[PROPOSAL] Cluster MISC-99 - 29 legacy candidates

["Steven M. Christey" <coley@linus.mitre.org>]

The following cluster contains 29 candidates related to security
issues that were publicized in 1999.  As you will see, candidate
numbers had been assigned to these issues in 1999 and 2000; however, I
never created clusters for these candidates, so they never wound up
being proposed.  Note that additional problems from 1999 are still
forthcoming.

Most of these candidates are related to issues in Cold Fusion,
BSD-based OSes like FreeBSD, or SCO Unix.  It's pretty obvious which
legacy clusters I was *planning* on creating about a year ago ;-)

With the recent requests for additional legacy candidates, I thought
it was reasonable to include these candidates now, instead of waiting
for the next batch of legacy candidates.

There are still a few dozen candidates that were assigned, but have
not yet been proposed.  They are affected by controversial content
decisions related to exposures or configuration problems, and in some
cases, more analysis is necessary.  As such, they will not be proposed
until later, probably not until after the legacy backlog has been
addressed.

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-1999-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0729
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6
Reference: URL:http://xforce.iss.net/alerts/advise34.php
Reference: CIAC:J-061
Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml
Reference: BID:601
Reference: URL:http://www.securityfocus.com/bid/601
Reference: XF:lotus-ldap-bo

Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to
conduct a denial of service through the ldap_search request.

Analysis
----------------
ED_PRI CAN-1999-0729 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0756
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0756
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos
Reference: URL:http://xforce.iss.net/static/2207.php

ColdFusion Administrator with Advanced Security enabled allows remote
users to stop the ColdFusion server via the Start/Stop utility.

Analysis
----------------
ED_PRI CAN-1999-0756 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0758
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0758
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-06
Reference: XF:netscape-space-view

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote
attacker to view source code to scripts by appending a %20 to the
script's URL.

Analysis
----------------
ED_PRI CAN-1999-0758 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0760
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0760
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full
Reference: BID:550
Reference: URL:http://www.securityfocus.com/bid/550
Reference: XF:coldfusion-server-cfml-tags
Reference: URL:http://xforce.iss.net/static/3288.php

Undocumented ColdFusion Markup Language (CFML) tags and functions in
the ColdFusion Administrator allow users to gain additional
privileges.

Analysis
----------------
ED_PRI CAN-1999-0760 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0800
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0800
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-05
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full
Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html

The GetFile.cfm file in Allaire Forums allows remote attackers to read
files through a parameter to GetFile.cfm.

Analysis
----------------
ED_PRI CAN-1999-0800 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0922
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991208
Category: SF
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: XF:coldfusion-sourcewindow

An example application in ColdFusion Server 4.0 allows remote
attackers to view source code via the sourcewindow.cfm file.

Analysis
----------------
ED_PRI CAN-1999-0922 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0924
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991208
Category: SF
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to
conduct a denial of service.

Analysis
----------------
ED_PRI CAN-1999-0924 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0945
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991208
Category: SF
Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5
Reference: URL:http://xforce.iss.net/alerts/advise4.php
Reference: CIAC:I-080
Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml
Reference: MSKB:Q169174

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange
5.5 and 5.0 allows remote attackers to conduct a denial of service via
AUTH or AUTHINFO commands.

Analysis
----------------
ED_PRI CAN-1999-0945 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0306
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0306
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su

Buffer overflow in calserver in SCO OpenServer allows remote attackers
to gain root access via a long message.

Analysis
----------------
ED_PRI CAN-2000-0306 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0307
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0307
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and
earlier allows an attacker to cause a denial of service which prevents
access to reserved port numbers below 1024.

Analysis
----------------
ED_PRI CAN-2000-0307 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0308
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0308
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: CF
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a

Insecure file permissions for Netscape FastTrack Server 2.x,
Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and
2.1.3 allow an attacker to gain root privileges.

Analysis
----------------
ED_PRI CAN-2000-0308 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0309
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0309
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a
local user to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2000-0309 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0310
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0310
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause
a denial of service by sending a large number of fragmented packets.

Analysis
----------------
ED_PRI CAN-2000-0310 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0312
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0312
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19990830 In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root.
Reference: URL:http://www.openbsd.org/errata25.html#cron

cron in OpenBSD 2.5 allows local users to gain root privileges via an
argv[] that is not NULL terminated, which is passed to cron's fake
popen function.

Analysis
----------------
ED_PRI CAN-2000-0312 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0313
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0313
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia

Vulnerability in OpenBSD 2.6 allows a local user to change interface
media configurations.

Analysis
----------------
ED_PRI CAN-2000-0313 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0314
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0314
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc

traceroute in NetBSD 1.3.3 and Linux systems allows local users to
flood other systems by providing traceroute with a large waittime (-w)
option, which is not parsed properly and sets the time delay for
sending packets to zero.

Analysis
----------------
ED_PRI CAN-2000-0314 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0315
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0315
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged
users to modify the source address of the packets, which could be used
in spoofing attacks.

Analysis
----------------
ED_PRI CAN-2000-0315 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0348
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0348
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: CF
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a

A vulnerability in the Sendmail configuration file sendmail.cf as
installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain
root privileges.

Analysis
----------------
ED_PRI CAN-2000-0348 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0349
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0349
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000511
Category: unknown
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a

Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an
attacker to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2000-0349 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0351
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000523
Category: unknown
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b

Some packaging commands in SCO UnixWare 7.1.0 have insecure
privileges, which allows local users to add or remove software
packages.

Analysis
----------------
ED_PRI CAN-2000-0351 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0368
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000523
Category: SF
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml

Classic Cisco IOS 9.1 and later allows attackers with access to the
loging prompt to obtain portions of the command history of previous
users, which may allow the attacker to access sensitive data.

Analysis
----------------
ED_PRI CAN-2000-0368 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0375
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 20000523
Category: SF
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:04.core.asc

The kernel in FreeBSD 3.2 follows symbolic links when it creates core
dump files, which allows local attackers to modify arbitrary files.

Analysis
----------------
ED_PRI CAN-2000-0375 1
Vendor Acknowledgement: yes

This appears to be similar to the UnixWare core dump problem as
recorded in CVE-1999-0864.  It is possible that these 2 issues stem
from the same codebase.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:19990127 UNIX shell modem access vulnerabilities
Reference: XF:ptylogin-dos

ptylogin in Unix systems allows users to perform a denial of service
by locking out modems, dial out with that modem, or obtain passwords.

Analysis
----------------
ED_PRI CAN-1999-0359 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0681
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0681
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990807 Crash FrontPage Remotely...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html
Reference: XF:frontpage-pws-dos
Reference: URL:http://xforce.iss.net/static/3117.php
Reference: BID:568
Reference: URL:http://www.securityfocus.com/bid/568

Buffer overflow in Microsoft FrontPage Server Extensions (PWS)
3.0.2.926 on Windows 95, and possibly other versions, allows remote
attackers to cause a denial of service via a long URL.

Analysis
----------------
ED_PRI CAN-1999-0681 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: unknown
Reference: NTBUGTRAQ:19990823 IBM Gina security warning
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534
Reference: BID:608
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=608
Reference: XF:ibm-gina-group-add
Reference: URL:http://xforce.iss.net/static/3166.php

IBM GINA, when used for OS/2 domain authentication of Windows NT
users, allows local users to gain administrator privileges by changing
the GroupMapping registry key.

Analysis
----------------
ED_PRI CAN-1999-0718 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0757
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0757
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: ALLAIRE:ASB99-08
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full
Reference: XF:coldfusion-encryption
Reference: URL:http://xforce.iss.net/static/2208.php

The ColdFusion CFCRYPT program for encrypting CFML templates has weak
encryption, allowing attackers to decrypt the templates.

Analysis
----------------
ED_PRI CAN-1999-0757 3
Vendor Acknowledgement: yes
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0784
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0784
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: NTBUGTRAQ:19980827 NERP DoS attack possible in Oracle
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998/msg00536.html
Reference: BUGTRAQ:19990104 Re: Fw:"NERP" DoS attack possible in Oracle
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999_1/0056.html
Reference: BUGTRAQ:19981228 Oracle8 TNSLSNR DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1998_4/0764.html

Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed
string to the listener port, aka NERP.

Analysis
----------------
ED_PRI CAN-1999-0784 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0805
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990512 DoS with Netware 4.x's TTS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999_2/0439.html
Reference: XF:novell-tts-dos
Reference: URL:http://xforce.iss.net/static/2184.php

Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and
earlier allows remote attackers to cause a denial of service via a
large number of requests.

Analysis
----------------
ED_PRI CAN-1999-0805 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-1999-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0923
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20010214
Assigned: 19991208
Category: SF
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full

Sample runnable code snippets in ColdFusion Server 4.0 allow remote
attackers to read files, conduct a denial of service, or use the
server as a proxy for other HTTP calls.

Analysis
----------------
ED_PRI CAN-1999-0923 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS: