|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [TECH] Candidates with enough votes - but no vendor confirmation!
All, The following 26 candidates have enough votes to become official entries. However, the vendor does not appear to have confirmed that they exist. Last week at the Board meeting, attendees suggested that voters shouldn't ACCEPT a candidate unless they are reasonably certain that the problem is real. Given that there is no apparent vendor confirmation, these 26 candidates will need support from other sources. Can anyone confirm any of these problems? Do you trust the sources? If so, please use an ACCEPT vote for the candidate, and include your reason for why you believe the problem is real. Note that these 26 candidates represent 33% of the 78 candidates that were ready to move to Interim Decision without voting confirmation. The other 52 candidates have vendor confirmation, so I am comfortable with moving them to Interim Decision. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the moderator to determine whether or not a candidate is added to CVE. Where there is disagreement, the moderator must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ================================= Candidate: CAN-1999-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990808 stdcm_convert Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org Reference: XF:sun-stdcm-convert Reference: BID:575 stdcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. INFERRED ACTION: CAN-1999-0676 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(1) Christey Comments: Frech> CHGREF XF:sun-sdtcm-convert Frech> CHGREF BUGTRAQ:19990808 sdtcm_convert Frech> Description needs to be changed to sdtcm_convert Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0711 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1 Reference: XF:oracle-oratclsh The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. Modifications: CHANGEREF BUGTRAQ [add date] INFERRED ACTION: CAN-1999-0711 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech NOOP(1) Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Multiple verifications in Bugtraq. VOTE: ================================= Candidate: CAN-1999-0720 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl Reference: BID:597 Reference: XF:linux-pt-chown The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. Modifications: ADDREF BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x ADDREF URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl INFERRED ACTION: CAN-1999-0720 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Frech MODIFY(1) Stracener NOOP(1) Christey Comments: Stracener> Add Ref: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD Stracener> / lynx / Stracener> vlock / mc / glibc 2.0.x Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0747 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net Reference: BID:589 Reference: XF:bsdi-smp-dos Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. Modifications: CHANGEREF BUGTRAQ [add date] INFERRED ACTION: CAN-1999-0747 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Frech MODIFY(1) Stracener NOOP(1) Christey Comments: Stracener> Add a date to the Ref above: BUGTRAQ:19990817 Symmetric... Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0773 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017 Reference: XF:sol-lpset-bo Buffer overflow in Solaris lpset program allows local users to gain root access. INFERRED ACTION: CAN-1999-0773 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech NOOP(1) Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Posted by UNYUN of Shadow Penguin Security. VOTE: ================================= Candidate: CAN-1999-0776 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: NTBUGTRAQ:19990506 ".."-hole in Alibaba 2.0 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533 Reference: XF:http-alibaba-dotdot Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0776 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Stracener, Frech NOOP(2) Cole, Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Posted by Arne Vidstrom. VOTE: ================================= Candidate: CAN-1999-0780 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-klock-process-kill KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. Modifications: ADDREF XF:kde-klock-process-kill INFERRED ACTION: CAN-1999-0780 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:kde-klock-process-kill Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0781 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-klock-bindir-trojans KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. Modifications: ADDREF XF:kde-klock-bindir-trojans INFERRED ACTION: CAN-1999-0781 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:kde-klock-bindir-trojans Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0782 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-kppp-directory-create KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. Modifications: ADDREF XF:kde-kppp-directory-create INFERRED ACTION: CAN-1999-0782 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(1) Christey Comments: Frech> kde-kppp-directory-create Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0803 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2 Reference: XF:ibm-enfirewall-tmpfiles The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. Modifications: CHANGEREF BUGTRAQ [add date] ADDREF XF:ibm-enfirewall-tmpfiles INFERRED ACTION: CAN-1999-0803 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:ibm-efirewall-tmpfiles Frech> BUGTRAQ: add 19990525 Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Poster claims that APAR (IR39562) was created. VOTE: ================================= Candidate: CAN-1999-0816 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621 Reference: XF:motorola-cable-default-pass The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. Modifications: ADDREF XF:motorola-cable-default-pass CONTENT-DECISIONS: CF-DEF-PASS INFERRED ACTION: CAN-1999-0816 ACCEPT (3 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:motorola-cable-default-pass Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0885 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 More Alibaba Web Server problems... Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-11-01&msg=01BF261F.928821E0.kerb@fnusa.com Reference: BID:770 Reference: XF:alibaba-url-file-manipulation Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. Modifications: ADDREF XF:alibaba-url-file-manipulation INFERRED ACTION: CAN-1999-0885 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Frech NOOP(2) Cole, Christey Comments: Frech> XF:alibaba-url-file-manipulation Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0895 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net Firewall-1 does not properly restrict access to LDAP attributes. INFERRED ACTION: CAN-1999-0895 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:checkpoint-ldap-auth Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0897 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990908 bug in iChat 3.0 (maybe others) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2 Reference: XF:ichat-file-read-vuln iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:ichat-file-read-vuln INFERRED ACTION: CAN-1999-0897 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Frech NOOP(2) Cole, Christey Comments: Frech> XF:ichat-file-read-vuln Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Two Bugtraq followups claim the problem has been fixed. VOTE: ================================= Candidate: CAN-1999-0913 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990804 NSW Dragon Fire gets drowned Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=93383593909438&w=2 Reference: BID:564 dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. INFERRED ACTION: CAN-1999-0913 SMC_REVIEW (3 accept, 1 review) Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Frech NOOP(1) Cole REVIEWING(1) Christey Comments: Frech> XF:dragon-fire-ids-metachar Christey> Some voters should use ABSTAIN. VOTE: ================================= Candidate: CAN-1999-0919 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621 Reference: XF:motorola-cable-crash A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. Modifications: ADDREF XF:motorola-cable-crash INFERRED ACTION: CAN-1999-0919 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Stracener, Christey Comments: Frech> XF:motorola-cable-crash Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-1999-0958 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2 sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0958 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Meunier NOOP(1) Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Independent confirmation in Bugtraq followups, and one poster Christey> claims that a patch has been released. VOTE: ================================= Candidate: CAN-1999-0961 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2 HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. INFERRED ACTION: CAN-1999-0961 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Meunier NOOP(1) Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Verified by two posters in Bugtraq followups. VOTE: ================================= Candidate: CAN-1999-0997 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991221 Category: unknown Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. INFERRED ACTION: CAN-1999-0997 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:wuftp-ftp-conversion Christey> This candidate is unconfirmed by the vendor. Christey> XF:wuftp-ftp-conversion does not exist. Christey> Christey> Posted by suid@suid.kg. See http://www.suid.edu/advisories/001.txt Christey> for details. VOTE: ================================= Candidate: CAN-1999-1005 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991219 Groupewise Web Interface Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2 Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. INFERRED ACTION: CAN-1999-1005 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Christey Comments: Frech> XF:groupwise-web-read-files Christey> This candidate is unconfirmed by the vendor. Christey> XF:groupwise-web-read-files does not exist. Christey> Christey> Multiple Bugtraq followups indicate the problem may be more Christey> severe than the current CVE description indicates. VOTE: ================================= Candidate: CAN-1999-1007 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2 Reference: BID:872 Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. INFERRED ACTION: CAN-1999-1007 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:vdolive-bo-execute Christey> This candidate is unconfirmed by the vendor. Christey> XF:vdolive-bo-execute does not exist. Christey> Christey> Posted by UNYUN of Shadow Penguin Security. VOTE: ================================= Candidate: CAN-1999-1008 Published: Final-Decision: Interim-Decision: Modified: 20000313-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2 Reference: BID:871 xsoldier program allows local users to gain root access via a long argument. INFERRED ACTION: CAN-1999-1008 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Christey Comments: Frech> XF:unix-xsoldier-overflow Christey> Confirmed in freebsd-security mailing list. VOTE: ================================= Candidate: CAN-1999-1010 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2 An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. INFERRED ACTION: CAN-1999-1010 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Christey Comments: Frech> XF:ssh-policy-bypass Christey> This candidate is unconfirmed by the vendor. VOTE: ================================= Candidate: CAN-2000-0139 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: BID:982 Reference: URL:http://www.securityfocus.com/bid/982 Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. INFERRED ACTION: CAN-2000-0139 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(2) LeBlanc, Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP. VOTE: ================================= Candidate: CAN-2000-0140 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: BID:980 Reference: URL:http://www.securityfocus.com/bid/980 Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. INFERRED ACTION: CAN-2000-0140 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(2) LeBlanc, Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP. VOTE: ================================= Candidate: CAN-2000-0144 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a Reference: BID:971 Reference: URL:http://www.securityfocus.com/bid/971 Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0144 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(2) LeBlanc, Christey Comments: Christey> Poster claims that the vendor has issued a patch. VOTE:
|
||||
