[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2001-001 - 45 candidates



I am proposing cluster MISC-2001-001 for review and voting by the
Editorial Board.

Name: MISC-2001-001
Description: Misc. candidates announced between 1/19/2001 and 6/30/2001
Size: 45

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.
Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-1246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1246
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010630 php breaks safe mode
Reference: URL:http://online.securityfocus.com/archive/1/194425
Reference: BID:2954
Reference: URL:http://online.securityfocus.com/bid/2954
Reference: XF:php-safemode-elevate-privileges(6787)
Reference: URL:http://www.iss.net/security_center/static/6787.php
Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th
parameter to the mail() function, which allows local users and
possibly remote attackers to execute arbitrary commands via shell
metacharacters.

Analysis
----------------
ED_PRI CAN-2001-1246 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: php-4.1.2 source, NEWS file, 10 Dec 2001, Version
4.1.0 states: "Fixed a bug that allowed users to spawn processes while
using the 5th parameter to mail()" The 5th param to mail was added in
version 4.0.5.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010630 php breaks safe mode
Reference: URL:http://online.securityfocus.com/archive/1/194425
Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read
and write files owned by the web server UID by uploading a PHP script
that uses the error_log function to access the files.

Analysis
----------------
ED_PRI CAN-2001-1247 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010621 ispell update -- Immunix OS 6.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99317439131174&w=2
Reference: IMMUNIX:IMNX-2001-62-004-01
Reference: URL:http://download.immunix.org/ImmunixOS/6.2/updates/IMNX-2001-62-004-01
Reference: MANDRAKE:MDKSA-2001:058
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-058.php3
Reference: REDHAT:RHSA-2001:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-074.html

ispell before 3.1.20 allows local users to overwrite files of other
users via a symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-2001-1276 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010611 man 1.5h10 + man 1.5i-4 exploits
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99227597227747&w=2
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805

makewhatis in the man package before 1.5i2 allows an attacker with man
privileges to overwrite arbitrary files via a man page whose name
contains shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-1277 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1322
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1322
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: REDHAT:RHSA-2001:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html
Reference: DEBIAN:DSA-063
Reference: URL:http://www.debian.org/security/2001/dsa-063
Reference: ENGARDE:ESA-20010621-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html
Reference: FREEBSD:FreeBSD-SA-01:47
Reference: URL:http://online.securityfocus.com/advisories/3446
Reference: SUSE:SuSE-SA:2001:022
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99384417013990&w=2
Reference: CONECTIVA:CLA-2001:404
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
Reference: MANDRAKE:MDKSA-2001:055
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3
Reference: IMMUNIX:IMNX-2001-70-024-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
Reference: XF:xinetd-insecure-permissions(6657)
Reference: URL:http://www.iss.net/security_center/static/6657.php
Reference: BID:2826
Reference: URL:http://online.securityfocus.com/bid/2826

xinetd 2.1.8 and earlier runs with a default umask of 0, which could
allow local users to read or modify files that are created by an
application that runs under xinetd but does not set its own safe
umask.

Analysis
----------------
ED_PRI CAN-2001-1322 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1324
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1324
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
Reference: MISC:http://securitytracker.com/alerts/2001/Jun/1001839.html
Reference: BID:2934
Reference: URL:http://www.securityfocus.com/bid/2934

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not
properly check the return value of a call to the pathexec_env
function, which could cause the setstate utility to setuid to the UID
environment variable and allow local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1324 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the CHANGES file in the distribution of idtools
includes an entry dated 2001.06.27, which states "check for memory
allocation failure from pathexec_env."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1327
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: TURBO:TLSA2001024
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with
setuid root privileges, which could allow local users to gain
privileges by exploiting vulnerabilities in pmake or programs that are
used by pmake.

Analysis
----------------
ED_PRI CAN-2001-1327 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1328
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category:
Reference: CIAC:L-103
Reference: AUSCERT:AA-2001.03
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03
Reference: SUN:00203
Reference: XF:solaris-ypbind-bo(6828)

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows
remote attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1328 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1331
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1331
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://online.securityfocus.com/advisories/3307
Reference: DEBIAN:DSA-056
Reference: URL:http://www.debian.org/security/2001/dsa-056
Reference: BID:2720
Reference: URL:http://online.securityfocus.com/bid/2720

mandb in the man-db package before 2.3.16-3 allows local users to
overwrite arbitrary files via the command line options (1) -u or (2)
-c, which do not drop privileges and follow symlinks.

Analysis
----------------
ED_PRI CAN-2001-1331 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1334
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1334
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=phpslash&m=99029398904419&w=2
Reference: BID:2724
Reference: URL:http://online.securityfocus.com/bid/2724

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with
PHPSlash administrator privileges to read arbitrary files by creating
a block and specifying the target file as the source URL.

Analysis
----------------
ED_PRI CAN-2001-1334 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1342
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1342
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010412 Apache Win32 8192 chars string bug
Reference: URL:http://online.securityfocus.com/archive/1/176144
Reference: BUGTRAQ:20010522 [Announce] Apache 1.3.20 Released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99054258728748&w=2
Reference: CONFIRM:http://bugs.apache.org/index.cgi/full/7522
Reference: XF:apache-server-dos(6527)
Reference: URL:http://www.iss.net/security_center/static/6527.php
Reference: BID:2740
Reference: URL:http://online.securityfocus.com/bid/2740

Apache before 1.3.20 on Windows and OS/2 systems allows remote
attackers to cause a denial of service (crash) via an HTTP request for
a URI that contains a large number of / (slash) or other characters,
which causes certain functions to dereference a null pointer.

Analysis
----------------
ED_PRI CAN-2001-1342 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1345
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010604 Fatal flaw in BestCrypt <= v0.7 (Linux)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0005.html
Reference: CONFIRM:http://www.jetico.com/index.htm#/linux.htm
Reference: XF:bestcrypt-bctool-gain-privileges(6648)
Reference: URL:http://xforce.iss.net/static/6648.php
Reference: BID:2820
Reference: URL:http://www.securityfocus.com/bid/2820

bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied
PATH to find and execute an fsck utility program, which allows local
users to gain privileges by modifying the PATH to point to a Trojan
horse program.

Analysis
----------------
ED_PRI CAN-2001-1345 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The change log includes an entry for version 0.8-2,
dated 04-June-2001, which states "root access bug fixed" and credits
the person who reported the problem to Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html
Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/187127
Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
Reference: BID:2794
Reference: URL:http://www.securityfocus.com/bid/2794

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local
users to cause a denial of service and possibly corrupt the heap and
gain privileges via race conditions in signal handlers.

Analysis
----------------
ED_PRI CAN-2001-1349 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1229
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020416
Category: SF
Reference: BUGTRAQ:20010312 Icecast / Libshout remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98438880622976&w=2
Reference: CONFIRM:http://www.xiph.org/archives/icecast/0074.html
Reference: CONECTIVA:CLA-2001:387
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387
Reference: REDHAT:RHSA-2002:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html

Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before
1.0.4 allow remote attackers to cause a denial of service (crash) and
execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1229 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-CODEBASE, SF-LOC

ABSTRACTION: CD:SF-LOC suggests creating separate items for the same
type of issue, if a problem appears in one version and not another.
Thus the buffer overflows that were fixed in 1.3.9 are separated from
those that were fixed in 1.3.10.

Since Icecast and libshout are both from the same vendor, it is likely
that they share a common codebase, so they are combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1230
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020416
Category: SF
Reference: BUGTRAQ:20010313 More Icecast remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98455723123298&w=2
Reference: DEBIAN:DSA-089
Reference: URL:http://www.debian.org/security/2001/dsa-089
Reference: REDHAT:RHSA-2002:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html

Buffer overflows in Icecast before 1.3.10 allow remote attackers to
cause a denial of service (crash) and execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1230 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: CD:SF-LOC suggests creating separate items for the same
type of issue, if a problem appears in one version and not another.
Thus the buffer overflows that were fixed in 1.3.9 are separated from
those that were fixed in 1.3.10.

It is not clear whether CONECTIVA:CLA-2001:387 fixes this issue
because it released patches for version 1.3.9, so the reference is not
included.  The advisory credits John Viega, but he reported other
issues several days earlier (CAN-2001-1229).  Since the Conectiva
advisory was posted before the new 1.3.10 version was announced, it
probably is not fixing the issues in 1.3.9.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1239
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BID:2992
Reference: URL:http://online.securityfocus.com/bid/2992

PowerNet IX allows remote attackers to cause a denial of service via a
port scan.

Analysis
----------------
ED_PRI CAN-2001-1239 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: BID:2975
Reference: URL:http://online.securityfocus.com/bid/2975
Reference: XF:vwebserver-asp-reveal-source(6769)
Reference: URL:http://www.iss.net/security_center/static/6769.php

vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts
via a request for an ASP script that ends with a URL-encoded space
character (%20).

Analysis
----------------
ED_PRI CAN-2001-1248 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1249
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: BID:2978
Reference: URL:http://online.securityfocus.com/bid/2978

vWebServer 1.2.0 allows remote attackers to cause a denial of service
via a URL that contains MS-DOS device names.

Analysis
----------------
ED_PRI CAN-2001-1249 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: BID:2979
Reference: URL:http://online.securityfocus.com/bid/2979
Reference: XF:vwebserver-long-url-dos(6771)
Reference: URL:http://www.iss.net/security_center/static/6771.php

vWebServer 1.2.0 allows remote attackers to cause a denial of service
(hang) via a small number of long URL requests, possibly due to a
buffer overflow.

Analysis
----------------
ED_PRI CAN-2001-1250 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: BID:2980
Reference: URL:http://online.securityfocus.com/bid/2980
Reference: XF:vwebserver-long-url-dos(6771)
Reference: URL:http://www.iss.net/security_center/static/6771.php

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a
denial of service via multiple long URL requests.

Analysis
----------------
ED_PRI CAN-2001-1251 3
Vendor Acknowledgement: unknown discloser-claimed

Discloser claims "all versions vulnerable" but only lists 2.x and 3.x,
not 1.x.  The lowest version listed (1.204) and the highest
version up to the post date (3.00 beta 8) were chosen.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010604 yet another sym link followers
Reference: URL:http://www.securityfocus.com/archive/1/188568
Reference: CERT-VN:VU#127435
Reference: URL:http://www.kb.cert.org/vuls/id/127435
Reference: CIAC:L-093
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-093.shtml
Reference: HP:HPSBUX0106-153
Reference: URL:http://online.securityfocus.com/advisories/3354
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
Reference: XF:hpux-kmmodreg-symlink(6656)
Reference: URL:http://xforce.iss.net/static/6656.php
Reference: BID:2821
Reference: URL:http://www.securityfocus.com/bid/2821

kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create
arbitrary world-writeable files via a symlink attack on the (1)
/tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.

Analysis
----------------
ED_PRI CAN-2001-1256 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

The HP:HPSBUX0106-153 is written too vaguely and does not have
sufficient details to be absolutely certain that it is addressing the
same issue.  However, CERT VU#127435 includes a vendor statement that
is the text of that advisory.  The CERT VU references BID:2821, which
in turn references the Bugtraq post.  Thus we finally have a link from
HP:HPSBUX0106-153 to the initial announcement... although
HP:HPSBUX0106-153 has no references to CERT VU's or any other
identifier, so this analysis can only be regarded as conclusive if
CERT obtained the statement directly from HP.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1263
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010606 advisory for Pragma Interaccess
Reference: URL:http://online.securityfocus.com/archive/1/189327
Reference: BID:2834
Reference: URL:http://online.securityfocus.com/bid/2834
Reference: XF:pragma-interaccess-dos(6658)
Reference: URL:http://xforce.iss.net/static/6658.php

telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers
to cause a denial of service (crash) via a large number of characters
to port 23, possibly due to a buffer overflow.

Analysis
----------------
ED_PRI CAN-2001-1263 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1273
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CIAC:L-045
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-045.shtml
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html

The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14,
when running on certain Intel CPUs, allows local users to cause a
denial of service (system halt).

Analysis
----------------
ED_PRI CAN-2001-1273 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1274
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010119 Re: MySQL Overflow + exploit [ops..sent a broken exploit :P]
Reference: BUGTRAQ:20010118 Buffer overflow in MySQL < 3.23.31
Reference: BUGTRAQ:20010119 Re: MySQL < 3.23.31 Overflow [exploit]
Reference: DEBIAN:DSA-013
Reference: URL:http://www.debian.org/security/2001/dsa-013
Reference: CALDERA:CSSA-2001-006.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt
Reference: CONECTIVA:CLA-2001:375
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375
Reference: FREEBSD:FreeBSD-SA-01:16
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98089552030459&w=2
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3
Reference: MANDRAKE:MDKSA-2001:014
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3
Reference: REDHAT:RHSA-2001:003
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-003.html

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a
denial of service and possibly gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1274 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CALDERA:CSSA-2001-006.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt
Reference: FREEBSD:FreeBSD-SA-01:16
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98089552030459&w=2
Reference: MANDRAKE:MDKSA-2001:014
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3
Reference: REDHAT:RHSA-2001:003
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-003.html

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW
GRANTS command to obtain the encrypted administrator password from the
mysql.user table and possibly gain privileges via password cracking.

Analysis
----------------
ED_PRI CAN-2001-1275 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010627 Active Web Classifieds failure to authenticate leads to arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0386.html
Reference: BID:2942
Reference: URL:http://online.securityfocus.com/bid/2942
Reference: XF:active-classifieds-admin-access(6754)
Reference: URL:http://xforce.iss.net/static/6754.php

admin.cgi in Active Classifieds Free Edition 1.0, and possibly
commercial versions, allows remote attackers to modify the
configuration, gain privileges, and execute arbitrary Perl code via
the table_width parameter.

Analysis
----------------
ED_PRI CAN-2001-1290 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1323
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1323
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010426 Security advisory: krb5 ftpd buffer overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98826223517788&w=2
Reference: IMMUNIX:IMNX-2001-70-022-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-022-01
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt
Reference: REDHAT:RHSA-2001:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-060.html

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via base-64 encoded data, which is not properly handled
when the radix_encode function processes file glob output from the
ftpglob function.

Analysis
----------------
ED_PRI CAN-2001-1323 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

ABSTRACTION: while this problem is very similar to the other FTP glob
problems that were discovered at the same time (CAN-2001-0247 through
CAN-2001-0249), the Kerberos advisory includes enough information to
indicate that the problem is in a different codebase than others, in
that is uses both radix_encode and ftpglob.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1325
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1325
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010420 XML scripting in IE, Outlook Express
Reference: URL:http://www.securityfocus.com/archive/1/3AE02004.57FDF958@guninski.com
Reference: XF:ie-xml-stylesheets-scripting(6448)
Reference: URL:http://xforce.iss.net/static/6448.php
Reference: BID:2633
Reference: URL:http://www.securityfocus.com/bid/2633

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow
remote attackers to execute scripts when Active Scripting is disabled
by including the scripts in XML stylesheets (XSL) that are referenced
using an IFRAME tag, possibly due to a vulnerability in Windows
Scripting Host (WSH).

Analysis
----------------
ED_PRI CAN-2001-1325 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

It is not clear from the exploit whether this is a discovery of an
alternate attack vector that takes advantage of a vulnerability that
was already addressed. The vulnerability reporter and vendor received
differing results, as did a large number of respondents to Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1326
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1326
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010528 feeble.hey!dora.exploit part.II
Reference: URL:http://www.securityfocus.com/archive/1/187128
Reference: BID:2796
Reference: URL:http://www.securityfocus.com/bid/2796

Eudora 5.1 allows remote attackers to execute arbitrary code when the
"Use Microsoft Viewer" option is enabled and the "allow executables in
HTML content" option is disabled, via an HTML email with a form that
is activated from an image that the attacker spoofs as a link, which
causes the user to execute the form and access embedded attachments.

Analysis
----------------
ED_PRI CAN-2001-1326 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: This problem is very similar to CVE-2001-0365, but this
issue affects version 5.1, whereas CVE-2001-0365 did not. Since the
problems occur in different versions, CD:SF-LOC suggests a SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1329
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1329
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain
root priveleges via a long command line argument.

Analysis
----------------
ED_PRI CAN-2001-1329 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1330
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1330
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain
root privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-2001-1330 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1332
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1332
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONECTIVA:CLA-2001:384
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
Reference: CONECTIVA:CLA-2001:386
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
Reference: MANDRAKE:MDKSA-2001:048
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3
Reference: SUSE:SuSE-SA:2002:005
Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers
to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1332 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1333
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1333
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONECTIVA:CLA-2001:384
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
Reference: CONECTIVA:CLA-2001:386
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
Reference: MANDRAKE:MDKSA-2001:048
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3
Reference: SUSE:SuSE-SA:2002:005
Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html

Linux CUPS before 1.1.6 does not securely handle temporary files,
possibly due to a symlink vulnerability that could allow local users
to overwrite files.

Analysis
----------------
ED_PRI CAN-2001-1333 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, VAGUE

The vague advisories do not make it clear whether the "insecure file
handling" is due to symlink problems or not.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1335
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1335
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html
Reference: XF:cesarftp-directory-traversal(6606)
Reference: URL:http://www.iss.net/security_center/static/6606.php
Reference: BID:2786
Reference: URL:http://online.securityfocus.com/bid/2786

Directory traversal vulnerability in CesarFTP 0.98b and earlier allows
remote authenticated users (such as anonymous) to read arbitrary files
via a GET with a filename that contains a ...%5c (modified dot dot).

Analysis
----------------
ED_PRI CAN-2001-1335 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1336
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1336
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html
Reference: BID:2785
Reference: URL:http://online.securityfocus.com/bid/2785
Reference: XF:cesarftp-settings-plaintext-password(6608)
Reference: URL:http://www.iss.net/security_center/static/6608.php

CesarFTP 0.98b and earlier stores usernames and passwords in plaintext
in the settings.ini file, which allows attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1336 3
Vendor Acknowledgement:
Content Decisions: DESIGN-WEAK-ENCRYPTION, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: BID:2774
Reference: URL:http://www.securityfocus.com/bid/2774
Reference: XF:ipcchip-http-dos(6594)
Reference: URL:http://www.iss.net/security_center/static/6594.php

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to
cause a denial of service via a long HTTP request.

Analysis
----------------
ED_PRI CAN-2001-1337 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010602 IPC@Chip - Fixes
Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: CERT-VN:VU#198979
Reference: URL:http://www.kb.cert.org/vuls/id/198979
Reference: BID:2773
Reference: URL:http://www.securityfocus.com/bid/2773
Reference: XF:ipcchip-telnet-verify-account(6595)
Reference: URL:http://www.iss.net/security_center/static/6595.php

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses
when given valid and invalid login names, which allows remote
attackers to determine accounts on the system.

Analysis
----------------
ED_PRI CAN-2001-1338 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010602 IPC@Chip - Fixes
Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: CERT-VN:VU#198979
Reference: URL:http://www.kb.cert.org/vuls/id/198979
Reference: BID:2771
Reference: URL:http://www.securityfocus.com/bid/2771
Reference: XF:ipcchip-telnet-bruteforce-passwords(6605)
Reference: URL:http://www.iss.net/security_center/static/6605.php

Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect
users from the service when bas passwords are entered, which makes it
easier for remote attackers to conduct brute force password guessing
attacks.

Analysis
----------------
ED_PRI CAN-2001-1339 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1340
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010602 IPC@Chip - Fixes
Reference: URL:http://www.securityfocus.com/archive/1/188219
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: CERT-VN:VU#756019
Reference: URL:http://www.kb.cert.org/vuls/id/756019
Reference: XF:ipcchip-telnet-admin-lockout(6596)
Reference: URL:http://www.iss.net/security_center/static/6596.php
Reference: BID:2772
Reference: URL:http://www.securityfocus.com/bid/2772

Beck GmbH IPC@Chip TelnetD service supports only one connection and
does not disconnect a user who does not complete the login process,
which allows remote attackers to lock out the administrator account by
connecting to the service.

Analysis
----------------
ED_PRI CAN-2001-1340 3
Vendor Acknowledgement:
Content Decisions: CF, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1341
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1341
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010602 IPC@Chip - Fixes
Reference: URL:http://www.securityfocus.com/archive/1/188219
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: CERT-VN:VU#574739
Reference: URL:http://www.kb.cert.org/vuls/id/574739
Reference: BID:2767
Reference: URL:http://www.securityfocus.com/bid/2767
Reference: XF:ipcchip-chipcfg-gain-information(6600)
Reference: URL:http://www.iss.net/security_center/static/6600.php

The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi
program by default, which allows remote attackers to obtain sensitive
network information via a request to the program.

Analysis
----------------
ED_PRI CAN-2001-1341 3
Vendor Acknowledgement:
Content Decisions: CF-DEFAULT

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1343
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1343
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010612 bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
Reference: BID:2861
Reference: URL:http://www.securityfocus.com/bid/2861
Reference: XF:webstore-cgi-command-execution(6685)
Reference: URL:http://xforce.iss.net/static/6685.php

ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated
WebStore administrators to execute arbitrary code via shell
metacharacters in the kill parameter.

Analysis
----------------
ED_PRI CAN-2001-1343 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1344
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1344
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010612 bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
Reference: BID:2860
Reference: URL:http://www.securityfocus.com/bid/2860
Reference: XF:webstore-cgi-command-execution(6685)
Reference: URL:http://xforce.iss.net/static/6685.php

WSSecurity.pl in WebStore allows remote attackers to bypass
authentication by providing the program with a filename that exists,
which is made easier by (1) inserting a null character or (2) .. (dot
dot).

Analysis
----------------
ED_PRI CAN-2001-1344 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting issues of different types.
In this case, the "filename that exists" is made easier by directory
traversal/null character techniques, but it could still be a problem
if the directory traversal issues were fixed. However, the issues are
closely related.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1346
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1346
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010518 tmp-races in ARCservIT Unix Client
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html
Reference: BID:2748
Reference: URL:http://online.securityfocus.com/bid/2748
Reference: BID:2741
Reference: URL:http://online.securityfocus.com/bid/2741

Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT)
allows local users to overwrite arbitrary files via a symlink attack
on the temporary files (1) asagent.tmp or (2) inetd.tmp.

Analysis
----------------
ED_PRI CAN-2001-1346 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1347
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html
Reference: XF:win2k-debug-elevate-privileges(6590)
Reference: URL:http://www.iss.net/security_center/static/6590.php
Reference: BID:2764
Reference: URL:http://www.securityfocus.com/bid/2764

Windows 2000 allows local users to cause a denial of service and
possibly gain privileges by setting a hardware breakpoint that is
handled using global debug registers, which could cause other
processes to terminate due to an exception, and allow hijacking of
resources such as named pipes.

Analysis
----------------
ED_PRI CAN-2001-1347 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010528 TWIG SQL query bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0260.html
Reference: MISC:http://twig.screwdriver.net/index.php3
Reference: XF:twig-webmail-query-modification(6619)
Reference: URL:http://www.iss.net/security_center/static/6619.php
Reference: BID:2791
Reference: URL:http://www.securityfocus.com/bid/2791

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized
database operations via a SQL injection attack on the id parameter.

Analysis
----------------
ED_PRI CAN-2001-1348 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the vendor's News page contains an entry dated July
3, 2001, which states "TWIG 2.7.0 has been released, this release
includes several security fixes... check the CHANGELOG for a complete
list of changes." However, the CHANGELOG for 2.7.0 has no details, and
indeed does not mention security at all. There is not sufficient
evidence to know that the vendor fixed *these* problems.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007