|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LEGACY-MISC-1998-B - 54 candidates
I am proposing cluster LEGACY-MISC-1998-B for review and voting by the Editorial Board. Name: LEGACY-MISC-1998-B Description: Legacy candidates announced between 7/3/1998 and 12/29/1998 Size: 54 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1147 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2 Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Reference: XF:pcm-dos-execute(1430) Reference: URL:http://xforce.iss.net/static/1430.php Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe. Analysis ---------------- ED_PRI CAN-1999-1147 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1159 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2 Reference: XF:ssh-privileged-port-forward(1471) Reference: URL:http://xforce.iss.net/static/1471.php SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root. Analysis ---------------- ED_PRI CAN-1999-1159 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1188 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2 Reference: XF:mysql-readable-log-files(1568) Reference: URL:http://xforce.iss.net/static/1568.php mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. Analysis ---------------- ED_PRI CAN-1999-1188 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. Analysis ---------------- ED_PRI CAN-1999-1199 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1265 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980922 Re: WARNING! SMTP Denial of Service in SLmail ver 3.1 Reference: BUGTRAQ:19980922 WARNING! SMTP Denial of Service in SLmail ver 3.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90649892424117&w=2 Reference: NTBUGTRAQ:19980922 WARNING! SMTP Denial of Service in SLmail ver 3.1 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90650438826447&w=2 Reference: XF:slmail-parens-overload(1664) Reference: URL:http://xforce.iss.net/static/1664.php SMTP server in SLmail 3.1 and earlier allows remote attackers to cause a denial of service via malformed commands whose arguments begin with a "(" (parenthesis) character, such as (1) SEND, (2) VRFY, (3) EXPN, (4) MAIL FROM, (5) RCPT TO. Analysis ---------------- ED_PRI CAN-1999-1265 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1292 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: ISS:19980901 Remote Buffer Overflow in the Kolban Webcam32 Program Reference: URL:http://xforce.iss.net/alerts/advise7.php Reference: XF:webcam32-buffer-overflow(1366) Reference: URL:http://xforce.iss.net/static/1366.php Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL. Analysis ---------------- ED_PRI CAN-1999-1292 2 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1321 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814 Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. Analysis ---------------- ED_PRI CAN-1999-1321 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1432 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1432 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2 Reference: BID:160 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=160 Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. Analysis ---------------- ED_PRI CAN-1999-1432 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1433 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1433 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980715 JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2 Reference: BUGTRAQ:19980722 Re: JetAdmin software Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2 Reference: BID:157 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=157 HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file. Analysis ---------------- ED_PRI CAN-1999-1433 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1437 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1437 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2 Reference: BUGTRAQ:19980710 ePerl Security Update Available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2 Reference: BID:151 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=151 ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml. Analysis ---------------- ED_PRI CAN-1999-1437 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1447 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1447 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980728 Object tag crashes Internet Explorer 4.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526169&w=2 Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag. Analysis ---------------- ED_PRI CAN-1999-1447 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1020 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19980918 NMRC Advisory - Default NDS Rights Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90613355902262&w=2 Reference: BID:484 Reference: URL:http://www.securityfocus.com/bid/484 Reference: XF:novell-nds(1364) Reference: URL:http://xforce.iss.net/static/1364.php The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. Analysis ---------------- ED_PRI CAN-1999-1020 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1054 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19980925 Globetrotter FlexLM 'lmdown' bogosity Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90675672323825&w=2 The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. Analysis ---------------- ED_PRI CAN-1999-1054 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1070 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980725 Annex DoS Reference: URL:http://www.securityfocus.com/archive/1/10021 Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. Analysis ---------------- ED_PRI CAN-1999-1070 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1071 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2 Reference: XF:excite-world-write(1417) Reference: URL:http://xforce.iss.net/static/1417.php Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. Analysis ---------------- ED_PRI CAN-1999-1071 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1072 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2 Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. Analysis ---------------- ED_PRI CAN-1999-1072 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1073 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981130 Security bugs in Excite for Web Servers 1.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2 Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. Analysis ---------------- ED_PRI CAN-1999-1073 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1107 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-kppp-path-bo(1650) Reference: URL:http://xforce.iss.net/static/1650.php Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. Analysis ---------------- ED_PRI CAN-1999-1107 3 Vendor Acknowledgement: Content Decisions: SF-LOC The kppp/long PATH and kppp/-c parameter may need to be merged per CD:SF-LOC, but they were discovered 6 months apart, and may have been patched in the interim. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1108 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2 Reference: XF:kde-kppp-path-bo(1650) Reference: URL:http://xforce.iss.net/static/1650.php Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. Analysis ---------------- ED_PRI CAN-1999-1108 3 Vendor Acknowledgement: Content Decisions: SF-LOC The kppp/long PATH and kppp/-c parameter may need to be merged per CD:SF-LOC, but they were discovered 6 months apart, and may have been patched in the interim. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1124 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://packetstorm.securify.com/mag/phrack/phrack54/P54-08 HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. Analysis ---------------- ED_PRI CAN-1999-1124 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1149 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980716 S.A.F.E.R. Security Bulletin 980708.DOS.1.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525993&w=2 Reference: XF:csm-proxy-dos(1422) Reference: URL:http://xforce.iss.net/static/1422.php Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port. Analysis ---------------- ED_PRI CAN-1999-1149 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1153 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/11175 Reference: XF:cgi-perl-mail-programs(1400) Reference: URL:http://xforce.iss.net/static/1400.php HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. Analysis ---------------- ED_PRI CAN-1999-1153 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1154 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/11175 Reference: MISC:http://lakeweb.com/scripts/ Reference: XF:cgi-perl-mail-programs(1400) Reference: URL:http://xforce.iss.net/static/1400.php LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. Analysis ---------------- ED_PRI CAN-1999-1154 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1155 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981109 Several new CGI vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/11175 Reference: MISC:http://lakeweb.com/scripts/ Reference: XF:cgi-perl-mail-programs(1400) Reference: URL:http://xforce.iss.net/static/1400.php LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. Analysis ---------------- ED_PRI CAN-1999-1155 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1173 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981218 wordperfect 8 for linux security Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91404045014047&w=2 Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack. Analysis ---------------- ED_PRI CAN-1999-1173 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1174 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.counterpane.com/crypto-gram-9812.html#doghouse ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk. Analysis ---------------- ED_PRI CAN-1999-1174 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1200 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19980720 DOS in Vintra systems Mailserver software. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131610&w=2 Reference: XF:vintra-mail-dos(1617) Reference: URL:http://xforce.iss.net/static/1617.php Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command. Analysis ---------------- ED_PRI CAN-1999-1200 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1202 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1202 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980703 Windows95 Proxy DoS Vulnerabilites Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525873&w=2 Reference: XF:startech-pop3-overflow(2088) Reference: URL:http://xforce.iss.net/static/2088.php StarTech (1) POP3 proxy server and (2) telnet server allows remote attackers to cause a denial of service via a long USER command. Analysis ---------------- ED_PRI CAN-1999-1202 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1228 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1228 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980927 1+2=3, +++ATH0=Old school DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90695973308453&w=2 Reference: MISC:http://www.macintouch.com/modemsecurity.html Reference: XF:global-village-modem-dos(3320) Reference: URL:http://xforce.iss.net/static/3320.php Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH, ATH0, etc., via a "+++" sequence that appears in ICMP packets, the subject of an e-mail message, IRC commands, and others. Analysis ---------------- ED_PRI CAN-1999-1228 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1270 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://lists.kde.org/?l=kde-devel&m=90221974029738&w=2 Reference: XF:kde-kmail-passphrase-leak(1639) Reference: URL:http://xforce.iss.net/static/1639.php KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. Analysis ---------------- ED_PRI CAN-1999-1270 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1277 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19981224 BackWeb - Password issue (used by NAI for Corporate customer notification). Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91487886514546&w=2 Reference: XF:backweb-cleartext-passwords(1565) Reference: URL:http://xforce.iss.net/static/1565.php BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password. Analysis ---------------- ED_PRI CAN-1999-1277 3 Vendor Acknowledgement: A followup indicates thata nother person was not able to replicate the problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1278 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981225 Re: Nlog v1.0 Released - Nmap 2.x log management / analyzing tool Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91470326629357&w=2 Reference: BUGTRAQ:19981226 Nlog 1.1b released - security holes fixed Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91471400632145&w=2 Reference: XF:http-cgi-nlog-netbios(1550) Reference: URL:http://xforce.iss.net/static/1550.php Reference: XF:http-cgi-nlog-metachars(1549) nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl. Analysis ---------------- ED_PRI CAN-1999-1278 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC, SF-LOC The notes for version 1.1 say "Fixed all the IP checking routines by calling checkip()," but a followup poster described an incomplete cleansing operation that didn't filter out ";" characters; if that code appeared in checkip() and checkip() was newly created for version 1.1, then one could argue that 1.1 contained an incompletely fixed bug, so the problem fixed in 1.1b was really the same as in 1.1. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1280 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1280 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981203 Remote Tools w/Exceed v.6.0.1.0 fer 95 Reference: URL:http://www.securityfocus.com/archive/1/11512 Reference: XF:exceed-cleartext-passwords(1547) Reference: URL:http://xforce.iss.net/static/1547.php Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. Analysis ---------------- ED_PRI CAN-1999-1280 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1281 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1281 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981226 Breeze Network Server remote reboot and other bogosity. Reference: URL:http://www.securityfocus.com/archive/1/11720 Reference: XF:breeze-remote-reboot(1544) Reference: URL:http://xforce.iss.net/static/1544.php Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program. Analysis ---------------- ED_PRI CAN-1999-1281 3 Vendor Acknowledgement: Content Decisions: EX-BETA A followup by the vendor indicates that the affected version of the product was done under a limited release within the development and testing cycle. As such, it was effectively a beta product that did not reach wide distribution. Thus CD:EX-BETA says that this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1282 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981210 RealSystem passwords Reference: URL:http://www.securityfocus.com/archive/1/11543 Reference: XF:realsystem-readable-conf-file(1542) Reference: URL:http://xforce.iss.net/static/1542.php RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1282 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1283 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980814 URL exploit to crash Opera Browser Reference: URL:http://www.securityfocus.com/archive/1/10320 Reference: XF:opera-slash-crash(1541) Reference: URL:http://xforce.iss.net/static/1541.php Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag. Analysis ---------------- ED_PRI CAN-1999-1283 3 Vendor Acknowledgement: Content Decisions: EX-CLIENT-DOS CD:EX-CLIENT-DOS states that a denial-of-service problem that only extends to the client itself, which requires a passive attack, should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1284 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981105 various *lame* DoS attacks Reference: URL:http://www.securityfocus.com/archive/1/11131 Reference: XF:nukenabber-timeout-dos(1540) Reference: URL:http://xforce.iss.net/static/1540.php NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection. Analysis ---------------- ED_PRI CAN-1999-1284 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1285 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981227 [patch] fix for urandom read(2) not interruptible Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91495921611500&w=2 Reference: XF:linux-random-read-dos(1472) Reference: URL:http://xforce.iss.net/static/1472.php Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed. Analysis ---------------- ED_PRI CAN-1999-1285 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1289 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981111 WARNING: Another ICQ IP address vulnerability Reference: URL:http://www.securityfocus.com/archive/1/11233 Reference: XF:icq-ip-info(1398) Reference: URL:http://xforce.iss.net/static/1398.php ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. Analysis ---------------- ED_PRI CAN-1999-1289 3 Vendor Acknowledgement: Content Decisions: EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1291 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981005 New Windows Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/10789 Reference: XF:nt-brkill(1383) Reference: URL:http://xforce.iss.net/static/1383.php TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. Analysis ---------------- ED_PRI CAN-1999-1291 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1322 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19981112 exchverify.log Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91096758513985&w=2 Reference: NTBUGTRAQ:19981117 Re: exchverify.log - update #1 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91133714919229&w=2 Reference: NTBUGTRAQ:19981125 Re: exchverify.log - update #2 Reference: NTBUGTRAQ:19981216 Arcserve Exchange Client security issue being fixed Reference: NTBUGTRAQ:19990305 Cheyenne InocuLAN for Exchange plain text password still there Reference: NTBUGTRAQ:19990426 ArcServe Exchange Client Security Issue still unresolved The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. Analysis ---------------- ED_PRI CAN-1999-1322 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1381 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981008 buffer overflow in dbadmin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90786656409618&w=2 Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-1999-1381 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1403 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981002 Several potential security problems in IBM/Tivoli OPC Tracker Age nt Reference: URL:http://www.securityfocus.com/archive/1/10771 Reference: BID:382 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=382 IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. Analysis ---------------- ED_PRI CAN-1999-1403 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1404 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1404 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19981002 Several potential security problems in IBM/Tivoli OPC Tracker Age nt Reference: URL:http://www.securityfocus.com/archive/1/10771 Reference: BID:382 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=382 IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly. Analysis ---------------- ED_PRI CAN-1999-1404 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1406 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980729 Crash a redhat 5.1 linux box Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526185&w=2 Reference: BUGTRAQ:19980730 FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526192&w=2 Reference: BID:372 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=372 dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. Analysis ---------------- ED_PRI CAN-1999-1406 3 Vendor Acknowledgement: OpenBSD solved the general risk of setuid/setgid programs mis-handling file descriptors; see MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch This is a specific instance. Which one is "correct" and should be in CVE? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1416 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1416 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980823 Solaris ab2 web server is junk Reference: URL:http://www.securityfocus.com/archive/1/10383 Reference: BID:253 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=253 AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. Analysis ---------------- ED_PRI CAN-1999-1416 3 Vendor Acknowledgement: It is uncertain from the post whether the MIME content-length header merely has to have a large number in it, or if the POST must actually send a large amount of data. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1417 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1417 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980823 Solaris ab2 web server is junk Reference: URL:http://www.securityfocus.com/archive/1/10383 Reference: BID:253 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=253 Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged. Analysis ---------------- ED_PRI CAN-1999-1417 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1420 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1420 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980720 N-Base Vulnerability Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2 Reference: BUGTRAQ:19980722 N-Base Vulnerability Advisory Followup Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2 Reference: BID:212 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=212 NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration. Analysis ---------------- ED_PRI CAN-1999-1420 3 Vendor Acknowledgement: yes followup Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1421 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1421 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19980720 N-Base Vulnerability Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2 Reference: BUGTRAQ:19980722 N-Base Vulnerability Advisory Followup Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2 Reference: BID:212 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=212 NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names. Analysis ---------------- ED_PRI CAN-1999-1421 3 Vendor Acknowledgement: yes followup Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1434 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1434 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980713 Slackware Shadow Insecurity Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525951&w=2 Reference: BID:155 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=155 login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server. Analysis ---------------- ED_PRI CAN-1999-1434 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1435 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1435 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980710 socks5 1.0r5 buffer overflow.. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525933&w=2 Reference: BID:154 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=154 Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables. Analysis ---------------- ED_PRI CAN-1999-1435 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1436 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1436 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980708 WWW Authorization Gateway Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525905&w=2 Reference: BID:152 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=152 Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. Analysis ---------------- ED_PRI CAN-1999-1436 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1448 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1448 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980729 Eudora exploit (was Microsoft Security Bulletin (MS98-008)) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526168&w=2 Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault. Analysis ---------------- ED_PRI CAN-1999-1448 3 Vendor Acknowledgement: While the bulk of this problem is related to a client-side DoS, in some cases the mailbox is corrupted. This problem is therefore beyond the scope of CD:EX-CLIENT-DOS, which only covers DoS problems that can be fixed with a restart of the application. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1459 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1459 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: ISS:19981102 BMC PATROL File Creation Vulnerability Reference: URL:http://xforce.iss.net/alerts/advise10.php Reference: XF:bmc-patrol-file-create(1388) Reference: URL:http://xforce.iss.net/static/1388.php Reference: BID:534 Reference: URL:http://www.securityfocus.com/bid/534 BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-1999-1459 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
