|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LEGACY-MISC-1997 - 59 candidates
I am proposing cluster LEGACY-MISC-1997 for review and voting by the Editorial Board. Name: LEGACY-MISC-1997 Description: Legacy candidates announced in 1997 and earlier Size: 59 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1099 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2 Reference: XF:kerberos-user-grab(65) Reference: URL:http://xforce.iss.net/static/65.php Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string which inadvertently includes the realm name and the last user. Analysis ---------------- ED_PRI CAN-1999-1099 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1208 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2 Reference: BUGTRAQ:19970721 AIX ping (Exploit) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2 Reference: XF:ping-bo(803) Reference: URL:http://xforce.iss.net/static/803.php Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-1999-1208 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1263 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19971024 Vulnerability in metamail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2 Reference: XF:metamail-file-creation(1677) Reference: URL:http://xforce.iss.net/static/1677.php Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file. Analysis ---------------- ED_PRI CAN-1999-1263 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1326 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2 Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2 wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1326 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1402 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2 Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2 Reference: BID:456 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=456 The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. Analysis ---------------- ED_PRI CAN-1999-1402 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1022 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19941002 Reference: URL:http://www.securityfocus.com/archive/1/930 Reference: XF:sgi-serialports(2111) Reference: URL:http://xforce.iss.net/static/2111.php Reference: BID:464 Reference: URL:http://www.securityfocus.com/bid/464 serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program. Analysis ---------------- ED_PRI CAN-1999-1022 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1026 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961220 Solaris 2.5 x86 aspppd (semi-exploitable-hole) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420343&w=2 Reference: BID:292 Reference: URL:http://www.securityfocus.com/bid/292 aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file. Analysis ---------------- ED_PRI CAN-1999-1026 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1061 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19971004 HP Laserjet 4M Plus DirectJet Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2 Reference: XF:laserjet-unpassworded(1876) Reference: URL:http://xforce.iss.net/static/1876.php HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging. Analysis ---------------- ED_PRI CAN-1999-1061 3 Vendor Acknowledgement: Content Decisions: DESIGN, CF-PASS The initial posts seem to imply that the default configuration didn't use a password. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1062 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971004 HP Laserjet 4M Plus DirectJet Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2 Reference: XF:laserjet-unpassworded(1876) Reference: URL:http://xforce.iss.net/static/1876.php HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100. Analysis ---------------- ED_PRI CAN-1999-1062 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1067 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1067 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420919&w=2 Reference: XF:sgi-machineinfo SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. Analysis ---------------- ED_PRI CAN-1999-1067 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1068 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970723 DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419366&w=2 Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-1999-1068 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1069 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971108 Security bug in iCat Suite version 3.0 Reference: URL:http://www.securityfocus.com/archive/1/7943 Reference: BID:2126 Reference: URL:http://www.securityfocus.com/bid/2126 Reference: XF:icat-carbo-server-vuln(1620) Reference: URL:http://xforce.iss.net/static/1620.php Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. Analysis ---------------- ED_PRI CAN-1999-1069 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1081 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.w3.org/Security/Faq/wwwsf8.html#Q87 Reference: MISC:http://www.roxanne.org/faqs/www-secure/wwwsf4.html#Q35 Reference: XF:http-nov-files(2054) Reference: URL:http://xforce.iss.net/static/2054.php Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1081 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1091 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1091 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960903 [BUG] Vulnerability in TIN Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419835&w=2 Reference: BUGTRAQ:19960903 Re: BoS: [BUG] Vulnerability in TIN Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419839&w=2 Reference: BUGTRAQ:19970329 symlink bug in tin/rtin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420726&w=2 Reference: XF:tin-tmpfile(431) Reference: URL:http://xforce.iss.net/static/431.php UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack. Analysis ---------------- ED_PRI CAN-1999-1091 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1095 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971006 KSR[T] Advisory #3: updatedb / crontabs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87619953510834&w=2 Reference: BUGTRAQ:19980303 updatedb stuff Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88890116304676&w=2 Reference: BUGTRAQ:19980303 updatedb: sort patch Reference: BUGTRAQ:19980302 overwrite any file with updatedb Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88886870129518&w=2 sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. Analysis ---------------- ED_PRI CAN-1999-1095 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1125 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970919 Instresting practises of Oracle [Oracle Webserver] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019796&w=2 Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. Analysis ---------------- ED_PRI CAN-1999-1125 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1128 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/NT/ie3.html Reference: MISC:http://members.tripod.com/~unibyte/iebug3.htm Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user. Analysis ---------------- ED_PRI CAN-1999-1128 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1141 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970515 MicroSolved finds hole in Ascom Timeplex Router Security Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420981&w=2 Reference: XF:ascom-timeplex-debug(1824) Reference: URL:http://xforce.iss.net/static/1824.php Ascom Timeplex router allows remote attackers to obtain sensitive information or conduct unauthorized activities by entering debug mode through a sequence of CTRL-D characters. Analysis ---------------- ED_PRI CAN-1999-1141 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1165 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990721 old gnu finger bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93268249021561&w=2 Reference: BUGTRAQ:19950317 GNU finger 1.37 executes ~/.fingerrc with gid root Reference: URL:http://www.securityfocus.com/archive/1/2478 Reference: BID:535 Reference: URL:http://www.securityfocus.com/bid/535 GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. Analysis ---------------- ED_PRI CAN-1999-1165 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1182 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970717 KSR[T] Advisory #2: ld.so Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419318&w=2 Reference: BUGTRAQ:19970722 ld.so vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419351&w=2 Reference: BUGTRAQ:19980204 An old ld-linux.so hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88661732807795&w=2 Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. Analysis ---------------- ED_PRI CAN-1999-1182 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1184 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970513 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420967&w=2 Reference: BUGTRAQ:19970514 Re: ELM overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420970&w=2 Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable. Analysis ---------------- ED_PRI CAN-1999-1184 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1186 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960102 rxvt security hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418966&w=2 rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter. Analysis ---------------- ED_PRI CAN-1999-1186 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1187 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960826 [BUG] Vulnerability in PINE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419803&w=2 Reference: XF:pine-tmpfile(416) Reference: URL:http://xforce.iss.net/static/416.php Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. Analysis ---------------- ED_PRI CAN-1999-1187 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1210 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971112 Digital Unix Security Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87936891504885&w=2 Reference: XF:dec-xterm(613) Reference: URL:http://xforce.iss.net/static/613.php xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access. Analysis ---------------- ED_PRI CAN-1999-1210 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. Analysis ---------------- ED_PRI CAN-1999-1217 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1220 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970824 Vulnerability in Majordomo Reference: URL:http://www.securityfocus.com/archive/1/7527 Reference: XF:majordomo-advertise(502) Reference: URL:http://xforce.iss.net/static/502.php Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header. Analysis ---------------- ED_PRI CAN-1999-1220 3 Vendor Acknowledgement: This appears to be different than CVE-1999-0207, whose description does not match its references. CVE-1999-0207 needs to be RECAST or deprecated or something. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1221 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961117 Digital Unix v3.x (v4.x?) security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420141&w=2 Reference: XF:dgux-chpwd(399) Reference: URL:http://xforce.iss.net/static/399.php dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file. Analysis ---------------- ED_PRI CAN-1999-1221 3 Vendor Acknowledgement: unknown followup claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1224 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971008 L0pht Advisory: IMAP4rev1 imapd server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87635124302928&w=2 Reference: XF:imapd-core(349) Reference: URL:http://xforce.iss.net/static/349.php IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. Analysis ---------------- ED_PRI CAN-1999-1224 3 Vendor Acknowledgement: Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1225 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970824 Serious security flaw in rpc.mountd on several operating systems. Reference: URL:http://www.securityfocus.com/archive/1/7526 Reference: XF:mountd-file-exists(347) Reference: URL:http://xforce.iss.net/static/347.php rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. Analysis ---------------- ED_PRI CAN-1999-1225 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1230 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971224 Quake II Remote Denial of Service Reference: URL:http://www.securityfocus.com/archive/1/8282 Reference: XF:quake2-dos(698) Reference: URL:http://xforce.iss.net/static/698.php Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself. Analysis ---------------- ED_PRI CAN-1999-1230 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1232 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970516 Irix and WWW Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420994&w=2 Reference: XF:sgi-day5datacopier(3316) Reference: URL:http://xforce.iss.net/static/3316.php day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable to find the "cp" program, which allows local users to execute arbitrary commands by modifying the PATH to point to a Trojan horse cp program. Analysis ---------------- ED_PRI CAN-1999-1232 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1240 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19961126 Major Security Vulnerabilities in Remote CD Databases Reference: URL:http://www.securityfocus.com/archive/1/5784 Reference: XF:cddbd-bo(2203) Reference: URL:http://xforce.iss.net/static/2203.php Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. Analysis ---------------- ED_PRI CAN-1999-1240 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1250 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970819 Lasso CGI security hole (fwd) Reference: URL:http://www.securityfocus.com/archive/1/7506 Reference: XF:http-cgi-lasso(2044) Reference: URL:http://xforce.iss.net/static/2044.php Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1250 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1257 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971126 Xyplex terminal server bug Reference: URL:http://www.securityfocus.com/archive/1/8134 Reference: XF:xyplex-controlz-login(1825) Reference: URL:http://xforce.iss.net/static/1825.php Reference: XF:xyplex-question-login(1826) Reference: URL:http://xforce.iss.net/static/1826.php Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark). Analysis ---------------- ED_PRI CAN-1999-1257 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1266 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970613 rshd gives away usernames Reference: URL:http://www.securityfocus.com/archive/1/6978 Reference: XF:rsh-username-leaks(1660) Reference: URL:http://xforce.iss.net/static/1660.php rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system. Analysis ---------------- ED_PRI CAN-1999-1266 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1267 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970505 Hole in the KDE desktop Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420906&w=2 Reference: XF:kde-flawed-ipc(1646) Reference: URL:http://xforce.iss.net/static/1646.php KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. Analysis ---------------- ED_PRI CAN-1999-1267 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1274 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19971229 iPass RoamServer 3.1 Reference: URL:http://www.securityfocus.com/archive/1/8307 Reference: XF:ipass-temporary-files(1625) Reference: URL:http://xforce.iss.net/static/1625.php iPass RoamServer 3.1 creates temporary files with world-writable permissions. Analysis ---------------- ED_PRI CAN-1999-1274 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1275 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970908 Password unsecurity in cc:Mail release 8 Reference: URL:http://www.securityfocus.com/archive/1/9478 Reference: XF:lotus-ccmail-passwords(1619) Reference: URL:http://xforce.iss.net/static/1619.php Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1275 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1286 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1286 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970509 Re: Irix: misc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2 Reference: XF:irix-addnetpr(1433) Reference: URL:http://xforce.iss.net/static/1433.php addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-1999-1286 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1296 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19970429 vulnerabilities in kerberos Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420878&w=2 Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable. Analysis ---------------- ED_PRI CAN-1999-1296 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1299 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970203 Linux rcp bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420509&w=2 rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1 by chown and other system calls, which causes the calls to fail to modify the ownership of the file. Analysis ---------------- ED_PRI CAN-1999-1299 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1380 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0. Analysis ---------------- ED_PRI CAN-1999-1380 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1383 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1383 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960913 tee see shell problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419868&w=2 Reference: BUGTRAQ:19960919 Vulnerability in expansion of PS1 in bash & tcsh Reference: URL:http://www.dataguard.no/bugtraq/1996_3/0503.html (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. Analysis ---------------- ED_PRI CAN-1999-1383 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE It seems likely that tcsh and bash share a common codebase, thus CD:SF-CODEBASE would suggest combining them into a single entry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1387 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970402 Fatal bug in NT 4.0 server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420731&w=2 Reference: BUGTRAQ:19970403 Fatal bug in NT 4.0 server (more comments) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420732&w=2 Reference: BUGTRAQ:19970407 DUMP of NT system crash Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420741&w=2 Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25. Analysis ---------------- ED_PRI CAN-1999-1387 3 Vendor Acknowledgement: It is possible that the crash has nothing to do with the SMB implementation. For example, it could be that lower-level malformed packets are being generated by the unusual smbmount client which are triggering some TCP/IP level bug in WinNT 4.0 SP2. This is important in that this CAN could be describing a symptom of a problem that already has a CAN or CVE associated with it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1388 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19940513 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Reference: URL:http://www2.dataguard.no/bugtraq/1994_2/0197.html Reference: BUGTRAQ:19940514 [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX Reference: URL:http://www2.dataguard.no/bugtraq/1994_2/0207.html Reference: BUGTRAQ:19941218 Sun Patch Id #102060-01 Reference: URL:http://www.dataguard.no/bugtraq/1994_4/0755.html passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. Analysis ---------------- ED_PRI CAN-1999-1388 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1398 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970507 Irix: misc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420921&w=2 Reference: MISC:http://www.insecure.org/sploits/irix.xfsdump.html Reference: BID:472 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=472 Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. Analysis ---------------- ED_PRI CAN-1999-1398 3 Vendor Acknowledgement: The original poster suggests that there may be a problem, but provides no details. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1399 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1399 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970820 SpaceWare 7.3 v1.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719552&w=2 Reference: BID:471 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=471 spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. Analysis ---------------- ED_PRI CAN-1999-1399 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1408 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1408 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970305 Bug in connect() for aix 4.1.4 ? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420641&w=2 Reference: BID:352 Reference: URL:http://www.securityfocus.com/bid/352 Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost. Analysis ---------------- ED_PRI CAN-1999-1408 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1410 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1410 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970509 Re: Irix: misc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2 Reference: MISC:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX Reference: BID:330 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=330 addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. Analysis ---------------- ED_PRI CAN-1999-1410 3 Vendor Acknowledgement: unknown vague advisory SGI:19961203-02-PX may solve this problem, but the advisory is so vague that it is uncertain whether this was fixed or not. addnetpr is not specifically named in the advisory, which names netprint, which is not specified in the original Bugtraq post. In addition, the date on the advisory is one day earlier than that of the Bugtraq post, though that could be a difference in time zones. It seems plausible that the problem had already been patched (the researcher did say "There *was* [a] race condition") so maybe SGI released this advisory after the problem was publicized. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1413 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1413 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960803 Exploiting Zolaris 2.4 ?? :) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419549&w=2 Reference: BID:296 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=296 Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. Analysis ---------------- ED_PRI CAN-1999-1413 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1446 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1446 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970805 Re: Strange behavior regarding directory Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719654&w=2 Reference: NTBUGTRAQ:19970806 Re: Strange behavior regarding directory Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719655&w=2 Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays. Analysis ---------------- ED_PRI CAN-1999-1446 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1449 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1449 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970519 /dev/tcx0 crashes SunOS 4.1.4 on Sparc 20's Reference: URL:http://oamk.fi/~jukkao/bugtraq/before-971202/0498.html Reference: MISC:http://www.insecure.org/sploits/sunos.dev.tcx0.write.wierd.shit.to.device.bug.html SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. Analysis ---------------- ED_PRI CAN-1999-1449 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1463 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1463 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970710 A New Fragmentation Attack Reference: URL:http://www.securityfocus.com/archive/1/7219 Reference: XF:nt-frag(528) Reference: URL:http://xforce.iss.net/static/528.php Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. Analysis ---------------- ED_PRI CAN-1999-1463 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1483 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1483 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970619 svgalib/zgv Reference: URL:http://www.securityfocus.com/archive/1/7041 Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable. Analysis ---------------- ED_PRI CAN-1999-1483 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1489 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1489 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970304 Linux SuperProbe exploit Reference: URL:http://www.securityfocus.com/archive/1/6384 Reference: BID:364 Reference: URL:http://www.securityfocus.com/bid/364 Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument. Analysis ---------------- ED_PRI CAN-1999-1489 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1491 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1491 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19960202 abuse Red Hat 2.1 security hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418994&w=2 Reference: BID:354 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=354 abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. Analysis ---------------- ED_PRI CAN-1999-1491 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1525 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1525 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19970314 Shockwave Security Alert Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420670&w=2 Reference: XF:shockwave-internal-access(1585) Reference: URL:http://xforce.iss.net/static/1585.php Reference: XF:shockwave-file-read-vuln(1586) Reference: URL:http://xforce.iss.net/static/1586.php Reference: XF:http-ns-shockwave(460) Reference: URL:http://xforce.iss.net/static/460.php Macromedia Shockwave before 6.0 allows a malicious webmaster to read a user's mail box and possibly access internal web servers via the GetNextText command on a Shockwave movie. Analysis ---------------- ED_PRI CAN-1999-1525 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: The exploit includes creating a URL to the file or a CGI script plus its arguments. Although a versatile exploit, it appears to stem from the same fundamental security issue, i.e. GetNextText. For a discussion of the problem see: http://www.webcomics.com/shockwave --Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1526 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1526 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990311 [Fwd: Shockwave 7 Security Hole] Reference: URL:http://www.securityfocus.com/archive/1/12842 Reference: XF:shockwave-updater(1931) Reference: URL:http://xforce.iss.net/static/1931.php Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia. Analysis ---------------- ED_PRI CAN-1999-1526 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1552 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19940720 xnews and XDM Reference: URL:xnews and XDM Reference: BID:358 Reference: URL:http://www.securityfocus.com/bid/358 dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges. Analysis ---------------- ED_PRI CAN-1999-1552 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
