|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTE] MOREVOTES-2000-B: Candidates from 2000 needing 1 more vote
Each of the following 25 candidates needs just one more ACCEPT vote. If you can help out, it is appreciated. There are 4 other messages similar to this one, with different candidates. Feel free to pick one at random if you don't have the time to vote on them all. It is strongly preferred that you get your votes in by October 9. Thanks, - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0340 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub Reference: BID:1155 Reference: URL:http://www.securityfocus.com/bid/1155 Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. INFERRED ACTION: CAN-2000-0340 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, Armstrong Comments: Frech> XF:linux-gnomelib-bo VOTE: ====================================================== Candidate: CAN-2000-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0341 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. INFERRED ACTION: CAN-2000-0341 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, Armstrong Comments: Frech> XF:nntpserver-cassandra-bo VOTE: ====================================================== Candidate: CAN-2000-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0344 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000501 Linux knfsd DoS issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk Reference: BID:1160 Reference: URL:http://www.securityfocus.com/bid/1160 The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. INFERRED ACTION: CAN-2000-0344 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Christey, Wall, Cole, Armstrong Comments: Christey> ADDREF XF:linux-knfsd-dos Frech> XF:linux-knfsd-dos VOTE: ====================================================== Candidate: CAN-2000-0458 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0458 Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: XF:imp-tmpfile-view The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. INFERRED ACTION: CAN-2000-0458 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Ozancin NOOP(4) Prosser, Christey, Cole, Stracener Comments: Christey> ADDREF BID:1360 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] VOTE: ====================================================== Candidate: CAN-2000-0459 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0459 Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: XF:imp-wordfile-dos IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. INFERRED ACTION: CAN-2000-0459 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Ozancin NOOP(4) Prosser, Christey, Cole, Stracener Comments: Christey> ADDREF BID:1361 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] VOTE: ====================================================== Candidate: CAN-2000-0470 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0470 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html Reference: BID:1290 Reference: URL:http://www.securityfocus.com/bid/1290 Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. INFERRED ACTION: CAN-2000-0470 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:rompager-malformed-dos(4588) VOTE: ====================================================== Candidate: CAN-2000-0471 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0471 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html Reference: BID:1348 Reference: URL:http://www.securityfocus.com/bid/1348 Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. INFERRED ACTION: CAN-2000-0471 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:sol-ufsrestore-bo Frech> XF:sol-ufsrestore-bo(4711) VOTE: ====================================================== Candidate: CAN-2000-0484 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0484 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2 Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2 Reference: BID:1355 Reference: URL:http://www.securityfocus.com/bid/1355 Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request. INFERRED ACTION: CAN-2000-0484 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:small-http-get-overflow-dos Frech> XF:small-http-get-overflow-dos(4692) VOTE: ====================================================== Candidate: CAN-2000-0488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0488 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html Reference: BID:1285 Reference: URL:http://www.securityfocus.com/bid/1285 Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. INFERRED ACTION: CAN-2000-0488 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:ithouse-rcpt-overflow(4580) VOTE: ====================================================== Candidate: CAN-2000-0490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0490 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 Netwin's Dmail package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html Reference: BID:1297 Reference: URL:http://www.securityfocus.com/bid/1297 Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. INFERRED ACTION: CAN-2000-0490 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XFdmail-etrn-dos(4579) VOTE: ====================================================== Candidate: CAN-2000-0494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0494 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html Reference: BID:1356 Reference: URL:http://www.securityfocus.com/bid/1356 Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. INFERRED ACTION: CAN-2000-0494 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Comments: Frech> XF:veritas-volume-manager(5009) VOTE: ====================================================== Candidate: CAN-2000-0498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0498 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. INFERRED ACTION: CAN-2000-0498 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:ewave-servletexec-jsp-source-read(4649) VOTE: ====================================================== Candidate: CAN-2000-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0501 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html Reference: BID:1366 Reference: URL:http://www.securityfocus.com/bid/1366 Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. INFERRED ACTION: CAN-2000-0501 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:mdaemon-pass-dos Frech> XF:mdaemon-pass-dos(4745) VOTE: ====================================================== Candidate: CAN-2000-0504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0504 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 XFree86: libICE DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html Reference: BID:1369 Reference: URL:http://www.securityfocus.com/bid/1369 libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. INFERRED ACTION: CAN-2000-0504 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:linux-libice-dos Frech> XF:linux-libice-dos(4761) VOTE: ====================================================== Candidate: CAN-2000-0507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0507 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2 Reference: BID:1286 Reference: URL:http://www.securityfocus.com/bid/1286 Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. INFERRED ACTION: CAN-2000-0507 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:nt-webmail-dos(4586) VOTE: ====================================================== Candidate: CAN-2000-0523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0523 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html Reference: BID:1315 Reference: URL:http://www.securityfocus.com/bid/1315 Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. INFERRED ACTION: CAN-2000-0523 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:eserv-logging-overflow(4614) VOTE: ====================================================== Candidate: CAN-2000-0541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0541 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html Reference: BID:1359 Reference: URL:http://www.securityfocus.com/bid/1359 The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. INFERRED ACTION: CAN-2000-0541 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:panda-antivirus-remote-admin Frech> XF:panda-antivirus-remote-admin(4707) VOTE: ====================================================== Candidate: CAN-2000-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0542 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html Reference: BID:1345 Reference: URL:http://www.securityfocus.com/bid/1345 Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. INFERRED ACTION: CAN-2000-0542 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Christey, Wall, LeBlanc, Ozancin Comments: Christey> XF:tigris-radius-login-failure Frech> XF:tigris-radius-login-failure(4705) VOTE: ====================================================== Candidate: CAN-2000-0543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0543 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html Reference: BID:1343 Reference: URL:http://www.securityfocus.com/bid/1343 The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000. INFERRED ACTION: CAN-2000-0543 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:pgp-cert-server-dos Frech> XF:pgp-cert-server-dos(4695) VOTE: ====================================================== Candidate: CAN-2000-0557 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0557 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html Reference: BID:1318 Reference: URL:http://www.securityfocus.com/bid/1318 Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. INFERRED ACTION: CAN-2000-0557 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:cmail-get-overflow-execute(4626) VOTE: ====================================================== Candidate: CAN-2000-0561 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0561 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html Reference: BID:1365 Reference: URL:http://www.securityfocus.com/bid/1365 Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. INFERRED ACTION: CAN-2000-0561 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Christey> XF:webbbs-get-request-overflow Frech> XF:webbbs-get-request-overflow(4742) VOTE: ====================================================== Candidate: CAN-2000-0562 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0562 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower. INFERRED ACTION: CAN-2000-0562 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Comments: Levy> What do others think? Should this be a vuln? I can see the argument that some features are simply not available unless you use the maximum security settings. Christey> At the very least, this needs to be modified to state that this problem/concern applies to high ports in general, not just Back orifice. The Bugtraq poster claims that BlackICE "shuts down" the port, but only *after* some initial traffic "leaks" out. This may be by design, but it does mean that there is a small window of opportunity in which BlackICE may not work "as advertised," even at lower security settings. Christey> XF:blackice-security-level-nervous BID:1389 Frech> XF:blackice-security-level-nervous(4777) CHANGE> [Levy changed vote from REVIEWING to ACCEPT] VOTE: ====================================================== Candidate: CAN-2000-0565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0565 Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html Reference: BID:1344 Reference: URL:http://www.securityfocus.com/bid/1344 SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0565 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Christey, Wall, LeBlanc, Ozancin Comments: Christey> XF:smartftp-directory-traversal Frech> XF:smartftp-directory-traversal(4706) VOTE: ====================================================== Candidate: CAN-2000-0568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0568 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se Reference: XF:sybergen-routing-table-modify Reference: BID:1417 Reference: URL:http://www.securityfocus.com/bid/1417 Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes. INFERRED ACTION: CAN-2000-0568 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Frech, Levy NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych VOTE: ====================================================== Candidate: CAN-2000-0569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0569 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html Reference: BID:1420 Reference: URL:http://www.securityfocus.com/bid/1420 Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface. INFERRED ACTION: CAN-2000-0569 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych Comments: Frech> XF:sygate-udp-packet-dos(5049) VOTE:
|
||||
