|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-63 - 32 candidates
I have proposed cluster RECENT-63 for review and voting by the Editorial Board. The CVE voting web site will be updated early Friday afternoon. Name: RECENT-63 Description: Candidates announced between 1/22/2001 and 3/30/2001 Size: 32 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0560 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0560 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010210 vixie cron possible local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html Reference: AIX-APAR:IY17048 Reference: AIX-APAR:IY17261 Reference: MANDRAKE:MDKSA-2001:022 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3 Reference: REDHAT:RHSA-2001-014 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html Reference: XF:vixie-crontab-bo(6098) Reference: URL:http://xforce.iss.net/static/6098.php Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). Analysis ---------------- ED_PRI CAN-2001-0560 1 Vendor Acknowledgement: unknown There is a question as to whether or not this is exploitable. To create a name longer than 20 characters might require root privileges. However, many vendors have released security advisories, and it is possible that some non-root users could be assigned privileges or capabilities to add users. Other scenarios are discussed in the long thread on Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0606 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0606 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: HP:HPSBUX0102-139 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0041.html Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. Analysis ---------------- ED_PRI CAN-2001-0606 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0607 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0607 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: CF Reference: HP:HPSBUX0103-145 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0080.html asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program. Analysis ---------------- ED_PRI CAN-2001-0607 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0608 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0608 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: HP:HPSBMP0103-011 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0087.html HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. Analysis ---------------- ED_PRI CAN-2001-0608 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0589 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0589 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html Reference: BID:2523 Reference: URL:http://www.securityfocus.com/bid/2523 NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. Analysis ---------------- ED_PRI CAN-2001-0589 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0591 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0591 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html Reference: BID:2286 Reference: URL:http://www.securityfocus.com/bid/2286 Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. Analysis ---------------- ED_PRI CAN-2001-0591 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0631 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0631 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity" Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. Analysis ---------------- ED_PRI CAN-2001-0631 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0634 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0634 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: CF Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html Sun Chili!Soft ASP on multiple Unixes has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service. Analysis ---------------- ED_PRI CAN-2001-0634 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0357 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010310 CORRECTION to CODE: FormMail.pl can be used to send anonymous email Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98433523520344&w=2 Reference: XF:formmail-anonymous-flooding Reference: URL:http://xforce.iss.net/static/6242.php FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message paramaters. Analysis ---------------- ED_PRI CAN-2001-0357 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0394 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html Reference: XF:website-pro-remote-dos Reference: URL:http://xforce.iss.net/static/6295.php Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. Analysis ---------------- ED_PRI CAN-2001-0394 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0556 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...) Reference: URL:http://www.securityfocus.com/archive/1/180237 Reference: CONFIRM:http://www.nedit.org/archives/develop/2001-Feb/0391.html Reference: SUSE:SuSE-SA:2001:14 Reference: URL:http://www.suse.de/de/support/security/2001_014_nedit.txt Reference: MANDRAKE:MDKSA-2001:042 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3 Reference: DEBIAN:DSA-053 Reference: URL:http://www.debian.org/security/2001/dsa-053 Reference: REDHAT:RHSA-2001:061 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-061.html Reference: BID:2667 Reference: URL:http://www.securityfocus.com/bid/2667 The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file. Analysis ---------------- ED_PRI CAN-2001-0556 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0564 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0564 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. Analysis ---------------- ED_PRI CAN-2001-0564 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0568 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 Reference: MANDRAKE:MDKSA-2001:025 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3 Reference: DEBIAN:DSA-043 Reference: URL:http://www.debian.org/security/2001/dsa-043 Reference: REDHAT:RHSA-2001:021 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html Reference: CONECTIVA:CLA-2001:382 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. Analysis ---------------- ED_PRI CAN-2001-0568 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0569 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 Reference: MANDRAKE:MDKSA-2001:025 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3 Reference: DEBIAN:DSA-043 Reference: URL:http://www.debian.org/security/2001/dsa-043 Reference: REDHAT:RHSA-2001:021 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html Reference: CONECTIVA:CLA-2001:382 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. Analysis ---------------- ED_PRI CAN-2001-0569 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0571 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0571 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010323 Elron IM Products Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98538867727489&w=2 Reference: BUGTRAQ:20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98567864203963&w=2 Reference: BUGTRAQ:20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html Reference: BID:2519 Reference: URL:http://www.securityfocus.com/bid/2519 Reference: BID:2520 Reference: URL:http://www.securityfocus.com/bid/2520 Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. Analysis ---------------- ED_PRI CAN-2001-0571 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0572 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0572 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010318 Passive Analysis of SSH (Secure Shell) Traffic Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html Reference: CONECTIVA:CLA-2001:391 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391 Reference: REDHAT:RHSA-2001:033 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-033.html Reference: MANDRAKE:MDKSA-2001:033 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3 The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. Analysis ---------------- ED_PRI CAN-2001-0572 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0575 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0575 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpshut) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html Reference: XF:sco-openserver-lpshut-bo(6290) Reference: URL:http://xforce.iss.net/static/6290.php Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. Analysis ---------------- ED_PRI CAN-2001-0575 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Since lpshut, lpadmin, lpforms, and lpusers all appear in the same package in the same version, it is possible that the vulnerability is in a library, and CD:SF-LOC would suggest combining these into the same candidate; if they are fixed in the same version, then even if the problems don't appear in the same library, then CD:SF-LOC would suggest combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0576 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0576 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpusers) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html Reference: XF:sco-openserver-lpusers-bo(6292) Reference: URL:http://xforce.iss.net/static/6292.php lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. Analysis ---------------- ED_PRI CAN-2001-0576 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Since lpshut, lpadmin, lpforms, and lpusers all appear in the same package in the same version, it is possible that the vulnerability is in a library, and CD:SF-LOC would suggest combining these into the same candidate; if they are fixed in the same version, then even if the problems don't appear in the same library, then CD:SF-LOC would suggest combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0577 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0577 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (recon) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html Reference: XF:sco-openserver-recon-bo(6289) Reference: URL:http://xforce.iss.net/static/6289.php recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument. Analysis ---------------- ED_PRI CAN-2001-0577 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0578 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0578 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpforms) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html Reference: XF:sco-openserver-lpforms-bo(6293) Reference: URL:http://xforce.iss.net/static/6293.php Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command. Analysis ---------------- ED_PRI CAN-2001-0578 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Since lpshut, lpadmin, lpforms, and lpusers all appear in the same package in the same version, it is possible that the vulnerability is in a library, and CD:SF-LOC would suggest combining these into the same candidate; if they are fixed in the same version, then even if the problems don't appear in the same library, then CD:SF-LOC would suggest combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0579 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0579 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpadmin) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html Reference: XF:sco-openserver-lpadmin-bo(6291) Reference: URL:http://xforce.iss.net/static/6291.php lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command. Analysis ---------------- ED_PRI CAN-2001-0579 3 Vendor Acknowledgement: unknown Since lpshut, lpadmin, lpforms, and lpusers all appear in the same package in the same version, it is possible that the vulnerability is in a library, and CD:SF-LOC would suggest combining these into the same candidate; if they are fixed in the same version, then even if the problems don't appear in the same library, then CD:SF-LOC would suggest combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0583 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0583 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010315 def-2001-11: MDaemon 3.5.4 Dos-Device DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0188.html Reference: XF:mdaemon-webservices-dos(6240) Reference: URL:http://xforce.iss.net/static/6240.php Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. Analysis ---------------- ED_PRI CAN-2001-0583 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0584 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0584 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010325 MDaemon IMAP Denial Of Service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0365.html Reference: BID:2508 Reference: URL:http://www.securityfocus.com/bid/2508 Reference: XF:mdaemon-imap-command-dos(6279) Reference: URL:http://xforce.iss.net/static/6279.php IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. Analysis ---------------- ED_PRI CAN-2001-0584 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0585 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0585 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html Reference: BID:2494 Reference: URL:http://www.securityfocus.com/bid/2494 Reference: XF:ntmail-long-url-dos(6249) Reference: URL:http://xforce.iss.net/static/6249.php Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000. Analysis ---------------- ED_PRI CAN-2001-0585 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0586 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0586 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. Analysis ---------------- ED_PRI CAN-2001-0586 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0587 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0587 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (deliver) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html Reference: XF:sco-openserver-deliver-bo(6302) Reference: URL:http://xforce.iss.net/static/6302.php deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. Analysis ---------------- ED_PRI CAN-2001-0587 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0588 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0588 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (sendmail 8.9.3) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0417.html sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. Analysis ---------------- ED_PRI CAN-2001-0588 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0593 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0593 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010327 advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html Reference: BID:2512 Reference: URL:http://www.securityfocus.com/bid/2512 Reference: XF:anaconda-clipper-directory-traversal(6286) Reference: URL:http://xforce.iss.net/static/6286.php Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. Analysis ---------------- ED_PRI CAN-2001-0593 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0605 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0605 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010226 My Getright Unsupervised File Download Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98321819112158&w=2 Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data. Analysis ---------------- ED_PRI CAN-2001-0605 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0626 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0626 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html Reference: BID:2488 Reference: URL:http://www.securityfocus.com/bid/2488 O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. Analysis ---------------- ED_PRI CAN-2001-0626 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0632 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0632 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: CF Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. Analysis ---------------- ED_PRI CAN-2001-0632 3 Vendor Acknowledgement: yes followup Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0633 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0633 Final-Decision: Interim-Decision: Modified: Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. Analysis ---------------- ED_PRI CAN-2001-0633 3 Vendor Acknowledgement: yes followup Content Decisions: SF-CODEBASE A file named codebrws.asp was once shipped with IIS and SiteServer (CAN-1999-0739), and it sounds like it had a directory traversal problem based on related ASP files.a Is this the same codebrws.asp? If so, then CD:SF-CODEBASE says to combine this item with CAN-1999-0739. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
