|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 12 candidates from 1999
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0115 CVE-1999-0115 CAN-1999-0223 CVE-1999-0223 CAN-1999-0268 CVE-1999-0268 CAN-1999-0608 CVE-1999-0608 CAN-1999-0681 CVE-1999-0681 CAN-1999-0729 CVE-1999-0729 CAN-1999-0758 CVE-1999-0758 CAN-1999-0760 CVE-1999-0760 CAN-1999-0800 CVE-1999-0800 CAN-1999-0922 CVE-1999-0922 CAN-1999-0924 CVE-1999-0924 CAN-1999-0945 CVE-1999-0945 ====================================================== Candidate: CAN-1999-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0115 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010501-02 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19970909 AIX bugfiler Reference: XF:ibm-bugfiler Reference: BID:1800 Reference: URL:http://www.securityfocus.com/bid/1800 AIX bugfiler program allows local users to gain root access. Modifications: ADDREF BUGTRAQ:19970909 AIX bugfiler ADDREF XF:ibm-bugfiler ADDREF BID:1800 INFERRED ACTION: CAN-1999-0115 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Baker, Bollinger MODIFY(1) Frech NOOP(4) Christey, Northcutt, Shostack, Wall REVIEWING(1) Levy Voter Comments: Frech> XF:ibm-bugfiler Christey> I could not find any acknowledgement of this bug on the IBM web site. Christey> BID:1800 URL:http://www.securityfocus.com/bid/1800 ====================================================== Candidate: CAN-1999-0223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0223 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010501-02 Proposed: 19990714 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4 Reference: SUNBUG:1249320 Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches Reference: XF:sol-syslogd-crash Reference: BID:1878 Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. Modifications: ADDREF BUGTRAQ:19961109 Syslogd and Solaris 2.4 ADDREF XF:sol-syslogd-crash ADDREF SUNBUG:1249320 ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches ADDREF BID:1878 INFERRED ACTION: CAN-1999-0223 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Dik, Baker MODIFY(1) Frech NOOP(4) Christey, Northcutt, Shostack, Wall REVIEWING(1) Levy Voter Comments: Frech> XF:sol-syslogd-crash Dik> bug 1249320 Christey> BID:1878 URL:http://www.securityfocus.com/bid/1878 ====================================================== Candidate: CAN-1999-0268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0268 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010425-02 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products Reference: XF:metaweb-server-dot-attack MetaInfo MetaWeb web server allows users to upload and execute scripts. Modifications: ADDREF XF:metaweb-server-dot-attack INFERRED ACTION: CAN-1999-0268 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Baker, Northcutt MODIFY(1) Frech NOOP(1) Prosser Voter Comments: Frech> Normalize Bugtraq reference; suggestion: http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Fstart%3D1998-06-27%26fromthread%3D0%26mid%3D9727%26list%3D1%26threads%3D0%26end%3D1998-07-03%26 CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> ADDREF XF:metaweb-server-dot-attack ====================================================== Candidate: CAN-1999-0608 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0608 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 19990728 Assigned: 19990607 Category: CF Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html. Reference: XF:pdgsoftcart-misconfig(3857) An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. Modifications: ADDREF CONFIRM:http://www.pdgsoft.com/Security/security.html. ADDREF XF:pdgsoftcart-misconfig(3857) INFERRED ACTION: CAN-1999-0608 FINAL (Final Decision 20010507) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Northcutt Voter Comments: Frech> XF:pdgsoftcart-misconfig(3857) Christey> CONFIRM:http://www.pdgsoft.com/Security/security.html. The statement reads: Recently, PDG Software, Inc. has been associated with speculations on the security of Web stores running shopping cart software... The speculation revealed a security "hole" on several online stores, rendering sensitive information vulnerable to fraud. PDG Software isolated the problem and offered assistance to server administrators to close the potential hole. It is important to understand that the problem stems not from the shopping cart software itself, but rather from improper installation of the software. Also see http://ecommerce.internet.com/outlook/article/0,1467,7761_239511,00.html ====================================================== Candidate: CAN-1999-0681 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0681 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990807 Crash FrontPage Remotely... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html Reference: XF:frontpage-pws-dos Reference: URL:http://xforce.iss.net/static/3117.php Reference: BID:568 Reference: URL:http://www.securityfocus.com/bid/568 Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-1999-0681 FINAL (Final Decision 20010507) Current Votes: ACCEPT(4) LeBlanc, Frech, Baker, Cole Voter Comments: LeBlanc> Fixed in some FrontPage update - I don't recall which. ====================================================== Candidate: CAN-1999-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0729 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 19991125 Category: SF Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6 Reference: URL:http://xforce.iss.net/alerts/advise34.php Reference: CIAC:J-061 Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml Reference: BID:601 Reference: URL:http://www.securityfocus.com/bid/601 Reference: XF:lotus-ldap-bo Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. INFERRED ACTION: CAN-1999-0729 FINAL (Final Decision 20010507) Current Votes: ACCEPT(3) Frech, Baker, Cole ====================================================== Candidate: CAN-1999-0758 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0758 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 19991125 Category: SF Reference: ALLAIRE:ASB99-06 Reference: XF:netscape-space-view Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. INFERRED ACTION: CAN-1999-0758 FINAL (Final Decision 20010507) Current Votes: ACCEPT(3) Frech, Baker, Cole ====================================================== Candidate: CAN-1999-0760 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0760 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 19991125 Category: SF Reference: ALLAIRE:ASB99-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full Reference: BID:550 Reference: URL:http://www.securityfocus.com/bid/550 Reference: XF:coldfusion-server-cfml-tags Reference: URL:http://xforce.iss.net/static/3288.php Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. INFERRED ACTION: CAN-1999-0760 FINAL (Final Decision 20010507) Current Votes: ACCEPT(3) Frech, Baker, Cole ====================================================== Candidate: CAN-1999-0800 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0800 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010502-01 Proposed: 20010214 Assigned: 19991125 Category: SF Reference: ALLAIRE:ASB99-05 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html Reference: XF:allaire-forums-file-read(1748) The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. Modifications: ADDREF XF:allaire-forums-file-read(1748) INFERRED ACTION: CAN-1999-0800 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:allaire-forums-file-read(1748) ====================================================== Candidate: CAN-1999-0922 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0922 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 19991208 Category: SF Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-sourcewindow An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. INFERRED ACTION: CAN-1999-0922 FINAL (Final Decision 20010507) Current Votes: ACCEPT(3) Frech, Baker, Cole ====================================================== Candidate: CAN-1999-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0924 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010502-01 Proposed: 20010214 Assigned: 19991208 Category: SF Reference: ALLAIRE:ASB99-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full Reference: XF:coldfusion-syntax-checker(1742) The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. Modifications: ADDREF XF:coldfusion-syntax-checker(1742) INFERRED ACTION: CAN-1999-0924 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:coldfusion-syntax-checker(1742) ====================================================== Candidate: CAN-1999-0945 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0945 Final-Decision: 20010507 Interim-Decision: 20010502 Modified: 20010502-01 Proposed: 20010214 Assigned: 19991208 Category: SF Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5 Reference: URL:http://xforce.iss.net/alerts/advise4.php Reference: CIAC:I-080 Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml Reference: MSKB:Q169174 Reference: XF:exchange-dos(1223) Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. Modifications: ADDREF XF:exchange-dos(1223) INFERRED ACTION: CAN-1999-0945 FINAL (Final Decision 20010507) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:exchange-dos(1223)
|
||||
