|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-55 - 27 candidates
I have proposed cluster RECENT-55 for review and voting by the Editorial Board. Name: RECENT-55 Description: Candidates announced between 2/7/2001 and 3/8/2001 Size: 27 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0002 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010104 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97475003815911&w=2 Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Analysis ---------------- ED_PRI CAN-2001-0002 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0018 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010127 Category: SF Reference: MS:MS01-011 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. Analysis ---------------- ED_PRI CAN-2001-0018 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0146 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010210 Category: SF Reference: MS:MS01-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-014.asp IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. Analysis ---------------- ED_PRI CAN-2001-0146 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0148 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010210 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. Analysis ---------------- ED_PRI CAN-2001-0148 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0149 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010210 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2 Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. Analysis ---------------- ED_PRI CAN-2001-0149 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0150 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010210 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. Analysis ---------------- ED_PRI CAN-2001-0150 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0151 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010210 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS01-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. Analysis ---------------- ED_PRI CAN-2001-0151 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0220 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:21 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0220 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0221 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:19 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0221 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0230 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: FREEBSD:FreeBSD-SA-01:22 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-0230 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0164 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010307 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A030701-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. Analysis ---------------- ED_PRI CAN-2001-0164 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0001 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010103 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. Analysis ---------------- ED_PRI CAN-2001-0001 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0155 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010216 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a long user name. Analysis ---------------- ED_PRI CAN-2001-0155 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0156 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010216 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A021601-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users conduct arbitrary port forwarding to other systems. Analysis ---------------- ED_PRI CAN-2001-0156 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0157 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010301 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A030101-1 Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. Analysis ---------------- ED_PRI CAN-2001-0157 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0204 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS Reference: URL:http://www.securityfocus.com/archive/1/162965 Reference: BID:2369 Reference: URL:http://www.securityfocus.com/bid/2369 Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. Analysis ---------------- ED_PRI CAN-2001-0204 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0206 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0206 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010207 Vulnerability in Soft Lite ServerWorx Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0137.html Reference: BID:2346 Reference: URL:http://www.securityfocus.com/bid/2346 Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request. Analysis ---------------- ED_PRI CAN-2001-0206 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0208 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: CF Reference: BUGTRAQ:20010211 Security Hole in Microfocus Cobol Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0205.html Reference: BID:2359 Reference: URL:http://www.securityfocus.com/bid/2359 MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. Analysis ---------------- ED_PRI CAN-2001-0208 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0210 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 Commerce.cgi Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/162259 Reference: BID:2361 Reference: URL:http://www.securityfocus.com/bid/2361 Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. Analysis ---------------- ED_PRI CAN-2001-0210 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0211 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 WebSPIRS CGI script "show files" Vulnerability. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0217.html Reference: BID:2362 Reference: URL:http://www.securityfocus.com/bid/2362 Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. Analysis ---------------- ED_PRI CAN-2001-0211 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0212 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 HIS Auktion 1.62: "show files" vulnerability and remote command execute. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0218.html Reference: BID:2367 Reference: URL:http://www.securityfocus.com/bid/2367 Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0212 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0214 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 Way board: "show files" Vulnerability with null bite bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0212.html Reference: BID:2370 Reference: URL:http://www.securityfocus.com/bid/2370 Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. Analysis ---------------- ED_PRI CAN-2001-0214 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0215 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html Reference: BID:2371 Reference: URL:http://www.securityfocus.com/bid/2371 ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Analysis ---------------- ED_PRI CAN-2001-0215 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0216 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0216 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 PALS Library System "show files" Vulnerability and remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html Reference: BID:2372 Reference: URL:http://www.securityfocus.com/bid/2372 PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. Analysis ---------------- ED_PRI CAN-2001-0216 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0217 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 PALS Library System "show files" Vulnerability and remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html Reference: BID:2372 Reference: URL:http://www.securityfocus.com/bid/2372 Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. Analysis ---------------- ED_PRI CAN-2001-0217 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0224 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010212 Vulnerability in Muscat Empower wich can print path to DB-dir. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0216.html Reference: BID:2374 Reference: URL:http://www.securityfocus.com/bid/2374 Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. Analysis ---------------- ED_PRI CAN-2001-0224 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0225 Final-Decision: Interim-Decision: Modified: Proposed: 20010309 Assigned: 20010308 Category: SF Reference: BUGTRAQ:20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html Reference: BID:2349 Reference: URL:http://www.securityfocus.com/bid/2349 fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0225 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
