|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-43 - 40 candidates
The following cluster contains 40 candidates that were announced between October 26 and November 7, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001102 Category: SF Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&; Reference: MS:MS00-086 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Reference: BID:1912 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912 IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0886 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001114 Category: SF Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS Reference: URL:http://www.securityfocus.com/archive/1/143843 Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: BID:1923 Reference: URL:http://www.securityfocus.com/bid/1923 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." Analysis ---------------- ED_PRI CAN-2000-0887 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001114 Category: SF Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." Analysis ---------------- ED_PRI CAN-2000-0888 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw Reference: URL:http://www.securityfocus.com/archive/1/141903 Reference: MS:MS00-084 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp Reference: BID:1861 Reference: URL:http://www.securityfocus.com/bid/1861 Reference: XF:iis-htw-cross-scripting Reference: URL:http://xforce.iss.net/static/5441.php The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0942 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0952 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0952 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NETBSD:NetBSD-SA2000-014 Reference: ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc Reference: XF:global-execute-remote-commands Reference: URL:http://xforce.iss.net/static/5424.php global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2000-0952 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0956 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0956 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: REDHAT:RHSA-2000:094-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html Reference: BID:1875 Reference: URL:http://www.securityfocus.com/bid/1875 Reference: XF:cyrus-sasl-gain-access Reference: URL:http://xforce.iss.net/static/5427.php cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. Analysis ---------------- ED_PRI CAN-2000-0956 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1006 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-082 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp Reference: XF:ms-exchange-mime-dos Reference: URL:http://xforce.iss.net/static/5448.php Reference: BID:1869 Reference: URL:http://www.securityfocus.com/bid/1869 Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1006 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1026 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:61 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc Reference: BID:1870 Reference: URL:http://www.securityfocus.com/bid/1870 Multiple buffer overflows in LBNL tcpdump allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-1026 1 Vendor Acknowledgement: yes advisory CD:SF-LOC suggests having separate entries for each buffer overflow, but it's not clear how to distinguish them in CVE descriptions without an extensive source code analysis. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1034 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2 Reference: MS:MS00-085 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp Reference: BID:1899 Reference: URL:http://www.securityfocus.com/bid/1899 Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1034 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1045 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: REDHAT:RHSA-2000:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html Reference: MANDRAKE:MDKSA-2000-066 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3 Reference: BID:1863 Reference: URL:http://www.securityfocus.com/bid/1863 Reference: XF:nssldap-nscd-dos Reference: URL:http://xforce.iss.net/static/5449.php nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. Analysis ---------------- ED_PRI CAN-2000-1045 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1049 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001101 Allaire's JRUN DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2 Reference: ALLAIRE:ASB00-030 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full Reference: XF:allaire-jrun-servlet-dos Reference: URL:http://xforce.iss.net/static/5452.php Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. Analysis ---------------- ED_PRI CAN-2000-1049 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1066 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: FREEBSD:FreeBSD-SA-00:63 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc Reference: BID:1894 Reference: URL:http://www.securityfocus.com/bid/1894 The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. Analysis ---------------- ED_PRI CAN-2000-1066 1 Vendor Acknowledgement: yes advisory ABSTRACTION: The FreeBSD patch is applied to 3 separate lines, thus CD:SF-LOC would suggest having separate items for each line. However, it is not easy to differentiate between these 3 problems without extensive source code analysis across all the other Unix flavors that could have this problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0941 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0941 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt Reference: BID:1883 Reference: URL:http://www.securityfocus.com/bid/1883 Reference: XF:kw-whois-meta Reference: URL:http://xforce.iss.net/static/5438.php Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. Analysis ---------------- ED_PRI CAN-2000-0941 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0944 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0944 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html Reference: BID:1881 Reference: URL:http://www.securityfocus.com/bid/1881 Reference: XF:news-update-bypass-password Reference: URL:http://xforce.iss.net/static/5433.php CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. Analysis ---------------- ED_PRI CAN-2000-0944 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1080 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001102 dos on quake1 servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2 Reference: CONFIRM:http://proquake.ai.mit.edu/ Reference: BID:1900 Reference: URL:http://www.securityfocus.com/bid/1900 Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. Analysis ---------------- ED_PRI CAN-2000-1080 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the "Current Status" section on the ProQuake site at http://proquake.ai.mit.edu/, the entry dated November 18, 2000 says: "Proquake v1.02 fixes a serious bug which has been around since quake was created but was only discovered recently - the bug allows anyone to cause any server to stop accepting new connections." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0817 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0817 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001004 Category: SF Reference: ISS:20001101 Buffer Overflow in Microsoft Windows NT 4.0 and Windows 2000 Network Monitor Reference: URL:http://xforce.iss.net/alerts/index.php Reference: MS:MS00-083 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-083.asp Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0817 3 Vendor Acknowledgement: yes Content Decisions: SF-EXEC ABSTRACTION: This is closely related to CAN-2000-0885. The candidates identify different buffer overflows in different parsers that happen to be addressed by the same security bulletin. CD:SF-EXEC suggests that these should be kept separate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0885 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0885 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001028 Category: SF Reference: NAI:20001101 Multiple Network Monitor Overflows Reference: MS:MS00-083 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-083.asp Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. Analysis ---------------- ED_PRI CAN-2000-0885 3 Vendor Acknowledgement: yes Content Decisions: SF-EXEC ABSTRACTION: This is closely related to CAN-2000-0817. The candidates identify different buffer overflows that happen to be addressed by the same security bulletin, thus CD:SF-EXEC suggests that these 2 candidates should be kept separate. In addition, this candidate should be split into separate candidates, one for each overflow, as dictated by CD:SF-EXEC. This candidate is not at the CVE level of abstraction because it was reserved for use before the initial public announcement was made. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0935 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0935 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1872 Reference: URL:http://www.securityfocus.com/bid/1872 Reference: XF:samba-swat-logging-sym-link Reference: URL:http://xforce.iss.net/static/5443.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. Analysis ---------------- ED_PRI CAN-2000-0935 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0936 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1874 Reference: URL:http://www.securityfocus.com/bid/1874 Reference: XF:samba-swat-logfile-info Reference: URL:http://xforce.iss.net/static/5445.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. Analysis ---------------- ED_PRI CAN-2000-0936 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0937 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0937 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1873 Reference: URL:http://www.securityfocus.com/bid/1873 Reference: XF:samba-swat-brute-force Reference: URL:http://xforce.iss.net/static/5442.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. Analysis ---------------- ED_PRI CAN-2000-0937 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0938 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0938 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. Analysis ---------------- ED_PRI CAN-2000-0938 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0939 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0939 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: XF:samba-swat-url-filename-dos Reference: URL:http://xforce.iss.net/static/5444.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. Analysis ---------------- ED_PRI CAN-2000-0939 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0940 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0940 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001029 Minor bug in Pagelog.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0422.html Reference: BID:1864 Reference: URL:http://www.securityfocus.com/bid/1864 Reference: XF:pagelog-cgi-dir-traverse Reference: URL:http://xforce.iss.net/static/5451.php Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. Analysis ---------------- ED_PRI CAN-2000-0940 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0943 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0943 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html Reference: XF:bftpd-user-bo Reference: URL:http://xforce.iss.net/static/5426.php Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. Analysis ---------------- ED_PRI CAN-2000-0943 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0945 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html Reference: XF:cisco-catalyst-remote-commands Reference: URL:http://xforce.iss.net/static/5415.php The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication via a URL containing the /exec/ directory. Analysis ---------------- ED_PRI CAN-2000-0945 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0950 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0950 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001026 FWTK x-gw Security Advisory [GSA2000-01] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0376.html Reference: XF:tisfwtk-xgw-execute-code Reference: URL:http://xforce.iss.net/static/5420.php Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. Analysis ---------------- ED_PRI CAN-2000-0950 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0955 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0955 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: ATSTAKE:A102600-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a102600-1.txt Reference: BID:1885 Reference: URL:http://www.securityfocus.com/bid/1885 Reference: XF:cisco-vco-snmp-passwords Reference: URL:http://xforce.iss.net/static/5425.php Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. Analysis ---------------- ED_PRI CAN-2000-0955 3 Vendor Acknowledgement: yes Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0957 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0957 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html Reference: XF:pammysql-auth-input Reference: URL:http://xforce.iss.net/static/5447.php The pluggable authentication module for msql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. Analysis ---------------- ED_PRI CAN-2000-0957 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1009 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Redhat 6.2 dump command executes external program with suid priviledge. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0438.html Reference: BID:1871 Reference: URL:http://www.securityfocus.com/bid/1871 Reference: XF:linux-dump-execute-code Reference: URL:http://xforce.iss.net/static/5437.php dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. Analysis ---------------- ED_PRI CAN-2000-1009 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1019 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2 Reference: BID:1866 Reference: URL:http://www.securityfocus.com/bid/1866 Reference: XF:ultraseek-malformed-url-dos Reference: URL:http://xforce.iss.net/static/5439.php Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. Analysis ---------------- ED_PRI CAN-2000-1019 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1024 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2 Reference: BID:1876 Reference: URL:http://www.securityfocus.com/bid/1876 Reference: XF:ewave-servletexec-file-upload Reference: URL:http://xforce.iss.net/static/5450.php eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-1024 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1025 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Unify eWave ServletExec DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97295224226042&w=2 Reference: BID:1868 Reference: URL:http://www.securityfocus.com/bid/1868 Reference: XF:ewave-servletexec-dos Reference: URL:http://xforce.iss.net/static/5435.php eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. Analysis ---------------- ED_PRI CAN-2000-1025 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1028 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001102 HPUX cu -l option buffer overflow vulnerabilit Reference: URL:http://www.securityfocus.com/archive/1/142792 Reference: BID:1886 Reference: URL:http://www.securityfocus.com/bid/1886 Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. Analysis ---------------- ED_PRI CAN-2000-1028 3 Vendor Acknowledgement: INCLUSION: It is not certain if this is exploitable. The provided exploit only causes a crash, but does the crash occur while the program is operating at elevated privileges? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1029 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001027 old version of host command vulnearbility Reference: URL:http://www.securityfocus.com/archive/1/141660 Reference: BID:1887 Reference: URL:http://www.securityfocus.com/bid/1887 Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. Analysis ---------------- ED_PRI CAN-2000-1029 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1030 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001031 Re: Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/142672 Reference: BID:1888 Reference: URL:http://www.securityfocus.com/bid/1888 CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. Analysis ---------------- ED_PRI CAN-2000-1030 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1032 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/142808 Reference: BID:1890 Reference: URL:http://www.securityfocus.com/bid/1890 The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. Analysis ---------------- ED_PRI CAN-2000-1032 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1033 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001029 Brute Forcing FTP Servers with enabled anti-hammering (anti brute-force) modus Reference: URL:http://www.securityfocus.com/archive/1/141905 Reference: BID:1860 Reference: URL:http://www.securityfocus.com/bid/1860 Reference: XF:ftp-servu-brute-force Reference: URL:http://xforce.iss.net/static/5436.php Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. Analysis ---------------- ED_PRI CAN-2000-1033 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1075 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html Reference: BID:1839 Reference: URL:http://www.securityfocus.com/bid/1839 Reference: XF:iplanet-netscape-directory-traversal Reference: URL:http://xforce.iss.net/static/5421.php Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. Analysis ---------------- ED_PRI CAN-2000-1075 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1076 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html Reference: XF:iplanet-netscape-plaintext-password Reference: URL:http://xforce.iss.net/static/5422.php Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. Analysis ---------------- ED_PRI CAN-2000-1076 3 Vendor Acknowledgement: Content Decisions: DESIGN-NO-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1077 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Reference: URL:http://www.securityfocus.com/archive/1/141435 Reference: XF:iplanet-web-server-shtml-bo Reference: URL:http://xforce.iss.net/static/5446.php Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. Analysis ---------------- ED_PRI CAN-2000-1077 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
