|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-40 - 42 candidates
The following cluster contains 29 candidates that were announced between September 25 and October 4, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0803 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0803 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20000922 Category: SF Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. Analysis ---------------- ED_PRI CAN-2000-0803 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0913 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0913 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html Reference: MANDRAKE:MDKSA-2000:060 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1 Reference: REDHAT:RHSA-2000:088-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088-04.html Reference: CALDERA:CSSA-2000-035.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt Reference: HP:HPSBUX0010-126 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html Reference: BID:1728 Reference: URL:http://www.securityfocus.com/bid/1728 Reference: XF:apache-rewrite-view-files Reference: URL:http://xforce.iss.net/static/5310.php mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. Analysis ---------------- ED_PRI CAN-2000-0913 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0917 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html Reference: CALDERA:CSSA-2000-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt Reference: REDHAT:RHSA-2000:065-06 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065-06.html Reference: FREEBSD:FreeBSD-SA-00:56 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc Reference: XF:lprng-format-string Reference: URL:http://xforce.iss.net/static/5287.php Reference: BID:1712 Reference: URL:http://www.securityfocus.com/bid/1712 Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-0917 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0929 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2 Reference: MS:MS00-068 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp Reference: BID:1714 Reference: URL:http://www.securityfocus.com/bid/1714 Reference: XF:mediaplayer-outlook-dos Reference: URL:http://xforce.iss.net/static/5309.php Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0929 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0933 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0933 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp Reference: BID:1729 Reference: URL:http://www.securityfocus.com/bid/1729 Reference: XF:win2k-simplified-chinese-ime Reference: URL:http://xforce.iss.net/static/5301.php The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0933 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0947 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0947 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html Reference: MANDRAKE:MDKSA-2000:061 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1 Reference: NETBSD:NetBSD-SA2000-013 Reference: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc Reference: BID:1757 Reference: URL:http://www.securityfocus.com/bid/1757 Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. Analysis ---------------- ED_PRI CAN-2000-0947 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0948 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0948 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability Reference: URL:http://www.securityfocus.com/archive/1/136866 Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html Reference: MANDRAKE:MDKSA-2000:055 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0 Reference: REDHAT:RHSA-2000:072-07 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html Reference: BID:1761 Reference: URL:http://www.securityfocus.com/bid/1761 Reference: XF:gnorpm-temp-symlink Reference: URL:http://xforce.iss.net/static/5317.php GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-0948 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0949 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0949 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000928 Very interesting traceroute flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html Reference: CALDERA:CSSA-2000-034.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt Reference: MANDRAKE:MDKSA-2000:053 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1 Reference: REDHAT:RHSA-2000:078-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078-02.html Reference: DEBIAN:20001013 traceroute: local root exploit Reference: URL:http://www.debian.org/security/2000/20001013 Reference: TURBO:TLSA2000023-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html Reference: BID:1739 Reference: URL:http://www.securityfocus.com/bid/1739 Reference: XF:traceroute-heap-overflow Reference: URL:http://xforce.iss.net/static/5311.php Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. Analysis ---------------- ED_PRI CAN-2000-0949 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0951 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: ATSTAKE:A100400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt Reference: MSKB:Q272079 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079 Reference: BID:1756 Reference: URL:http://www.securityfocus.com/bid/1756 Reference: XF:iis-index-dir-traverse Reference: URL:http://xforce.iss.net/static/5335.php A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. Analysis ---------------- ED_PRI CAN-2000-0951 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0962 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions. Reference: BID:1723 Reference: URL:http://www.securityfocus.com/bid/1723 The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2000-0962 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0993 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function. Reference: URL:http://www.openbsd.org/errata27.html#pw_error Reference: NETBSD:NetBSD-SA2000-015 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc Reference: FREEBSD:FreeBSD-SA-00:58 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/137482 Reference: BID:1744 Reference: URL:http://www.securityfocus.com/bid/1744 Reference: XF:bsd-libutil-format Reference: URL:http://xforce.iss.net/static/5339.php Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. Analysis ---------------- ED_PRI CAN-2000-0993 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0994 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0994 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/137482 Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: BID:1746 Reference: URL:http://www.securityfocus.com/bid/1746 Reference: XF:bsd-fstat-format Reference: URL:http://xforce.iss.net/static/5338.php Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. Analysis ---------------- ED_PRI CAN-2000-0994 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0995 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. Analysis ---------------- ED_PRI CAN-2000-0995 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0996 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0996 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. Analysis ---------------- ED_PRI CAN-2000-0996 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0997 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0997 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: BID:1752 Reference: URL:http://www.securityfocus.com/bid/1752 Reference: XF:bsd-eeprom-format Reference: URL:http://xforce.iss.net/static/5337.php Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2000-0997 1 Vendor Acknowledgement: yes It is not certain from the OpenBSD source code patch what conditions are required to trigger the vulnerabilities. One might list the line numbers or affected functions, but that could vary with other OSes. CD:SF-LOC applies here because there are 3 different lines of code in eeprom that require patches, so this item should probably be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0998 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0998 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: FREEBSD:FreeBSD-SA-00:62 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:62.top.v1.1.asc Reference: BID:1895 Reference: URL:http://www.securityfocus.com/bid/1895 Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function. Analysis ---------------- ED_PRI CAN-2000-0998 1 Vendor Acknowledgement: yes ABSTRACTION: CD:SF-LOC applies because there are multiple lines of code in top that have the vulnerabilities - one in the error message generated by kill_procs(), and another message generated by renice_procs(). The FreeBSD patch is applied in 3 different places, so CD:SF-LOC suggests having separate entries for each. However, it is difficult to describe these differences without extensive source code review of all the affected codebases. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0999 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0999 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2000-0999 1 Vendor Acknowledgement: yes CD:SF-LOC applies because there are multiple lines of code in ssh that have the vulnerabilities - see the OPenBSD patch info - but how to indicate the differences in a CVE description? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1011 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:53 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. Analysis ---------------- ED_PRI CAN-2000-1011 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1058 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2 Reference: HP:HPSBUX0009-121 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html Reference: XF:openview-nmm-snmp-bo Reference: URL:http://xforce.iss.net/static/5282.php Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem." Analysis ---------------- ED_PRI CAN-2000-1058 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0900 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Reference: XF:acme-thttpd-ssi Reference: URL:http://xforce.iss.net/static/5313.php Reference: BID:1737 Reference: URL:http://www.securityfocus.com/bid/1737 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0900 2 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0930 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html Reference: BID:1738 Reference: URL:http://www.securityfocus.com/bid/1738 Reference: XF:pegasus-file-forwarding Reference: URL:http://xforce.iss.net/static/5326.php Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. Analysis ---------------- ED_PRI CAN-2000-0930 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0932 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0932 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2000-0932 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1059 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: CF Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security. Reference: URL:http://www.securityfocus.com/archive/1/136495 Reference: MANDRAKE:MDKSA-2000:052 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3 Reference: BID:1735 Reference: URL:http://www.securityfocus.com/bid/1735 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. Analysis ---------------- ED_PRI CAN-2000-1059 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0906 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001002 Moreover Cached_Feed CGI Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0013.html Reference: XF:moreover-cgi-dir-traverse Reference: URL:http://xforce.iss.net/static/5334.php Reference: BID:1762 Reference: URL:http://www.securityfocus.com/bid/1762 Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. Analysis ---------------- ED_PRI CAN-2000-0906 3 Vendor Acknowledgement: unknown poster claimed, generic comment Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0907 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: WIN2KSEC:20000925 DST2K0030: DoS in EServ 2.92 Build 2982 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0131.html EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands. Analysis ---------------- ED_PRI CAN-2000-0907 3 Vendor Acknowledgement: no discloser attempted contact Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0925 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0925 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2 Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html Reference: BID:1734 Reference: URL:http://www.securityfocus.com/bid/1734 The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. Analysis ---------------- ED_PRI CAN-2000-0925 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0926 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0926 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2 Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html Reference: BID:1733 Reference: URL:http://www.securityfocus.com/bid/1733 SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. Analysis ---------------- ED_PRI CAN-2000-0926 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0927 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0927 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html Reference: BID:1724 Reference: URL:http://www.securityfocus.com/bid/1724 Reference: XF:quotaadvisor-quota-bypass Reference: URL:http://xforce.iss.net/static/5302.php WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. Analysis ---------------- ED_PRI CAN-2000-0927 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0931 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0931 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001004 Another Pegasus Mail vulnerability Reference: URL:http://www.securityfocus.com/archive/1/137518 Reference: BID:1750 Reference: URL:http://www.securityfocus.com/bid/1750 Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. Analysis ---------------- ED_PRI CAN-2000-0931 3 Vendor Acknowledgement: unknown claimed informed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0959 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks Reference: URL:http://www.securityfocus.com/archive/1/85028 Reference: BID:1719 Reference: URL:http://www.securityfocus.com/bid/1719 Reference: XF:glibc-unset-symlink Reference: http://xforce.iss.net/static/5299.php glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-0959 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0964 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0964 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000928 Another thingy. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html Reference: BID:1727 Reference: URL:http://www.securityfocus.com/bid/1727 Reference: XF:hinet-ipphone-get-bo Reference: URL:http://xforce.iss.net/static/5298.php Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. Analysis ---------------- ED_PRI CAN-2000-0964 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0992 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0992 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000930 scp file transfer hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html Reference: MANDRAKE:MDKSA-2000:057 Reference: BID:1742 Reference: URL:http://www.securityfocus.com/bid/1742 Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0992 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1000 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS Reference: URL:http://www.securityfocus.com/archive/1/137374 Reference: BID:1747 Reference: URL:http://www.securityfocus.com/bid/1747 Reference: XF:aim-file-transfer-dos Reference: URL:http://xforce.iss.net/static/5314.php Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. Analysis ---------------- ED_PRI CAN-2000-1000 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1004 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2 Reference: XF:bsd-photurisd-format Reference: URL:http://xforce.iss.net/static/5336.php Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. Analysis ---------------- ED_PRI CAN-2000-1004 3 Vendor Acknowledgement: This was initially assigned BID:1755, but that BID is no longer available. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1008 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1008 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: ATSTAKE:A092600- 1 Reference: URL:http://www.atstake.com/research/advisories/2000/a092600-1.txt Reference: BID:1715 Reference: URL:http://www.securityfocus.com/bid/1715 PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. Analysis ---------------- ED_PRI CAN-2000-1008 3 Vendor Acknowledgement: yes severity disputed Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1012 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:53 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. Analysis ---------------- ED_PRI CAN-2000-1012 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Analysis of the patches suggested by FreeBSD reveal that the LANG variable was the culprit. ABSTRACTION: CD:SF-LOC dictates that catopen() and setlocale() should be split, since they are different bugs on different lines of code in different source files. This was inferred by examining the FreeBSD patches. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1013 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:53 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. Analysis ---------------- ED_PRI CAN-2000-1013 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Analysis of the patches suggested by FreeBSD reveal that the LANG variable was the culprit. ABSTRACTION: CD:SF-LOC dictates that catopen() and setlocale() should be split, since they are different bugs on different lines of code in different source files. This was inferred by examining the FreeBSD patches. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1014 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html Reference: BID:1717 Reference: URL:http://www.securityfocus.com/bid/1717 Reference: XF:unixware-scohelp-format Reference: URL:http://xforce.iss.net/static/5291.php Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. Analysis ---------------- ED_PRI CAN-2000-1014 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1015 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: BUGTRAQ:20000929 Default admin password with Slashcode. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0366.html Reference: BID:1731 Reference: URL:http://www.securityfocus.com/bid/1731 Reference: XF:slashcode-default-admin-passwords Reference: URL:http://xforce.iss.net/static/5306.php The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode priviliges and possibly execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-1015 3 Vendor Acknowledgement: yes post Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1017 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001002 DST2K0039: Webteachers Webdata: Importing files lower than web ro ot possible in to database Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0007.html Reference: BUGTRAQ:20001003 Update to DST2K0039: Webteachers Webdata: Importing files lower t han web root possible in to database Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0032.html Reference: BID:1732 Reference: URL:http://www.securityfocus.com/bid/1732 Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. Analysis ---------------- ED_PRI CAN-2000-1017 3 Vendor Acknowledgement: unknown claimed patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1027 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2 Reference: BID:1877 Reference: URL:http://www.securityfocus.com/bid/1877 Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. Analysis ---------------- ED_PRI CAN-2000-1027 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1060 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: CF Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html Reference: BID:1736 Reference: URL:http://www.securityfocus.com/bid/1736 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. Analysis ---------------- ED_PRI CAN-2000-1060 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
