[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2001-005 - 39 candidates



I am proposing cluster MISC-2001-005 for review and voting by the
Editorial Board.

Name: MISC-2001-005
Description: Misc. candidates announced between 1998/05/02 and 2001/10/30
Size: 39

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-1570
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1570
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020611
Category: SF
Reference: VULN-DEV:20020509 Sar -o exploitation process info.
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102098949103708&w=2
Reference: BUGTRAQ:19990909 19 SCO 5.0.5+Skunware98 buffer overflows
Reference: URL:http://online.securityfocus.com/archive/1/27074
Reference: CALDERA:CSSA-2002-SCO.17
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt
Reference: BID:4089
Reference: URL:http://www.securityfocus.com/bid/4089
Reference: XF:openserver-sar-bo(8989)
Reference: URL:http://www.iss.net/security_center/static/8989.php

Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain
root privileges via a long -o parameter.

Analysis
----------------
ED_PRI CAN-1999-1570 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1211
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20001222 Zope DTML Role Issue
Reference: REDHAT:RHSA-2000:125
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert
Reference: MANDRAKE:MDKSA-2000:083
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3

Zope 2.2.0 through 2.2.4 does not properly perform security
registration for legacy names of object constructors such as DTML
method objects, which could allow attackers to perform unauthorized
activities.

Analysis
----------------
ED_PRI CAN-2000-1211 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1212
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: MANDRAKE:MDKSA-2000:086
Reference: CONECTIVA:CLA-2000:365
Reference: DEBIAN:DSA-007
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
Reference: REDHAT:RHSA-2000:135
Reference: XF:zope-image-file(5778)

Zope 2.2.0 through 2.2.4 does not properly protect a data updating
method on Image and File objects, which allows attackers with DTML
editing privileges to modify the raw data of these objects.

Analysis
----------------
ED_PRI CAN-2000-1212 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1385
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852
Reference: REDHAT:RHSA-2000:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: BID:2205
Reference: URL:http://online.securityfocus.com/bid/2205
Reference: XF:php-view-source-code(5939)
Reference: URL:http://www.iss.net/security_center/static/5939.php

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with
the 'engine = off' option for a virtual host, may disable PHP for
other virtual hosts, which could cause Apache to serve the source code
of PHP scripts.

Analysis
----------------
ED_PRI CAN-2001-1385 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1391
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19
allows users to modify kernel memory.

Analysis
----------------
ED_PRI CAN-2001-1391 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1406
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset"
bit when a bug is moved between product groups, which will cause the
bug to have the old group's restrictions, which might not be as
stringent.

Analysis
----------------
ED_PRI CAN-2001-1406 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html

Bugzilla before 2.14 allows Bugzilla users to bypass group security
checks by marking a bug as the duplicate of a restricted bug, which
adds the user to the CC list of the restricted bug and allows the user
to view the bug.

Analysis
----------------
ED_PRI CAN-2001-1407 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-1569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1569
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20010716 Quake client and server denial-of-service
Reference: URL:http://www.securityfocus.com/archive/1/197268
Reference: BUGTRAQ:19981101 Quake problem?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91012172524181&w=2
Reference: BUGTRAQ:19980502 NetQuake Protocol problem resulting in smurf like effect.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925989&w=2
Reference: XF:quake-spoofed-client-dos(6871)
Reference: URL:http://xforce.iss.net/static/6871.php
Reference: BID:3051
Reference: URL:http://www.securityfocus.com/bid/3051

Quake 1 and NetQuake servers allow remote attackers to cause a denial
of service (resource exhaustion or forced disconnection) via a flood
of spoofed UDP connection packets, which exceeds the server's player
limit.

Analysis
----------------
ED_PRI CAN-1999-1569 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1203
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020131
Category: SF
Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2
Reference: BUGTRAQ:20010820 Lotus Domino DoS
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1
Reference: BUGTRAQ:20010823 Lotus Domino DoS solution
Reference: URL:http://www.securityfocus.com/archive/1/209754
Reference: BID:3212
Reference: URL:http://www.securityfocus.com/bid/3212

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to
cause a denial of service (CPU consumption) by forging an email
message with the sender as bounce@[127.0.0.1] (localhost), which
causes Domino to enter a mail loop.

Analysis
----------------
ED_PRI CAN-2000-1203 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1204
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1204
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/00-10-13

Vulnerability in the mod_vhost_alias virtual hosting module for Apache
1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source
code for CGI programs if the cgi-bin directory is under the document
root.

Analysis
----------------
ED_PRI CAN-2000-1204 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1205
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1205
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://httpd.apache.org/info/css-security/apache_specific.html

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11
allow remote attackers to execute script as other web site visitors
via (1) the printenv CGI, which does not encode its output, (2) pages
generated by the ap_send_error_response function such as a default
404, which does not add an explicit charset, or (3) various messages
that are generated by certain Apache modules or core code.

Analysis
----------------
ED_PRI CAN-2000-1205 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1206
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1206
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020501
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/00-01-07#status

Vulnerability in Apache httpd before 1.3.11, when configured for mass
virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9,
allows remote attackers to retrieve arbitrary files.

Analysis
----------------
ED_PRI CAN-2000-1206 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1207
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1207
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20000930 glibc and userhelper - local root
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97034397026473&w=2
Reference: REDHAT:RHSA-2000:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-075.html
Reference: MANDRAKE:MDKSA-2000:059
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3
Reference: BUGTRAQ:20001003 SuSE: userhelper/usermode
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97063854808796&w=2

userhelper in the usermode package on Red Hat Linux executes
non-setuid programs as root, which does not activate the security
measures in glibc and allows the programs to be exploited via format
string vulnerabilities in glibc via the LANG or LC_ALL environment
variables (CVE-2000-0844).

Analysis
----------------
ED_PRI CAN-2000-1207 3
Vendor Acknowledgement: yes
Content Decisions: INCLUSION

INCLUSION: since this problem deals with an interaction between two
separate components, it is regarded as a different type of issue than
the glibc format string (CVE-2000-0844), and is provided with a
different identifier.  This is also demonstrated by the fact that SuSE
and Mandrake, which were vulnerable to the glibc issue, are not
vulnerable to this one.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1208
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1208
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020731
Category: SF
Reference: BUGTRAQ:20000925 Format strings: bug #1: BSD-lpr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96994604300675&w=2
Reference: REDHAT:RHSA-2000:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-066.html
Reference: MANDRAKE:MDKSA-2000:054
Reference: CONECTIVA:CLSA-2000:321
Reference: BUGTRAQ:20001004 Immunix OS Security Update for lpr
Reference: URL:http://online.securityfocus.com/archive/1/137555
Reference: XF:lpr-checkremote-format-string(5286)
Reference: URL:http://www.iss.net/security_center/static/5286.php
Reference: BID:1711
Reference: URL:http://online.securityfocus.com/bid/1711

Format string vulnerability in startprinting() function of printjob.c
in BSD-based lpr lpd package may allow local users to gain privileges
via an improper syslog call that uses format strings from the
checkremote() call.

Analysis
----------------
ED_PRI CAN-2000-1208 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

INCLUSION: Followup posts suggest that this problem may only be
exploitable by the root user, in which case there would be no
additional privileges gained by exploiting this issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1209
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1209
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020807
Category: SF
Reference: BUGTRAQ:20000710 MSDE / Re: Default Password Database
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96333895000350&w=2
Reference: BUGTRAQ:20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96593218804850&w=2
Reference: BUGTRAQ:20000815 MS-SQL 'sa' user exploit code
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
Reference: BUGTRAQ:20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96644570412692&w=2
Reference: BUGTRAQ:20020522 Opty-Way Enterprise includes MSDE with sa <blank>
Reference: URL:http://online.securityfocus.com/archive/1/273639
Reference: MSKB:Q313418
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418
Reference: MSKB:Q321081
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081
Reference: CONFIRM:http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp
Reference: ISS:20020521 Microsoft SQL Spida Worm Propagation
Reference: CERT-VN:VU#635463
Reference: URL:http://www.kb.cert.org/vuls/id/635463
Reference: COMPAQ:SSRT2195
Reference: BID:4797
Reference: URL:http://online.securityfocus.com/bid/4797
Reference: XF:mssql-no-sapassword(1459)
Reference: URL:http://www.iss.net/security_center/static/1459.php

The "sa" account is installed with a default null password on (1)
Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine
(MSDE) 1.0, including third party packages that use these products
such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager,
and (6) Visio 2000, are installed with a default "sa" account with a
null password, which allows remote attackers to gain privileges,
including worms such as Voyager Alpha Force and Spida.

Analysis
----------------
ED_PRI CAN-2000-1209 3
Vendor Acknowledgement: yes
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1210
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2
Reference: XF:apache-tomcat-file-contents(4205)
Reference: URL:http://www.iss.net/security_center/static/4205.php

Directory traversal vulnerability in source.jsp of Apache Tomcat
before 3.1 allows remote attackers to read arbitrary files via a ..
(dot dot) in the argument to source.jsp.

Analysis
----------------
ED_PRI CAN-2000-1210 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1213
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1213
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ping package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97249980727834&w=2
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97292944103571&w=2
Reference: REDHAT:RHSA-2000:087
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-087.html

ping in iputils before 20001010, as distributed on Red Hat Linux 6.2
through 7J and other operating systems, does not drop privileges after
acquiring a raw socket, which increases ping's exposure to bugs that
otherwise would occur at lower privileges.

Analysis
----------------
ED_PRI CAN-2000-1213 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1214
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1214
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ping package
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97249980727834&w=2
Reference: BUGTRAQ:20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97208562830613&w=2
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97292944103571&w=2
Reference: REDHAT:RHSA-2000:087
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-087.html
Reference: BID:1813
Reference: URL:http://online.securityfocus.com/bid/1813
Reference: XF:ping-buf-bo(5431)
Reference: URL:http://www.iss.net/security_center/static/5431.php

Buffer overflows in the (1) outpack or (2) buf variables of ping in
iputils before 20001010, as distributed on Red Hat Linux 6.2 through
7J and other operating systems, may allow local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2000-1214 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1384
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1384
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914&w=2
Reference: REDHAT:RHSA-2001:129
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-129.html
Reference: REDHAT:RHSA-2001:130
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-130.html
Reference: SUSE:SuSE-SA:2001:036
Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html
Reference: IMMUNIX:IMNX-2001-70-035-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
Reference: CALDERA:CSSA-2001-036.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
Reference: MANDRAKE:MDKSA-2001:079
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php3
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
Reference: ENGARDE:ESA-20011019-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html
Reference: HP:HPSBTL0112-003
Reference: URL:http://online.securityfocus.com/advisories/3713
Reference: BUGTRAQ:20011019 TSLSA-2001-0028
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2
Reference: BID:3447
Reference: URL:http://online.securityfocus.com/bid/3447
Reference: XF:linux-ptrace-race-condition(7311)
Reference: URL:http://www.iss.net/security_center/static/7311.php

ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows
local users to gain root privileges by running ptrace on a setuid or
setgid program that itself calls an unprivileged program, such as
newgrp.

Analysis
----------------
ED_PRI CAN-2001-1384 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

ABSTRACTION: AIX was reported to have a similar-sounding issue in
CAN-1999-1079.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1386
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194442
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:http://www.iss.net/security_center/static/6760.php
Reference: BID:2957
Reference: URL:http://www.securityfocus.com/bid/2957

WFTPD 3.00 allows remote attackers to read arbitrary files by
uploading a (link) file that ends in a ".lnk." extension, which
bypasses WFTPD's check for a ".lnk" extension.

Analysis
----------------
ED_PRI CAN-2001-1386 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1387
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1387
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: REDHAT:RHSA-2001:144
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-144.html
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500

iptables-save in iptables before 1.2.4 records the "--reject-with
icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes
iptables to generate different responses than specified by the
administrator, possibly leading to an information leak.

Analysis
----------------
ED_PRI CAN-2001-1387 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1388
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: REDHAT:RHSA-2001:144
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-144.html
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325

iptables before 1.2.4 does not accurately convert rate limits that are
specified on the command line, which could allow attackers or users to
generate more or less traffic than intended by the administrator.

Analysis
----------------
ED_PRI CAN-2001-1388 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1389
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20010830 xinetd 2.3.0 audit status
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99913751525583&w=2
Reference: REDHAT:RHSA-2001:109
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-109.html
Reference: IMMUNIX:IMNX-2001-70-033-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01
Reference: ENGARDE:ESA-20011019-03
Reference: CONECTIVA:CLA-2001:416
Reference: MANDRAKE:MDKSA-2001:076
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3
Reference: BID:3257
Reference: URL:http://online.securityfocus.com/bid/3257

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional
variants until 2.3.3, may allow remote attackers to cause a denial of
service or execute arbitrary code, primarily via buffer overflows or
improper NULL termination.

Analysis
----------------
ED_PRI CAN-2001-1389 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: this item is the result of a comprehensive audit that had
a large number of discoveries - not all proven exploitable - and some
detailed descriptions. However, it is not feasible to list all the
variants, and the different vulnerability types are not really covered
in the report. Ironically, the detailed audit report does not have the
type of information needed for CVE content decisions, and thus it is
subject to CD:VAGUE.

ACCURACY: the original audit indicates: "There were, however, certain
issues with patch merging, and the version of xinetd which finally has
all of the fixes (plus some more, by other people) is 2.3.3." Some
advisories only patch up to 2.3.1, so it is not clear whether (a)
there were additional vulnerabilities discovered between 2.3.1 and
2.3.3, and (b) if there *were* vulnerabilities, which vendors
addressed them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1390
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1390
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:18
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Unknown vulnerability in binfmt_misc in the Linux kernel before
2.2.19, related to user pages.

Analysis
----------------
ED_PRI CAN-2001-1390 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1392
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1392
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

The Linux kernel before 2.2.19 does not have unregister calls for (1)
CPUID and (2) MSR drivers, which could cause a DoS (crash) by
unloading and reloading the drivers.

Analysis
----------------
ED_PRI CAN-2001-1392 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

INCLUSION: while the changelog includes this item in the security
notes, it is not clear whether an attacker has any role in causing
these drivers to be loaded or unloaded; if not, then perhaps this item
should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1393
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Unknown vulnerability in classifier code for Linux kernel before
2.2.19 could result in denial of service (hang).

Analysis
----------------
ED_PRI CAN-2001-1393 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION, VAGUE

INCLUSION: while the changelog includes this item in the security
notes, it is not clear whether an attacker has any role in causing the
classifier code to hang; if not, then perhaps this item should not be
included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1394
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel
before 2.2.19 allows local users to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2001-1394 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1395
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Unknown vulnerability in sockfilter for Linux kernel before 2.2.19
related to "boundary cases," with unknown impact.

Analysis
----------------
ED_PRI CAN-2001-1395 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1396
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1396
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Unknown vulnerabilities in strnlen_user for Linux kernel before
2.2.19, with unknown impact.

Analysis
----------------
ED_PRI CAN-2001-1396 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1397
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

The System V (SYS5) shared memory implementation for Linux kernel
before 2.2.19 could allow attackers to modify recently freed memory.

Analysis
----------------
ED_PRI CAN-2001-1397 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, INCLUSION

INCLUSION: the vendors state that it is not known whether this issue
is exploitable or not. At the least, it might make it easier to
conduct an attack on a program that does not properly "zero" memory
that it has recently allocated, but such a program might not function
properly anyway.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1398
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Masquerading code for Linux kernel before 2.2.19 does not fully check
packet lengths in certain cases, which may lead to a vulnerability.

Analysis
----------------
ED_PRI CAN-2001-1398 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, INCLUSION

INCLUSION: the exploitability of this issue is unknown.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1399
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1399
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Certain operations in Linux kernel before 2.2.19 on the x86
architecture copy the wrong number of bytes, which might allow
attackers to modify memory, aka "User access asm bug on x86."

Analysis
----------------
ED_PRI CAN-2001-1399 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1400
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1400
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2
Reference: DEBIAN:DSA-047
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html

Unknown vulnerabilities in the UDP port allocation for Linux kernel
before 2.2.19 could allow local users to cause a denial of service
(deadlock).

Analysis
----------------
ED_PRI CAN-2001-1400 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1401
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=82781
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39531
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39524
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39533
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39526
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39527
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=70189

Bugzilla before 2.14 does not properly restrict access to confidential
bugs, which could allow Bugzilla users to bypass viewing permissions
via modified bug id parameters in (1) process_bug.cgi, (2)
show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5)
showdependencygraph.cgi, (6) showattachment.cgi, or (7)
describecomponents.cgi.

Analysis
----------------
ED_PRI CAN-2001-1401 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1402
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38854
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38855
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=87701
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38859
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39536
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=95235

Bugzilla before 2.14 does not properly escape untrusted parameters,
which could allow remote attackers to conduct unauthorized activities
via cross-site scripting (CSS) and possibly SQL injection attacks on
(1) the product or output form variables for reports.cgi, (2) the
voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid
email address in createaccount.cgi, (4) an invalid ID in
showdependencytree.cgi, (5) invalid usernames and other fields in
process_bug.cgi, and (6) error messages in buglist.cgi.

Analysis
----------------
ED_PRI CAN-2001-1402 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1403
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=15980
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html

Bugzilla before 2.14 includes the username and password in URLs, which
could allow attackers to gain privileges by reading the information
from the web server logs, or by "shoulder-surfing" and observing the
web browser's location bar.

Analysis
----------------
ED_PRI CAN-2001-1403 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1404
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1404
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=74032
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html

Bugzilla before 2.14 stores user passwords in plaintext and sends
password requests in an email message, which could allow attackers to
gain privileges.

Analysis
----------------
ED_PRI CAN-2001-1404 3
Vendor Acknowledgement: yes advisory
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1405
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=54556
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html

Bugzilla before 2.14 does not restrict access to sanitycheck.cgi,
which allows local users to cause a denial of service (CPU
consumption) via a flood of requests to sanitycheck.cgi.

Analysis
----------------
ED_PRI CAN-2001-1405 3
Vendor Acknowledgement: yes advisory
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1408
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1408
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20010705 Cobalt Cube Webmail directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html
Reference: BUGTRAQ:20010818 Cobalt update for my Webmail issue.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html
Reference: XF:cobalt-qube-directory-traversal(6805)
Reference: URL:http://xforce.iss.net/static/6805.php

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in
Cobalt Qube 3 allows remote attackers to read arbitrary files via a ..
(dot dot) in the mailbox parameter.

Analysis
----------------
ED_PRI CAN-2001-1408 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007