|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTE] MOREVOTES-2000-C: Candidates from 2000 needing 1 more vote
Each of the following 24 candidates needs just one more ACCEPT vote. If you can help out, it is appreciated. There are 4 other messages similar to this one, with different candidates. Feel free to pick one at random if you don't have the time to vote on them all. It is strongly preferred that you get your votes in by October 9. Thanks, - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0576 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0576 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html Reference: BID:1427 Reference: URL:http://www.securityfocus.com/bid/1427 Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. INFERRED ACTION: CAN-2000-0576 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych Comments: Frech> XF:oracle-web-listener-dos(4874) VOTE: ====================================================== Candidate: CAN-2000-0578 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0578 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1412 Reference: URL:http://www.securityfocus.com/bid/1412 SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. INFERRED ACTION: CAN-2000-0578 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych Comments: Frech> XF:sgi-mipspro-modify-files(5007) VOTE: ====================================================== Candidate: CAN-2000-0579 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0579 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1413 Reference: URL:http://www.securityfocus.com/bid/1413 IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. INFERRED ACTION: CAN-2000-0579 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych Comments: Frech> XF:irix-cron-modify-crontab(5008) VOTE: ====================================================== Candidate: CAN-2000-0598 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0598 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html Reference: BID:1395 Reference: URL:http://www.securityfocus.com/bid/1395 Reference: XF:fortech-proxy-telnet-gateway Reference: XF:proxyplus-telnet-gateway Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. INFERRED ACTION: CAN-2000-0598 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych Comments: Frech> DELREF XF:proxyplus-telnet-gateway VOTE: ====================================================== Candidate: CAN-2000-0599 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0599 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html Reference: XF:imesh-tcp-port-overflow Reference: BID:1407 Reference: URL:http://www.securityfocus.com/bid/1407 Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port. INFERRED ACTION: CAN-2000-0599 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Frech, Levy NOOP(3) Wall, Cole, LeBlanc REVIEWING(1) Magdych VOTE: ====================================================== Candidate: CAN-2000-0601 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0601 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000625 LeafChat Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net Reference: XF:irc-leafchat-dos Reference: BID:1396 Reference: URL:http://www.securityfocus.com/bid/1396 LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. INFERRED ACTION: CAN-2000-0601 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Frech, Levy NOOP(3) LeBlanc, Wall, Cole REVIEWING(1) Magdych VOTE: ====================================================== Candidate: CAN-2000-0620 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0620 Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BID:1409 Reference: URL:http://www.securityfocus.com/bid/1409 libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. INFERRED ACTION: CAN-2000-0620 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole REVIEWING(1) Magdych Comments: Frech> XF:libx11-infinite-loop-dos(4996) See also http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-22%26msg%3DPine.LNX.4.21.0006192251480.9945-100000@ferret.lmh.ox.ac.uk, specifically flaw #2. VOTE: ====================================================== Candidate: CAN-2000-0626 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0626 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html Reference: BID:1482 Reference: URL:http://www.securityfocus.com/bid/1482 Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. INFERRED ACTION: CAN-2000-0626 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) LeBlanc, Christey, Wall, Cole Comments: Frech> XF:alibaba-get-dos(4934) Christey> This is in a relatively old Nessus plugin, though the exploit uses POST instead of GET. This was probably discovered earlier than the references indicate. VOTE: ====================================================== Candidate: CAN-2000-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0627 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html Reference: BID:1486 Reference: URL:http://www.securityfocus.com/bid/1486 BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. INFERRED ACTION: CAN-2000-0627 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) LeBlanc, Christey, Wall, Cole Comments: Frech> XF:blackboard-courseinfo-dbase-modification(4946) Christey> Vendor acknowledgement is at: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0 URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com VOTE: ====================================================== Candidate: CAN-2000-0634 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0634 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html Reference: BID:1493 Reference: URL:http://www.securityfocus.com/bid/1493 The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0634 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:communigate-pro-file-read(5105) VOTE: ====================================================== Candidate: CAN-2000-0636 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0636 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html Reference: BID:1491 Reference: URL:http://www.securityfocus.com/bid/1491 HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. INFERRED ACTION: CAN-2000-0636 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(2) LeBlanc, Cole REVIEWING(1) Wall Comments: Frech> XF:hp-jetdirect-quote-dos(4947) VOTE: ====================================================== Candidate: CAN-2000-0640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0640 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1452 Reference: URL:http://www.securityfocus.com/bid/1452 Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not. INFERRED ACTION: CAN-2000-0640 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:guild-ftpd-disclosure(4922) VOTE: ====================================================== Candidate: CAN-2000-0641 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0641 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1453 Reference: URL:http://www.securityfocus.com/bid/1453 Savant web server allows remote attackers to execute arbitrary commands via a long GET request. INFERRED ACTION: CAN-2000-0641 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:savant-get-bo(4901) VOTE: ====================================================== Candidate: CAN-2000-0642 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0642 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: CF Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1497 Reference: URL:http://www.securityfocus.com/bid/1497 The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page. INFERRED ACTION: CAN-2000-0642 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(2) LeBlanc, Cole REVIEWING(1) Wall Comments: Frech> XF:webactive-active-log(5184) VOTE: ====================================================== Candidate: CAN-2000-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0643 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1470 Reference: URL:http://www.securityfocus.com/bid/1470 Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-2000-0643 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:webactive-long-get-dos(4949) VOTE: ====================================================== Candidate: CAN-2000-0644 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0644 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. INFERRED ACTION: CAN-2000-0644 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:wftpd-stat-dos(5003) VOTE: ====================================================== Candidate: CAN-2000-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0651 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com Reference: BID:1440 Reference: URL:http://www.securityfocus.com/bid/1440 The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine. INFERRED ACTION: CAN-2000-0651 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:novell-bordermanager-verification(5186) VOTE: ====================================================== Candidate: CAN-2000-0652 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0652 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html Reference: BID:1500 Reference: URL:http://www.securityfocus.com/bid/1500 IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. INFERRED ACTION: CAN-2000-0652 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) LeBlanc, Christey, Wall, Cole Comments: Frech> F:websphere-showcode(5012) Christey> The discoverers claim that APAR PQ39857 fixes the problem, but it could not be found on: http://www-4.ibm.com/software/webservers/appserv/efix.html VOTE: ====================================================== Candidate: CAN-2000-0661 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0661 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html Reference: BID:1448 Reference: URL:http://www.securityfocus.com/bid/1448 WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port. INFERRED ACTION: CAN-2000-0661 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:wircsrv-character-flood-dos(4914) VOTE: ====================================================== Candidate: CAN-2000-0665 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0665 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html Reference: BID:1478 Reference: URL:http://www.securityfocus.com/bid/1478 AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. INFERRED ACTION: CAN-2000-0665 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) LeBlanc, Christey, Wall, Cole Comments: Frech> XF:gamsoft-telsrv-dos(4945) Christey> Change vendor name to "GAMSoft" ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html This is an additional impact of the same DoS described in the earlier NTBUGTRAQ post. VOTE: ====================================================== Candidate: CAN-2000-0669 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0669 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au Reference: BID:1467 Reference: URL:http://www.securityfocus.com/bid/1467 Novell Netware 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. INFERRED ACTION: CAN-2000-0669 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:netware-port40193-dos(4932) In the description, correct spelling is NetWare. VOTE: ====================================================== Candidate: CAN-2000-0674 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0674 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000712 ftp.pl vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html Reference: BID:1471 Reference: URL:http://www.securityfocus.com/bid/1471 ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0674 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:virtualvision-ftp-browser(5187) VOTE: ====================================================== Candidate: CAN-2000-0675 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0675 Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion Reference: BID:1477 Reference: URL:http://www.securityfocus.com/bid/1477 Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string. INFERRED ACTION: CAN-2000-0675 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:gatekeeper-long-string-bo(4948) VOTE: ====================================================== Candidate: CAN-2000-0677 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0677 Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000823 Category: SF Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program. Reference: URL:http://xforce.iss.net/alerts/ Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. INFERRED ACTION: CAN-2000-0677 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE:
|
||||
