: URL:http://www.securityfocus.com/archive/1/217910
Reference: AIXAPAR:IY20943
Reference: AIXAPAR:IY17630
Reference: XF:hacmp-portscan-dos(7165)
Reference: URL:http://xforce.iss.net/static/7165.php
Reference: BID:3358
Reference: URL:http://www.securityfocus.com/bid/3358

IBM HACMP 4.4 allows remote attackers to cause a denial of service via
a completed TCP connection to HACMP ports (e.g., using a port scan)
that does not send additional data, which causes a failure in snmpd.

INFERRED ACTION: CAN-2001-0998 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Green, Baker, Cole
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1010
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010721 Sambar Web Server pagecount exploit code
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: XF:sambar-pagecount-overwrite-files(6916)
Reference: URL:http://xforce.iss.net/static/6916.php
Reference: BID:3092
Reference: URL:http://www.securityfocus.com/bid/3092

Directory traversal vulnerability in pagecount CGI script in Sambar
Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary
files via a .. (dot dot) attack on the page parameter.

INFERRED ACTION: CAN-2001-1010 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1011
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz
Reference: BID:3093
Reference: URL:http://www.securityfocus.com/bid/3093
Reference: XF:mambo-phpsessid-gain-privileges(6910)
Reference: URL:http://xforce.iss.net/static/6910.php

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote
attackers to gain Mambo administrator privileges by setting the
PHPSESSID parameter and providing the appropriate administrator
information in other parameters.

INFERRED ACTION: CAN-2001-1011 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1016
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/211806
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp
Reference: BID:3280
Reference: URL:http://www.securityfocus.com/bid/3280
Reference: XF:pgp-invalid-key-display(7081)
Reference: URL:http://xforce.iss.net/static/7081.php

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3,
Freeware before 7.0.3, and E-Business Server before 7.1 does not
properly display when invalid userID's are used to sign a message,
which could allow an attacker to make the user believe that the
document has been signed by a trusted third party by adding a second,
invalid user ID to a key which has already been signed by the third
party, aka the "PGPsdk Key Validity Vulnerability."

INFERRED ACTION: CAN-2001-1016 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1017
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:59
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
Reference: XF:rmuser-insecure-password-file(7086)
Reference: URL:http://xforce.iss.net/static/7086.php
Reference: BID:3282
Reference: URL:http://www.securityfocus.com/bid/3282

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the
master.passwd file with world-readable permissions while updating the
original file, which could allow local users to gain privileges by
reading the copied file while rmuser is running, obtain the password
hashes, and crack the passwords.

INFERRED ACTION: CAN-2001-1017 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1020
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010905 directorymanager bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589
Reference: BID:3288
Reference: URL:http://www.securityfocus.com/bid/3288
Reference: XF:directory-manager-execute-commands(7079)
Reference: URL:http://xforce.iss.net/static/7079.php

edit_image.php in Vibechild Directory Manager before 0.91 allows
remote attackers to execute arbitrary commands via shell
metacharacters in the userfile_name parameter, which is sent
unfiltered to the PHP passthru function.

INFERRED ACTION: CAN-2001-1020 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1035
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: DEBIAN:DSA-078
Reference: URL:http://www.debian.org/security/2001/dsa-078
Reference: BID:3364
Reference: URL:http://www.securityfocus.com/bid/3364
Reference: XF:slrn-decode-script-execution(7166)
Reference: URL:http://xforce.iss.net/static/7166.php

Binary decoding feature of slrn 0.9 and earlier allows remote
attackers to execute commands via shell scripts that are inserted into
a news post.

INFERRED ACTION: CAN-2001-1035 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1037
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: XF:cisco-sn-gain-access(6827)
Reference: URL:http://xforce.iss.net/static/6827.php
Reference: BID:3131
Reference: URL:http://www.securityfocus.com/bid/3131

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to
access a developer's shell without a password and execute certain
restricted commands without being logged.

INFERRED ACTION: CAN-2001-1037 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1038
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: CIAC:L-112
Reference: URL:http://www.ciac.org/ciac/bulletins/l-112.shtml
Reference: XF:cisco-sn-dos(6826)
Reference: URL:http://xforce.iss.net/static/6826.php
Reference: BID:3014
Reference: URL:http://online.securityfocus.com/bid/3014

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote
attackers to cause a denial of service (reboot) via a series of
connections to TCP port 8023.


Modifications:
  ADDREF BID:3014

INFERRED ACTION: CAN-2001-1038 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1048
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php
Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
Reference: BID:3387
Reference: URL:http://www.securityfocus.com/bid/3387
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

AWOL PHP script allows remote attackers to include arbitrary files
from remote web sites via an HTTP request that sets the includedir
variable.


Modifications:
  ADDREF XF:php-includedir-code-execution(7215)

INFERRED ACTION: CAN-2001-1048 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Baker, Cole
   MODIFY(1) Green
   NOOP(2) Wall, Foat

Voter Comments:
 Green> CLARIFICATION FROM VENDOR MISSING


======================================================
Candidate: CAN-2001-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1049
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://phorecast.org/
Reference: BID:3388
Reference: URL:http://www.securityfocus.com/bid/3388
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

Phorecast PHP script before 0.40 allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.

INFERRED ACTION: CAN-2001-1049 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1054
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952
Reference: BID:3392
Reference: URL:http://www.securityfocus.com/bid/3392
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

PHPAdsNew PHP script allows remote attackers to include arbitrary
files from remote web sites via an HTTP request that sets the
includedir variable.

INFERRED ACTION: CAN-2001-1054 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Baker, Cole, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1056
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html
Reference: BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
Reference: BID:3117
Reference: URL:http://www.securityfocus.com/bid/3117
Reference: XF:linux-ipmasqirc-bypass-protection(6923)
Reference: URL:http://www.iss.net/security_center/static/6923.php

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows
remote attackers to bypass intended firewall restrictions by causing
the target system to send a "DCC SEND" request to a malicious server
which listens on port 6667, which may cause the module to believe that
the traffic is a valid request and allow the connection to the port
specified in the DCC SEND request.


Modifications:
  ADDREF XF:linux-ipmasqirc-bypass-protection(6923)

INFERRED ACTION: CAN-2001-1056 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1063
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CALDERA:CSSA-2001-SCO.14
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt
Reference: BID:3244
Reference: URL:http://www.securityfocus.com/bid/3244
Reference: XF:unixware-openunix-uidadmin-bo(7036)
Reference: URL:http://xforce.iss.net/static/7036.php

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7
allows local users to gain root privileges via a long -S (scheme)
command line argument.

INFERRED ACTION: CAN-2001-1063 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1067
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html
Reference: BUGTRAQ:20010906 AOLserver exploit code
Reference: URL:http://www.securityfocus.com/archive/1/213041
Reference: BID:3230
Reference: URL:http://www.securityfocus.com/bid/3230
Reference: XF:aolserver-long-password-dos(7030)
Reference: URL:http://xforce.iss.net/static/7030.php

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a
denial of service, and possibly execute arbitrary code, via an HTTP
request with a long Authorization header.

INFERRED ACTION: CAN-2001-1067 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Baker, Cole, Green
   NOOP(2) Foat, Armstrong


======================================================
Candidate: CAN-2001-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1075
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html
Reference: BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html
Reference: XF:cobalt-poprelayd-mail-relay(6806)
Reference: URL:http://xforce.iss.net/static/6806.php
Reference: BID:2986
Reference: URL:http://www.securityfocus.com/bid/2986

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote
attackers to bypass authentication for relaying by causing a "POP
login by user" string that includes the attacker's IP address to be
injected into the maillog log file.

INFERRED ACTION: CAN-2001-1075 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Baker, Cole, Armstrong, Green
   NOOP(2) Wall, Foat


======================================================
Candidate: CAN-2001-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1080
Final-Decision:
Interim-Decision: 20020301
Modified: 20020228-01
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: IBM:MSS-OAR-E01-2001:225.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt
Reference: XF:aix-diagrpt-root-shell(6734)
Reference: URL:http://xforce.iss.net/static/6734.php
Reference: BID:2916
Reference: URL:http://online.securityfocus.com/bid/2916

diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable
to find and execute certain programs, which allows local users to gain
privileges by modifying the variable to point to a Trojan horse
program.


Modifications:
  ADDREF BID:2916

INFERRED ACTION: CAN-2001-1080 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Baker, Bollinger, Cole, Armstrong, Green
   NOOP(3) Wall, Foat, Christey

Voter Comments:
 Green> Rather vague description, but since vendor acknowledges.....
 Christey> This is a relatively common problem.  The description is
   sufficiently detailed.


======================================================
Candidate: CAN-2002-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005
Final-Decision:
Interim-Decision: 20020301
Modified:
Proposed: 20020131
Assigned: 20020107
Category: SF
Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2
Reference: BUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.securityfocus.com/archive/1/247944
Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
Reference: NTBUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
Reference: BID:3769
Reference: URL:http://www.securityfocus.com/bid/3769
Reference: XF:aim-game-overflow(7743)
Reference: URL:http://xforce.iss.net/static/7743.php

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and
other versions allows remote attackers to execute arbitrary code via a
long argument in a game request (AddGame).

INFERRED ACTION: CAN-2002-0005 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Baker, Cole, Frech, Green
   NOOP(1) Foat

Page Last Updated or Reviewed: May 22, 2007