[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-80 - 40 candidates



I am proposing cluster RECENT-80 for review and voting by the
Editorial Board.

Name: RECENT-80
Description: Candidates announced between 3/3/2001 and 7/26/2001
Size: 40

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0731
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0731
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20011008
Category: SF
Reference: BUGTRAQ:20010709 How Google indexed a file with no external link
Reference: URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net
Reference: CONFIRM:http://www.apacheweek.com/issues/01-10-05#security
Reference: MANDRAKE:MDKSA-2001:077
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3
Reference: BID:3009
Reference: URL:http://www.securityfocus.com/bid/3009

Apache 1.3.20 with Multiviews enabled allows remote attackers to view
directory contents and bypass the index page via a URL containing the
"M=D" query string.

Analysis
----------------
ED_PRI CAN-2001-0731 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1084
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1084
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194464
Reference: ALLAIRE:MPSB01-06
Reference: URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full
Reference: BID:2983
Reference: URL:http://www.securityfocus.com/bid/2983
Reference: XF:java-servlet-crosssite-scripting(6793)
Reference: URL:http://www.iss.net/security_center/static/6793.php

Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier
allows a malicious webmaster to embed Javascript in a request for a
.JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which
causes the Javascript to be inserted into an error message.

Analysis
----------------
ED_PRI CAN-2001-1084 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing
Reference: URL:http://www.securityfocus.com/archive/1/188752
Reference: CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241
Reference: XF:outlook-address-book-spoofing(6655)
Reference: URL:http://xforce.iss.net/static/6655.php
Reference: BID:2823
Reference: URL:http://www.securityfocus.com/bid/2823

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier,
with the "Automatically put people I reply to in my address book"
option enabled, do not notify the user when the "Reply-To" address is
different than the "From" address, which could allow an untrusted
remote attacker to spoof legitimate addresses and intercept email from
the client that is intended for another user.

Analysis
----------------
ED_PRI CAN-2001-1088 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
Reference: XF:snapstream-dot-directory-traversal(6917)
Reference: URL:http://xforce.iss.net/static/6917.php
Reference: BID:3100
Reference: URL:http://www.securityfocus.com/bid/3100

Directory traversal vulnerability in SnapStream PVS 1.2a allows remote
attackers to read arbitrary files via a .. (dot dot) attack in the
requested URL.

Analysis
----------------
ED_PRI CAN-2001-1108 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: The online bulletin board includes a query about
whether SnapStream fixed certain bugs, which included a URL to the
problem description which indicates that it's the same as the Bugtraq
post.  "rakeshagrawal," whose email address is from SnapStream, said
"issue 1 has been corrected," and issue 1 is the directory traversal
problem identified in the Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1121
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194464
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full
Reference: XF:java-servlet-crosssite-scripting(6793)
Reference: URL:http://xforce.iss.net/static/6793.php
Reference: BID:2983
Reference: URL:http://www.securityfocus.com/bid/2983

Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows
remote attackers to execute JavaScript on other clients via a web page
URL that references a non-existent JSP file or Servlet, which causes
the script to be returned in an error message.

Analysis
----------------
ED_PRI CAN-2001-1121 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1141
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a
Reference: URL:http://www.securityfocus.com/archive/1/195829
Reference: FREEBSD:FreeBSD-SA-01:51
Reference: URL:http://www.securityfocus.com/advisories/3475
Reference: NETBSD:NetBSD-SA2001-013
Reference: URL:http://www.securityfocus.com/advisories/3512
Reference: CONECTIVA:CLA-2001:418
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
Reference: MANDRAKE:MDKSA-2001:065
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
Reference: REDHAT:RHSA-2001:051-18
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-051.html
Reference: ENGARDE:ESA-20010709-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1483.html
Reference: BID:3004
Reference: URL:http://www.securityfocus.com/bid/3004
Reference: XF:openssl-prng-brute-force(6823)
Reference: URL:http://xforce.iss.net/static/6823.php

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before
0.9.6b allows attackers to use the output of small PRNG requests to
determine the internal state information, which could be used by
attackers to predict future pseudo-random numbers.

Analysis
----------------
ED_PRI CAN-2001-1141 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty
Reference: URL:http://www.securityfocus.com/archive/1/196272
Reference: NTBUGTRAQ:20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558
Reference: CERT-VN:VU#190267
Reference: URL:http://www.kb.cert.org/vuls/id/190267
Reference: BID:3020
Reference: URL:http://www.securityfocus.com/bid/3020
Reference: XF:mcafee-mycio-directory-traversal(6834)
Reference: URL:http://www.iss.net/security_center/static/6834.php

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0
allows remote attackers to read arbitrary files via a .. (dot dot) in
the HTTP request.

Analysis
----------------
ED_PRI CAN-2001-1144 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: NETBSD:NetBSD-SA2001-016
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
Reference: FREEBSD:FreeBSD-SA-01:40
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001
Reference: URL:http://www.openbsd.org/errata28.html
Reference: BID:3205
Reference: URL:http://online.securityfocus.com/bid/3205

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and
OpenBSD 2.9 and earlier can be forced to change (chdir) into a
different directory than intended when the directory above the current
directory is moved, which could cause scripts to perform dangerous
actions on the wrong directories.

Analysis
----------------
ED_PRI CAN-2001-1145 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: ENGARDE:ESA-20010711-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1492.html
Reference: XF:allcommerce-temp-symlink(6830)
Reference: URL:http://xforce.iss.net/static/6830.php
Reference: BID:3016
Reference: URL:http://online.securityfocus.com/bid/3016

AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1
creates teporary files with predictable names, which allows local
users to modify files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-1146 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: BUGTRAQ:20010709 Check Point FireWall-1 RDP Bypass Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html
Reference: BUGTRAQ:20010709 Check Point response to RDP Bypass
Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1
Reference: CHECKPOINT:20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx
Reference: URL:http://www.checkpoint.com/techsupport/alerts/rdp.html
Reference: CERT:CA-2001-17
Reference: URL:http://www.cert.org/advisories/CA-2001-17.html
Reference: CERT-VN:VU#310295
Reference: URL:http://www.kb.cert.org/vuls/id/310295
Reference: CIAC:L-109
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-109.shtml
Reference: XF:fw1-rdp-bypass(6815)
Reference: URL:http://xforce.iss.net/static/6815.php
Reference: BID:2952
Reference: URL:http://www.securityfocus.com/bid/2952

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro,
accept_fw1_rdp, which can allow remote attackers to bypass intended
restrictions with forged RDP (internal protocol) headers to UDP port
259 of arbitrary hosts.

Analysis
----------------
ED_PRI CAN-2001-1158 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1161
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1161
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010702 Lotus Domino Server Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194465
Reference: BUGTRAQ:20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194609
Reference: CERT-VN:VU#642239
Reference: URL:http://www.kb.cert.org/vuls/id/642239
Reference: BID:2962
Reference: URL:http://www.securityfocus.com/bid/2962
Reference: XF:lotus-domino-css(6789)
Reference: URL:http://www.iss.net/security_center/static/6789.php

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows
remote attackers to execute script on other web clients via a URL that
ends in Javascript, which generates an error message that does not
quote the resulting script.

Analysis
----------------
ED_PRI CAN-2001-1161 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1162
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010623 smbd remote file creation vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/193027
Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/macroexploit.html
Reference: MANDRAKE:MDKSA-2001-062
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3
Reference: HP:HPSBUX0107-157
Reference: URL:http://www.securityfocus.com/advisories/3423
Reference: SGI:20011002-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P
Reference: CIAC:L-105
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
Reference: IMMUNIX:IMNX-2001-70-027-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
Reference: CALDERA:CSSA-2001-024.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
Reference: CONECTIVA:CLA-2001:405
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
Reference: REDHAT:RHSA-2001:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-086.html
Reference: DEBIAN:DSA-065
Reference: URL:http://www.debian.org/security/2001/dsa-065
Reference: BID:2928
Reference: URL:http://www.securityfocus.com/bid/2928
Reference: XF:samba-netbios-file-creation(6731)
Reference: URL:http://xforce.iss.net/static/6731.php

Directory traversal vulnerability in the %m macro in the smb.conf
configuration file in Samba before 2.2.0a allows remote attackers to
overwrite certain files via a .. in a NETBIOS name, which is used as
the name for a .log file.

Analysis
----------------
ED_PRI CAN-2001-1162 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1172
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html
Reference: CONFIRM:http://www.omnisecure.com/security-alert.html
Reference: XF:httprotect-protected-file-symlink(6880)
Reference: URL:http://xforce.iss.net/static/6880.php

OmniSecure HTTProtect 1.1.1 allows a superuser without omnish
privileges to modify a protected file by creating a symbolic link to
that file.

Analysis
----------------
ED_PRI CAN-2001-1172 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1174
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: REDHAT:RHSA-2001:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-091.html
Reference: MANDRAKE:MDKSA-2001:067
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php
Reference: XF:elm-messageid-bo(6852)
Reference: URL:http://xforce.iss.net/static/6852.php

Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to
execute arbitrary code via a long Message-ID header.

Analysis
----------------
ED_PRI CAN-2001-1174 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: REDHAT:RHSA-2001:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-095.html
Reference: XF:vipw-world-readable-files(6851)
Reference: URL:http://xforce.iss.net/static/6851.php
Reference: BID:3036
Reference: URL:http://www.securityfocus.com/bid/3036

vipw in the util-linux package before 2.10 causes /etc/shadow to be
world-readable in some cases, which would make it easier for local
users to perform brute force password guessing.

Analysis
----------------
ED_PRI CAN-2001-1175 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010712 VPN-1/FireWall-1 Format Strings Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/format_strings.html
Reference: BID:3021
Reference: URL:http://www.securityfocus.com/bid/3021
Reference: XF:fw1-management-format-string(6849)
Reference: URL:http://xforce.iss.net/static/6849.php

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows
a remote authenticated firewall administrator to execute arbitrary
code via format strings in the control connection.

Analysis
----------------
ED_PRI CAN-2001-1176 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1180
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
Reference: CIAC:L-111
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
Reference: CERT-VN:VU#943633
Reference: URL:http://www.kb.cert.org/vuls/id/943633
Reference: FREEBSD:FreeBSD-SA-01:42
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
Reference: XF:bsd-rfork-signal-handlers(6829)
Reference: URL:http://xforce.iss.net/static/6829.php
Reference: BID:3007
Reference: URL:http://www.securityfocus.com/bid/3007

FreeBSD 4.3 does not properly clear shared signal handlers when
executing a process, which allows local users to gain privileges by
calling rfork with a shared signal handler, having the child process
execute a setuid program, and sending a signal to the child.

Analysis
----------------
ED_PRI CAN-2001-1180 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1183
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CISCO:20010712 Cisco IOS PPTP Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html
Reference: CERT-VN:VU#656315
Reference: URL:http://www.kb.cert.org/vuls/id/656315
Reference: BID:3022
Reference: URL:http://www.securityfocus.com/bid/3022
Reference: XF:cisco-ios-pptp-dos(6835)
Reference: URL:http://xforce.iss.net/static/6835.php

PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers
to cause a denial of service (crash) via a malformed packet.

Analysis
----------------
ED_PRI CAN-2001-1183 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CERT-VN:VU#320944
Reference: URL:http://www.kb.cert.org/vuls/id/320944
Reference: XF:ftp-voyager-embedded-script-execution(7119)
Reference: URL:http://xforce.iss.net/static/7119.php

FTP Voyager ActiveX control before 8.0, when it is marked as safe for
scripting (the default) or if allowed by the IObjectSafety interface,
allows remote attackers to execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-1103 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1085
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010705 lmail local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/195022
Reference: XF:lmail-tmpfile-symlink(6809)
Reference: URL:http://xforce.iss.net/static/6809.php
Reference: BID:2984
Reference: URL:http://www.securityfocus.com/bid/2984

Lmail 2.7 and earlier allows local users to overwrite arbitrary files
via a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-2001-1085 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010704 xdm cookies fast brute force
Reference: URL:http://www.securityfocus.com/archive/1/194907
Reference: BUGTRAQ:20010705 Re: xdm cookies fast brute force
Reference: URL:http://online.securityfocus.com/archive/1/195008
Reference: BID:2985
Reference: URL:http://www.securityfocus.com/bid/2985
Reference: XF:xdm-cookie-brute-force(6808)
Reference: URL:http://xforce.iss.net/static/6808.php

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using
gettimeofday() when compiled with the HasXdmXauth option, which allows
remote attackers to gain unauthorized access to the X display via a
brute force attack.

Analysis
----------------
ED_PRI CAN-2001-1086 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: BUGTRAQ:20010705 RE: Tunnel ports allowed on NetApp NetCaches
Reference: URL:http://www.securityfocus.com/archive/1/195176
Reference: XF:netcache-tunnel-default-configuration(6807)
Reference: URL:http://xforce.iss.net/static/6807.php
Reference: BID:2990
Reference: URL:http://www.securityfocus.com/bid/2990

The default configuration of the config.http.tunnel.allow_ports option
on NetCache devices is set to +all, which allows remote attackers to
connect to arbitrary ports on remote systems behind the device.

Analysis
----------------
ED_PRI CAN-2001-1087 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010724 UDP packet handling weird behaviour of various operating systems
Reference: URL:http://www.securityfocus.com/archive/1/199558
Reference: BUGTRAQ:20010811 Re: UDP packet handling weird behaviour of various operating systems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99749327219189&w=2
Reference: BID:3096
Reference: URL:http://www.securityfocus.com/bid/3096
Reference: XF:cisco-ios-udp-dos(6319)
Reference: URL:http://xforce.iss.net/static/6913.php

Cisco routers and switches running IOS 12.0 through 12.2.1 allows a
remote attacker to cause a denial of service via a flood of UDP
packets.

Analysis
----------------
ED_PRI CAN-2001-1097 3
Vendor Acknowledgement: unknown vague

INCLUSION: The original post does not include specific details about
the nature of the UDP packets.  In addition, the vendor response
indicated difficulty with reproducing the problem, but it may have
been due to lack of detail in the original post.  Finally, there is a
long Bugtraq thread in which some posters suggest that the problem may
be due to variations in hardware capabilities as opposed to underlying
software flaws, but other followups indicate successful attacks on
other operating systems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010725 Weak TCP Sequence Numbers in Sonicwall SOHO Firewall
Reference: URL:http://www.securityfocus.com/archive/1/199632
Reference: BID:3098
Reference: URL:http://www.securityfocus.com/bid/3098

SonicWALL SOHO uses easily predictable TCP sequence numbers, which
allows remote attackers to spoof or hijack sessions.

Analysis
----------------
ED_PRI CAN-2001-1104 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010725 Sambar Server password decryption
Reference: URL:http://www.securityfocus.com/archive/1/199418
Reference: BID:3095
Reference: URL:http://www.securityfocus.com/bid/3095
Reference: XF:sambar-insecure-passwords(6909)
Reference: URL:http://xforce.iss.net/static/6909.php

The default configuration of Sambar Server 5 and earlier uses a
symmetric key that is compiled into the binary program for encrypting
passwords, which could allow local users to break all user passwords
by cracking the key or modifying a copy of the sambar program to call
the decryption procedure.

Analysis
----------------
ED_PRI CAN-2001-1106 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
Reference: XF:snapstream-dot-directory-traversal(6917)
Reference: URL:http://xforce.iss.net/static/6917.php
Reference: BID:3101
Reference: URL:http://www.securityfocus.com/bid/3101

SnapStream PVS 1.2a stores its passwords in plaintext in the file
SSD.ini, which could allow a remote attacker to gain privileges on the
server.

Analysis
----------------
ED_PRI CAN-2001-1107 3
Vendor Acknowledgement: yes bboard
Content Decisions: DESIGN-NO-ENCRYPTION

ACKNOWLEDGEMENT: The online bulletin board includes a query about
whether SnapStream fixed certain bugs, which included a URL to the
problem description which indicates that it's the same as the Bugtraq
post.  "rakeshagrawal," whose email address is from SnapStream, said
"passwords are still stored in plaintext on a SnapStream user's
machine" which is an indicator of acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1120
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CONFIRM:http://www.allaire.com/handlers/index.cfm?id=21566
Reference: CERT-VN:VU#135531
Reference: URL:http://www.kb.cert.org/vuls/id/135531
Reference: BUGTRAQ:20010712 New Cold Fusion vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/196452
Reference: XF:coldfusion-unauthorized-file-access(6839)
Reference: URL:http://xforce.iss.net/static/6839.php
Reference: BID:3018
Reference: URL:http://www.securityfocus.com/bid/3018

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote
attackers to (1) read or delete arbitrary files, or (2) overwrite
ColdFusion Server templates

Analysis
----------------
ED_PRI CAN-2001-1120 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CD:SF-LOC suggests splitting problems of different types.
However, the vendor advisory does not provide enough details to be
certain if this is the case.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1142
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010712 ArGoSoft FTP Server 1.2.2.2 Weak password encryption
Reference: URL:http://www.securityfocus.com/archive/1/196968
Reference: BID:3029
Reference: URL:http://www.securityfocus.com/bid/3029
Reference: XF:argosoft-ftp-weak-encryption(6848)
Reference: URL:http://www.iss.net/security_center/static/6848.php

ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords,
which allows an attacker with access to the password file to gain
privileges.

Analysis
----------------
ED_PRI CAN-2001-1142 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010711 IBM Windows DB2 DoS
Reference: URL:http://www.securityfocus.com/archive/1/196140
Reference: BID:3010
Reference: URL:http://www.securityfocus.com/bid/3010
Reference: XF:ibm-db2-ccs-dos(6832)
Reference: URL:http://www.iss.net/security_center/static/6832.php
Reference: XF:ibm-db2-jds-dos(6833)
Reference: URL:http://www.iss.net/security_center/static/6833.php

IBM DB2 7.0 allows a remote attacker to cause a denial of service
(crash) via a single byte to (1) db2ccs.exe on port 6790, or (2)
db2jds.exe on port 6789.

Analysis
----------------
ED_PRI CAN-2001-1143 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: VULN-DEV:20010613 SCO atcronsh auditsh termsh overflows
Reference: URL:http://www.securityfocus.com/archive/82/191216
Reference: CALDERA:CSSA-2001-SCO.25
Reference: URL:http://www.securityfocus.com/archive/1/219966

Buffer overflows in programs used by scoadmin and sysadmsh in SCO
OpenServer 5.0.6a and earlier allows local users to gain privileges
via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3)
authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.

Analysis
----------------
ED_PRI CAN-2001-1148 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, VAGUE

The SCO advisory is a little vague, so it can't be absolutely certain
that all of the programs mentioned are affected by an overflow through
TERM.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html
Reference: MISC:http://www.squirrelmail.org/changelog.php
Reference: BID:2968
Reference: URL:http://www.securityfocus.com/bid/2968
Reference: XF:squirrelmail-loadprefs-execute-code(6775)
Reference: URL:http://www.iss.net/security_center/static/6775.php

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and
earlier do not properly initialize certain PHP variables, which allows
remote attackers to (1) view sensitive files via the config_php and
data_dir options, and (2) execute arbitrary code by using
options_order.php to upload a message that could be interpreted as
PHP.

Analysis
----------------
ED_PRI CAN-2001-1159 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The change log for version 1.0.5 says, "MAJOR
security issues addressed."  The change log for Version 1.0.6 says,
"Reworked validation for each page. It's now standardized in
validate.php... Added more security checking to preference
saving/loading."  One of these change log quotes may refer to fixes
for the PHP input validation problems SquirrelMail suffered in earlier
versions.  Howeverm since the change log information is vague, it's
not clear that the change log is addressing this specific
vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010618 udirectory from Microburst Technologies remote command execution
Reference: URL:http://www.securityfocus.com/archive/1/191829
Reference: BID:2884
Reference: URL:http://www.securityfocus.com/bid/2884
Reference: XF:udirectory-remote-command-execution(6706)
Reference: URL:http://xforce.iss.net/static/6706.php

udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier
allows remote attackers to execute arbitrary commands via shell
metacharacters in the category_file field.

Analysis
----------------
ED_PRI CAN-2001-1160 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1163
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BID:2885
Reference: URL:http://www.securityfocus.com/bid/2885

Buffer overflow in Munica Corporation NetSQL 1.0 allows remote
attackers to execute arbitrary code via a long CONNECT argument to
port 6500.

Analysis
----------------
ED_PRI CAN-2001-1163 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1164
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CALDERA:CSSA-2001-SCO.4
Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.4/CSSA-2001-SCO.4.txt

Buffer overflow in uucp utilities in UnixWare 7 allows local users to
execute arbitrary code via long command line arguments to (1) uucp,
(2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

Analysis
----------------
ED_PRI CAN-2001-1164 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, VAGUE

INCLUSION: CAN-2001-0873 describes overflows through configuration
files, not command line arguments.  The advisory for this item is a
little too vague to be certain whether it is fixing a new set of
issues with the uucp utilities, or the problems that are identified by
CAN-2001-0873.  In addition, the advisory has no cross-references,
which could make it easier to determine if it was addressing the
CAN-2001-0873 problems.
It's also possible that this is fixing CVE-2001-0190.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1173
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CONFIRM:ftp://innominate.org/oku/masqmail/ChangeLog-stable

Vulnerability in MasqMail before 0.1.15 allows local users to gain
privileges via piped aliases.

Analysis
----------------
ED_PRI CAN-2001-1173 3
Vendor Acknowledgement: yes changelog
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html
Reference: BID:3008
Reference: URL:http://www.securityfocus.com/bid/3008
Reference: XF:samsung-printer-temp-symlink(6845)
Reference: URL:http://xforce.iss.net/static/6845.php

ml85p in Samsung ML-85G GDI printer driver allows local users to
overwrite arbitrary files via a symlink attack on temporary files.

Analysis
----------------
ED_PRI CAN-2001-1177 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1178
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010711 suid xman 3.1.6 overflows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html
Reference: BID:3030
Reference: URL:http://www.securityfocus.com/bid/3030
Reference: XF:xfree86-xman-manpath-bo(6853)
Reference: URL:http://xforce.iss.net/static/6853.php

Buffer overflow in xman allows local users to gain privileges via a
long MANPATH environment variable.

Analysis
----------------
ED_PRI CAN-2001-1178 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1179
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010717 xman (suid) exploit, made easier.
Reference: URL:http://www.securityfocus.com/archive/1/197498

xman allows local users to gain privileges by modifying the MANPATH to
point to a man page whose filename contains shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-1179 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: HP:HPSBUX0107-159
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0013.html
Reference: CIAC:L-115
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-115.shtml
Reference: XF:hpux-dlkm-gain-privileges(6861)
Reference: URL:http://xforce.iss.net/static/6861.php

Dynamically Loadable Kernel Module (dlkm) static kernel symbol table
in HP-UX 11.11 is not properly configured, which allows local users to
gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1181 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

INCLUSION: CD:VAGUE states that if a vendor acknowledges or publicizes
an issue and says it's security related, but the vendor is vague about
the details, it should still be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1182
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: HP:HPSBUX0107-160
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0014.html

Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows
restricted shell users to bypass certain security checks and gain
privileges.

Analysis
----------------
ED_PRI CAN-2001-1182 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

CD:VAGUE states that if a vendor acknowledges or publicizes an issue
and says it's security related, but the vendor is vague about the
details, it should still be included.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007