[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2001-003 - 36 candidates



I am proposing cluster MISC-2001-003 for review and voting by the
Editorial Board.

Name: MISC-2001-003
Description: Misc. Candidates announced between 8/3/2001 and 12/6/2001
Size: 36

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.
Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-1227
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1227
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: REDHAT:RHSA-2001:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-115.html
Reference: MANDRAKE:MDKSA-2001:080
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
Reference: BID:3425
Reference: URL:http://online.securityfocus.com/bid/3425

Zope before 2.2.4 allows partially trusted users to bypass security
controls for certain methods by accessing the methods through the fmt
attribute of dtml-var tags.

Analysis
----------------
ED_PRI CAN-2001-1227 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1231
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1231
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010814 Fwd: Security Alert: Groupwise - Action Required
Reference: URL:http://www.securityfocus.com/archive/1/204672
Reference: CONFIRM:http://support.novell.com/padlock/details.htm
Reference: XF:novell-groupwise-admin-privileges(6998)
Reference: URL:http://xforce.iss.net/static/6998.php
Reference: BID:3189
Reference: URL:http://www.securityfocus.com/bid/3189

GroupWise 5.5 and 6 running in live remove or smart caching mode
allows remote attackers to read arbitrary users' mailboxes by
extracting usernames and passwords from sniffed network traffic, as
addressed by the "Padlock" fix.

Analysis
----------------
ED_PRI CAN-2001-1231 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1234
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1234
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: CONFIRM:http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
Reference: BID:3397
Reference: URL:http://www.securityfocus.com/bid/3397
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote
attackers to execute arbitrary code by including files from remote web
sites via an HTTP request that modifies the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1234 1
Vendor Acknowledgement: yes patch

ACKNOWLEDGEMENT: The UPGRADING file in the distribution of 1.2.5 says:
"Due to a security fix, you now have to modify index.php if you want
to use the Gallery random photo block for Nuke...  The file you tried
to include is not on the approved file list. To include this file you
must edit Gallery's index.php and add XXX to the $safe_to_include
array."  This clearly addresses the problem that was reported.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1252
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20010928 SNS-43: PGP Keyserver Permissions Misconfiguration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/keyserver.asp
Reference: XF:pgp-keyserver-http-dos(7203)
Reference: URL:http://www.iss.net/security_center/static/7203.php
Reference: BID:3375
Reference: URL:http://online.securityfocus.com/bid/3375

Network Associates PGP Keyserver 7.0 allows remote attackers to bypass
authentication and access the administrative web interface via URLs
that directly access cgi-bin instead of keyserver/cgi-bin for the
programs (1) console, (2) cs, (3) multi_config and (4) directory.

Analysis
----------------
ED_PRI CAN-2001-1252 1
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: the PGP advisory is referenced by the discloser.
While it does not provide quite enough details to be certain that it's
addressing the same problem, and advisory has no date to "line up"
with the Bugtraq post, the poster is credited at the end of the
advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: REDHAT:RHSA-2001:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-115.html
Reference: MANDRAKE:MDKSA-2001:080
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
Reference: BID:3425
Reference: URL:http://online.securityfocus.com/bid/3425

Zope before 2.2.4 allows partially trusted users to bypass security
controls for certain methods by accessing the methods through the fmt
attribute of dtml-var tags.

Analysis
----------------
ED_PRI CAN-2001-1278 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1295
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1295
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes
Reference: MISC:http://www.securiteam.com/windowsntfocus/5SP0M0055W.html
Reference: XF:cerberus-ftp-directory-traversal(7004)
Reference: URL:http://www.iss.net/security_center/static/7004.php

Directory traversal vulnerability in Cerberus FTP Server 1.5 and
earlier allows remote attackers to read arbitrary files via a .. (dot
dot) in the CD command.

Analysis
----------------
ED_PRI CAN-2001-1295 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the release notes for version 1.6 beta, dated August
29, 2001, say "Fixed a major security bug that allowed unrestricted
access to the server machine by using periods in the change directory
path."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1297
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1297
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=58331
Reference: BID:3384
Reference: URL:http://www.securityfocus.com/bid/3384
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

Actionpoll PHP script before 1.1.2 allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1297 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The change log for 1.1.2 says "Fixed Security Bug"
and references BID:3384, i.e. this item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1299
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1299
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: CONFIRM:http://www.come.to/zorbat/
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JARL-53RJKV
Reference: BID:3386
Reference: URL:http://www.securityfocus.com/bid/3386
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

Zorbat Zorbstats PHP script before 0.9 allows remote attackers to
include arbitrary files from remote web sites via an HTTP request that
sets the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1299 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: On the vendor's home page, an announcement for
Zorbstats 0.9, dated October 21, 2001, says "Security problem
corrected." Normally this is insufficient to be certain that the
vendor is acknowledging *this* problem, but the vendor is also said to
have fixed the issue in a CERT vuilnerability note.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1228
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1228
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: VULN-DEV:20011118 New bugs discovered!
Reference: VULN-DEV:20011120 New bugs, old bugs
Reference: VULN-DEV:20011119 Killing Thread (New bugs discovered!)
Reference: BUGTRAQ:20011230 gzip bug w/ patch..
Reference: URL:http://online.securityfocus.com/archive/1/247717
Reference: MANDRAKE:MDKSA-2002:011
Reference: DEBIAN:DSA-100
Reference: SGI:20020401-01-P
Reference: BID:3712
Reference: URL:http://online.securityfocus.com/bid/3712

Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow
attackers to execute code via a long file name, possibly remotely if
gzip is run on an FTP server.

Analysis
----------------
ED_PRI CAN-2001-1228 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1232
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1232
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010815 Groupwise Webaccess, NetWare web server, and Novell
Reference: URL:http://www.securityfocus.com/archive/1/204875
Reference: XF:netware-get-directory-listing(6988)
Reference: URL:http://xforce.iss.net/static/6988.php
Reference: BID:3188
Reference: URL:http://www.securityfocus.com/bid/3188

GroupWise WebAccess 5.5 with directory indexing enabled allows a
remote attacker to view arbitrary directory contents via an HTTP
request with a lowercase "get".

Analysis
----------------
ED_PRI CAN-2001-1232 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1233
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1233
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20010815 Groupwise Webaccess, NetWare web server, and Novell
Reference: URL:http://www.securityfocus.com/archive/1/204875
Reference: XF:netware-nds-information-leak(6987)
Reference: URL:http://xforce.iss.net/static/6987.php

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with
Novell Directory Services (NDS) enabled allows remote attackers to
enumerate user names, group names and other system information by
accessing ndsobj.nlm.

Analysis
----------------
ED_PRI CAN-2001-1233 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1253
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010927 Two problems with Alexis/InternetPBX from COM2001
Reference: URL:http://online.securityfocus.com/archive/1/217200
Reference: XF:alexis-http-plaintext-information(7205)
Reference: URL:http://www.iss.net/security_center/static/7205.php

Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords
in plain text in the com2001.ini file, which could allow local users
to make long distance calls as other users.

Analysis
----------------
ED_PRI CAN-2001-1253 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010927 Two problems with Alexis/InternetPBX from COM2001
Reference: URL:http://online.securityfocus.com/archive/1/217200
Reference: BID:3373
Reference: URL:http://online.securityfocus.com/bid/3373

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX
sends username and voice mail passwords in the clear via a Java applet
that sends the information to port 8888 of the server, which could
allow remote attackers to steal the passwords via sniffing.

Analysis
----------------
ED_PRI CAN-2001-1254 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 WinMySQLadmin 1.1 Store MySQL password in clear text
Reference: URL:http://online.securityfocus.com/archive/1/217848
Reference: BID:3381
Reference: URL:http://online.securityfocus.com/bid/3381
Reference: XF:winmysqladmin-password-plaintext(7206)
Reference: URL:http://www.iss.net/security_center/static/7206.php

WinMySQLadmin 1.1 stores the MySQL password in plain text in the
my.ini file, which allows local users to obtain unathorized access the
MySQL database.

Analysis
----------------
ED_PRI CAN-2001-1255 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1259
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
Reference: URL:http://online.securityfocus.com/archive/1/202344
Reference: XF:argent-office-udp-dos(6953)
Reference: URL:http://www.iss.net/security_center/static/6953.php

Avaya Argent Office allows remote attackers to cause a denial of
service by sending UDP packets to port 53 with no payload.

Analysis
----------------
ED_PRI CAN-2001-1259 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
Reference: URL:http://online.securityfocus.com/archive/1/202344
Reference: XF:argent-office-weak-encryption(6954)
Reference: URL:http://www.iss.net/security_center/static/6954.php

Avaya Argent Office uses weak encryption (trivial encoding) for
passwords, which allows remote attackers to gain administrator
privileges by sniffing and decrypting the sniffing the passwords
during a system reboot.

Analysis
----------------
ED_PRI CAN-2001-1260 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1261
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
Reference: URL:http://online.securityfocus.com/archive/1/202344
Reference: XF:argent-office-change-music(6956)
Reference: URL:http://www.iss.net/security_center/static/6956.php

Avaya Argent Office 2.1 may allow remote attackers to change hold
music by spoofing a legitimate server's response to a TFTP broadcast
and providing an alternate HoldMusic file.

Analysis
----------------
ED_PRI CAN-2001-1261 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1262
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
Reference: URL:http://online.securityfocus.com/archive/1/202344
Reference: XF:argent-office-community-string(6955)
Reference: URL:http://www.iss.net/security_center/static/6955.php

Avaya Argent Office 2.1 compares a user-provided SNMP community string
with the correct string only up to the length of the user-provided
string, which allows remote attackers to bypass authentication with a
0 length community string.

Analysis
----------------
ED_PRI CAN-2001-1262 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: DEBIAN:DSA-092
Reference: URL:http://www.debian.org/security/2001/dsa-092
Reference: XF:wmtv-execute-commands(7669)
Reference: URL:http://www.iss.net/security_center/static/7669.php
Reference: BID:3658
Reference: URL:http://www.securityfocus.com/bid/3658

wmtv 0.6.5 and earlier does not properly drop privileges, which allows
local users to execute arbitrary commands via the -e (external
command) option.

Analysis
----------------
ED_PRI CAN-2001-1272 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests distinguishing between different types
of problems. Therefore the buffer overflow and symlink problems in
wmtv are separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1280
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Vulnerabilities in Ipswitch IMail Server 7.04
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3424
Reference: URL:http://online.securityfocus.com/bid/3424

POP3 Server for Ipswitch IMail 7.04 and earlier generates different
responses to valid and invalid user names, which allows remote
attackers to determine users on the system.

Analysis
----------------
ED_PRI CAN-2001-1280 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Vulnerabilities in Ipswitch IMail Server 7.04
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3429
Reference: URL:http://online.securityfocus.com/bid/3429

Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote
authenticated users to change information for other users by modifying
the olduser parameter in the "Change User Information" web form.

Analysis
----------------
ED_PRI CAN-2001-1281 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3426
Reference: URL:http://online.securityfocus.com/bid/3426

Ipswitch IMail 7.04 and earlier records the physical path of
attachments in an e-mail message header, which could allow remote
attackers to obtain potentially sensitive configuration information.

Analysis
----------------
ED_PRI CAN-2001-1282 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3427
Reference: URL:http://online.securityfocus.com/bid/3427

The webmail interface for Ipswitch IMail 7.04 and earlier allows
remote authenticated users to cause a denial of service (crash) via a
mailbox name that contains a large number of . (dot) or other
characters to programs such as (1) readmail.cgi or (2) printmail.cgi,
possibly due to a buffer overflow that may allow execution of
arbitrary code.

Analysis
----------------
ED_PRI CAN-2001-1283 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3428
Reference: URL:http://online.securityfocus.com/bid/3428

Ipswitch IMail 7.04 and earlier uses predictable session IDs for
authentication, which allows remote attackers to hijack sessions of
other users.

Analysis
----------------
ED_PRI CAN-2001-1284 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3432
Reference: URL:http://online.securityfocus.com/bid/3432

Directory traversal vulnerability in readmail.cgi for Ipswitch IMail
7.04 and earlier allows remote attackers to access the mailboxes of
other users via a .. (dot dot) in the mbx parameter.

Analysis
----------------
ED_PRI CAN-2001-1285 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
Reference: BUGTRAQ:20020310 IMail Account hijack through the Web Interface
Reference: URL:http://online.securityfocus.com/archive/1/261096
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3432
Reference: URL:http://online.securityfocus.com/bid/3432

Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL,
which could allow remote attackers to hijack sessions by obtaining the
URL, e.g. via an HTML email that causes the Referrer to be sent to a
URL under the attacker's control.

Analysis
----------------
ED_PRI CAN-2001-1286 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011012 def-2001-29
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html
Reference: MISC:http://www.ipswitch.com/Support/IMail/news.html
Reference: BID:3431
Reference: URL:http://online.securityfocus.com/bid/3431

Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier
allows remote attackers to execute arbitrary code via a long HTTP GET
request.

Analysis
----------------
ED_PRI CAN-2001-1287 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's news page includes an entry for "IMail
Server 7.04 Hotfix 1" dated October 10, 2001, which aligns with the
announcement of the IMail 7.04 vulnerabilities. However, the vendor's
descriptions of the vulnerabilities do not make it clear that the
vendor has fixed *these* vulnerabilities; the announcement is too
vague to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1292
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1292
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010813 Sambar Telnet Proxy/Server multiple vulnerablietis
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0160.html
Reference: XF:sambar-telnet-bo(6973)
Reference: URL:http://www.iss.net/security_center/static/6973.php

Sambar Telnet Proxy/Server allows remote attackers to cause a denial
of service and possibly execute arbitrary code via a long password.

Analysis
----------------
ED_PRI CAN-2001-1292 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1293
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010926 3Com(r) HomeConnect(r) Cable Modem    Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0217.html
Reference: CERT-VN:VU#500027
Reference: URL:http://www.kb.cert.org/vuls/id/500027
Reference: BID:3366
Reference: URL:http://online.securityfocus.com/bid/3366

Buffer overflow in web server of 3com HomeConnect Cable Modem External
with USB (#3CR29223) allows remote attackers to cause a denial of
service (crash) via a long HTTP request.

Analysis
----------------
ED_PRI CAN-2001-1293 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

ABSTRACTION: CVE-2001-0740 describes a similar problem, but in
OfficeConnect; in addition, the exploit for OfficeConnect could be a
format string vulnerability and not an overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1294
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0001&L=ntbugtraq&F=P&S=&P=4592
Reference: BUGTRAQ:20010822 AVTronics InetServer DoS and BoF Vulnerabilities
Reference: BID:3224
Reference: URL:http://online.securityfocus.com/bid/3224
Reference: XF:inetserv-webmail-bo(7022)
Reference: URL:http://www.iss.net/security_center/static/7022.php

Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows
remote attackers to cause a denial of service (crash) in the Webmail
interface via a long username and password.

Analysis
----------------
ED_PRI CAN-2001-1294 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, REDISCOVERY

ABSTRACTION: a similar vulnerability was reported in CVE-2000-0065 for
a long request to the webmail interface, and repeated in the
Bugtraq post for this issue. CD:SF-LOC suggests combining problems of
the same type that affect the same version, but there is insufficient
information to know whether the "long request" problem affects the
same versions or not.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php
Reference: BID:3383
Reference: URL:http://www.securityfocus.com/bid/3383

More.groupware PHP script allows remote attackers to include arbitrary
files from remote web sites via an HTTP request that sets the
includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1296 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the release notes dated October 31, 2001 say that the
new release includes "some neat security fixes," but it is unclear
whether the vendor is fixing *this* issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1298
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1298
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://www.securityfocus.com/archive/1/218000
Reference: BID:3385
Reference: URL:http://www.securityfocus.com/bid/3385
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

Webodex PHP script 1.0 and earlier allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.

Analysis
----------------
ED_PRI CAN-2001-1298 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1300
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1300
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: MISC:http://www.securiteam.com/windowsntfocus/5KP0N0A55M.html
Reference: XF:dynuftp-dot-directory-traversal(7045)
Reference: URL:http://www.iss.net/security_center/static/7045.php

Directory traversal vulnerability in Dynu FTP server 1.05 and earlier
allows remote attackers to read arbitrary files via a .. in the CD
(CWD) command.

Analysis
----------------
ED_PRI CAN-2001-1300 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1301
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1301
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010807 rcs2log
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html

rcs2log, as used in Emacs 20.4, xemacs 21.1.10, and possibly other
packages, allows local users to modify files of other users via a
symlink attack on a temporary file.

Analysis
----------------
ED_PRI CAN-2001-1301 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1304
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1304
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010803 Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0048.html
Reference: XF:shoutcast-http-field-bo(6938)
Reference: URL:http://www.iss.net/security_center/static/6938.php

Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to
cause a denial of service (crash) via several HTTP requests with a
long (1) user-agent or (2) host HTTP header.

Analysis
----------------
ED_PRI CAN-2001-1304 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1305
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1305
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99851887024728&w=2
Reference: BID:3226
Reference: URL:http://online.securityfocus.com/bid/3226
Reference: XF:icq-auto-add-user(7028)
Reference: URL:http://www.iss.net/security_center/static/7028.php

ICQ 2001a Alpha and earlier allows remote attackers to automatically
add arbitrary UINs to an ICQ user's contact list via a URL to a web
page with a Content-Type of application/x-icq, which is processed by
Internet Explorer.

Analysis
----------------
ED_PRI CAN-2001-1305 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007