|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-49 - 33 candidates
The following cluster contains 33 candidates that were announced between December 11, 2000 and December 18, 2000. You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The voting web site will be updated with this cluster later today. Recent additions to the Editorial Board will also be notified about their account information at that time. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0896 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-fragmented-packets Reference: URL:http://xforce.iss.net/static/5749.php Reference: BID:2113 Reference: URL:http://www.securityfocus.com/bid/2113 WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. Analysis ---------------- ED_PRI CAN-2000-0896 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0026 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html Reference: CONECTIVA:CLA-2000:357 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357 Reference: MANDRAKE:MDKSA-2000:084 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3 Reference: REDHAT:RHSA-2000:130-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html Reference: BID:2098 Reference: URL:http://www.securityfocus.com/bid/2098 Reference: XF:rppppoe-zero-length-dos Reference: URL:http://xforce.iss.net/static/5727.php rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. Analysis ---------------- ED_PRI CAN-2001-0026 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0028 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html Reference: FREEBSD:FreeBSD-SA-00:79 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html Reference: BID:2099 Reference: URL:http://www.securityfocus.com/bid/2099 Reference: XF:oops-ftputils-bo Reference: URL:http://xforce.iss.net/static/5725.php Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters. Analysis ---------------- ED_PRI CAN-2001-0028 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0053 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: OPENBSD:20001218 Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt Reference: NETBSD:NetBSD-SA2000-018 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html Reference: BID:2124 Reference: URL:http://www.securityfocus.com/bid/2124 Reference: XF:bsd-ftpd-replydirname-bo Reference: URL:http://xforce.iss.net/static/5776.php One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0053 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0060 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Stunnel format bug Reference: URL:http://www.securityfocus.com/archive/1/151719 Reference: REDHAT:RHSA-2000:129-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html Reference: CONECTIVA:CLA-2000:363 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363 Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html Reference: DEBIAN:20001225 DSA-009-1 stunnel: insecure file handling, format string bug Reference: URL:http://www.debian.org/security/2000/20001225a Reference: XF:stunnel-format-logfile Reference: URL:http://xforce.iss.net/static/5807.php Reference: BID:2128 Reference: URL:http://www.securityfocus.com/bid/2128 Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. Analysis ---------------- ED_PRI CAN-2001-0060 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0061 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2130 Reference: URL:http://www.securityfocus.com/bid/2130 procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space. Analysis ---------------- ED_PRI CAN-2001-0061 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0062 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2131 Reference: URL:http://www.securityfocus.com/bid/2131 procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang. Analysis ---------------- ED_PRI CAN-2001-0062 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0063 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: FREEBSD:FreeBSD-SA-00:77 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc Reference: BID:2132 Reference: URL:http://www.securityfocus.com/bid/2132 procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. Analysis ---------------- ED_PRI CAN-2001-0063 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0080 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml Reference: XF:cisco-catalyst-ssh-mismatch Reference: URL:http://xforce.iss.net/static/5760.php Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. Analysis ---------------- ED_PRI CAN-2001-0080 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0083 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: MS:MS00-097 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp Reference: MSKB:Q281256 Reference: XF:mediaservices-dropped-connection-dos Reference: URL:http://xforce.iss.net/static/5785.php Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak which allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0083 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0105 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: HP:HPSBUX0012-134 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html Reference: XF:hp-top-sys-files Reference: URL:http://xforce.iss.net/static/5773.php Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. Analysis ---------------- ED_PRI CAN-2001-0105 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2000-0894 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. Analysis ---------------- ED_PRI CAN-2000-0895 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0059 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2 Reference: BID:2127 Reference: URL:http://www.securityfocus.com/bid/2127 Reference: XF:solaris-patchadd-symlink Reference: URL:http://xforce.iss.net/static/5789.php patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-0059 2 Vendor Acknowledgement: yes followup Some followups imply that this is the ksh << problem, but another followup includes a portion of the actual code, which does not rely on ksh. Therefore this is a separate vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0081 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys. Analysis ---------------- ED_PRI CAN-2001-0081 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1090 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20001211 Category: SF Reference: MISC:http://www.nsfocus.com/english/homepage/sa_08.htm Reference: BID:2100 Reference: URL:http://www.securityfocus.com/bid/2100 Reference: XF:microsoft-iis-file-disclosure Reference: URL:http://xforce.iss.net/static/5729.php Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. Analysis ---------------- ED_PRI CAN-2000-1090 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0022 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001213 Re: Insecure input validation in simplestmail.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html Reference: BID:2106 Reference: URL:http://www.securityfocus.com/bid/2106 Reference: XF:http-cgi-simplestguest Reference: URL:http://xforce.iss.net/static/5743.php simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. Analysis ---------------- ED_PRI CAN-2001-0022 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0023 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 Insecure input validation in everythingform.cgi (remote command execution) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html Reference: BID:2101 Reference: URL:http://www.securityfocus.com/bid/2101 Reference: XF:http-cgi-everythingform Reference: URL:http://xforce.iss.net/static/5736.php everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. Analysis ---------------- ED_PRI CAN-2001-0023 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0024 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 Insecure input validation in simplestmail.cgi (remote command execution) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0136.html Reference: BID:2102 Reference: URL:http://www.securityfocus.com/bid/2102 Reference: XF:http-cgi-simplestmail Reference: URL:http://xforce.iss.net/static/5739.php simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. Analysis ---------------- ED_PRI CAN-2001-0024 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0025 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 Insecure input validation in ad.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0143.html Reference: BID:2103 Reference: URL:http://www.securityfocus.com/bid/2103 Reference: XF:http-cgi-ad Reference: URL:http://xforce.iss.net/static/5741.php ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. Analysis ---------------- ED_PRI CAN-2001-0025 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0027 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001211 mod_sqlpw Password Caching Bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html Reference: XF:proftpd-modsqlpw-unauth-access Reference: URL:http://xforce.iss.net/static/5737.php mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. Analysis ---------------- ED_PRI CAN-2001-0027 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0029 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 Re: [pkc] remote heap buffer overflow in oops Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0158.html Reference: BID:2099 Reference: URL:http://www.securityfocus.com/bid/2099 Reference: MISC:http://zipper.paco.net/~igor/oops/ChangeLog Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup. Analysis ---------------- ED_PRI CAN-2001-0029 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0065 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001213 Potential Buffer Overflow vulnerability in bftpd-1.0.13 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0189.html Reference: XF:bftpd-site-chown-bo Reference: URL:http://xforce.iss.net/static/5775.php Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. Analysis ---------------- ED_PRI CAN-2001-0065 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0067 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: CF Reference: BUGTRAQ:20001214 J-Pilot Permissions Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&fromthread=1&start=2001-01-28&threads=0&list=1&; Reference: MANDRAKE:MDKSA-2000:081 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3 Reference: XF:jpilot-perms Reference: URL:http://xforce.iss.net/static/5762.php The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set. Analysis ---------------- ED_PRI CAN-2001-0067 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PERMS INCLUSION: Is this just an instance of the high-cardinality vulnerability/exposure "user has an insecure umask?" There was a long debate about this on Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0068 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001215 Security Hole of MRJ 2.2.3 (Mac OS Runtime for Java) - Inconsistent Use of CODEBASE and ARCHIVE Attributes - Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0241.html Reference: XF:mrj-runtime-malicious-applets Reference: URL:http://xforce.iss.net/static/5784.php Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. Analysis ---------------- ED_PRI CAN-2001-0068 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0077 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. Analysis ---------------- ED_PRI CAN-2001-0077 3 Vendor Acknowledgement: Content Decisions: DESIGN-NO-AUTH Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0078 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. Analysis ---------------- ED_PRI CAN-2001-0078 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0079 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001213 STM symlink Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0174.html Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. Analysis ---------------- ED_PRI CAN-2001-0079 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0082 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 FireWall-1 Fastmode Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0271.html Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. Analysis ---------------- ED_PRI CAN-2001-0082 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0086 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001212 Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0160.html Reference: BID:2108 Reference: URL:http://www.securityfocus.com/bid/2108 Reference: XF:subscribemelite-gain-admin-access Reference: URL:http://xforce.iss.net/static/5735.php CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. Analysis ---------------- ED_PRI CAN-2001-0086 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0095 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html Reference: XF:solaris-catman-symlink Reference: URL:http://xforce.iss.net/static/5788.php catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. Analysis ---------------- ED_PRI CAN-2001-0095 3 Vendor Acknowledgement: unknown discloser-claimed CAN-1999-0370 identifies what may be a symlink vulnerability in man and catman, but the affected versions include 2.7, and Sun patched this. So, this is probably a different vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0103 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BID:2107 Reference: URL:http://www.securityfocus.com/bid/2107 Reference: XF:coffeecup-ftp-weak-encryption Reference: URL:http://xforce.iss.net/static/5744.php CoffeeCup Direct and Free FTP clients useas weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords. Analysis ---------------- ED_PRI CAN-2001-0103 3 Vendor Acknowledgement: Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0104 Final-Decision: Interim-Decision: Modified: Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001214 Bypass MDaemon 3.5.1 "Lock Server" Protection Reference: URL:http://www.securityfocus.com/archive/1/151156 Reference: BID:2115 Reference: URL:http://www.securityfocus.com/bid/2115 Reference: XF:mdaemon-lock-bypass-password Reference: URL:http://xforce.iss.net/static/5763.php MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. Analysis ---------------- ED_PRI CAN-2001-0104 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
