|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LEGACY-MISC-1999-B - 67 candidates
I am proposing cluster LEGACY-MISC-1999-B for review and voting by the Editorial Board. Name: LEGACY-MISC-1999-B Description: Legacy candidates announced between 5/1/1999 and 8/31/1999 Size: 67 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1019 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2 Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2 Reference: BID:495 Reference: URL:http://www.securityfocus.com/bid/495 SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. Analysis ---------------- ED_PRI CAN-1999-1019 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1156 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1156 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698 Reference: XF:bisonware-port-crash(2254) Reference: URL:http://xforce.iss.net/static/2254.php BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns. Analysis ---------------- ED_PRI CAN-1999-1156 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1336 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1336 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2 Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=2 3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port. Analysis ---------------- ED_PRI CAN-1999-1336 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1337 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1337 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2 FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1337 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1354 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1354 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990830 SoftArc's FirstClass E-mail Client Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637687305327&w=2 Reference: NTBUGTRAQ:19990909 SoftArc's FirstClass E-mail Client Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93698283309513&w=2 E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or (3) FCCLIENT.LOG when logging is enabled. Analysis ---------------- ED_PRI CAN-1999-1354 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1414 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1414 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2 Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2 Reference: BID:284 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=284 IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. Analysis ---------------- ED_PRI CAN-1999-1414 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1478 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1478 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2 Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2 Reference: BID:522 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=522 Reference: XF:sun-hotspot-vm(2348) Reference: URL:http://xforce.iss.net/static/2348.php The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. Analysis ---------------- ED_PRI CAN-1999-1478 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1490 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2 Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2 Reference: BID:362 Reference: URL:http://www.securityfocus.com/bid/362 xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. Analysis ---------------- ED_PRI CAN-1999-1490 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1535 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1535 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2 Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2 Reference: BID:592 Reference: URL:http://www.securityfocus.com/bid/592 Reference: XF:http-aspupload-bo(3291) Reference: URL:http://xforce.iss.net/static/3291.php Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request. Analysis ---------------- ED_PRI CAN-1999-1535 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1560 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1560 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990720 tiger vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93252050203589&w=2 Reference: XF:tiger-script-execute(2369) Reference: URL:http://xforce.iss.net/static/2369.php Vulnerability in a script in Texas A&M University (TAMU) Tiger allows local users to execute arbitrary commands as the Tiger user, usually root. Analysis ---------------- ED_PRI CAN-1999-1560 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1565 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch Reference: URL:http://www.securityfocus.com/archive/1/24784 Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-1999-1565 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1012 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19990504 AS/400 Reference: URL:http://www.securityfocus.com/archive/1/13527 Reference: BID:173 Reference: URL:http://www.securityfocus.com/bid/173 SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. Analysis ---------------- ED_PRI CAN-1999-1012 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1016 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990827 HTML code to crash IE5 and Outlook Express 5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93578772920970&w=2 Reference: BID:606 Reference: URL:http://www.securityfocus.com/bid/606 Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell Analysis ---------------- ED_PRI CAN-1999-1016 3 Vendor Acknowledgement: Content Decisions: EX-CLIENT-DOS, SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1017 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990728 Seattle Labs EMURL Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93316253431588&w=2 Reference: BID:544 Reference: URL:http://www.securityfocus.com/bid/544 Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. Analysis ---------------- ED_PRI CAN-1999-1017 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1018 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990727 Linux 2.2.10 ipchains Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93312523904591&w=2 Reference: BID:543 Reference: URL:http://www.securityfocus.com/bid/543 IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. Analysis ---------------- ED_PRI CAN-1999-1018 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1023 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990610 Sun Useradd program expiration date bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92904175406756&w=2 Reference: BID:426 Reference: URL:http://www.securityfocus.com/bid/426 useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired. Analysis ---------------- ED_PRI CAN-1999-1023 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1024 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19990616 tcpdump 3.4 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92955903802773&w=2 Reference: BUGTRAQ:19990617 Re: tcpdump 3.4 bug? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92963447601748&w=2 Reference: BUGTRAQ:19990620 Re: tcpdump 3.4 bug? (final) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92989907627051&w=2 Reference: BID:313 Reference: URL:http://www.securityfocus.com/bid/313 ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. Analysis ---------------- ED_PRI CAN-1999-1024 3 Vendor Acknowledgement: Content Decisions: SF-LOC CAN-2000-0333 and this candidate appear to be two different bugs in different places in tcpdump. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1028 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2 Reference: BID:288 Reference: URL:http://www.securityfocus.com/bid/288 Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631. Analysis ---------------- ED_PRI CAN-1999-1028 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1029 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990513 - J.J.F. / Hackers Team warns for SSHD 2.x brute force password hacking Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004280&w=2 Reference: BID:277 Reference: URL:http://www.securityfocus.com/bid/277 Reference: XF:ssh2-bruteforce(2193) Reference: URL:http://xforce.iss.net/static/2193.php SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs. Analysis ---------------- ED_PRI CAN-1999-1029 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1030 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2 Reference: NTBUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2 Reference: BID:267 Reference: URL:http://www.securityfocus.com/bid/267 counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. Analysis ---------------- ED_PRI CAN-1999-1030 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: It is possible that the %0A and "long string" DoSes are both related to a single problem (perhaps they both produce a malformed log file, which counter.exe can't process?) However, the nature of the exploits seem to indicate different underlying problems, thus CD:SF-LOC suggests separating them into separate entries. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1031 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2 Reference: NTBUGTRAQ:19990519 Denial of Service in Counter.exe version 2.70 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2 Reference: BID:267 Reference: URL:http://www.securityfocus.com/bid/267 counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument. Analysis ---------------- ED_PRI CAN-1999-1031 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: It is possible that the %0A and "long string" DoSes are both related to a single problem (perhaps they both produce a malformed log file, which counter.exe can't process?) However, the nature of the exploits seem to indicate different underlying problems, thus CD:SF-LOC suggests separating them into separate entries. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1033 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990511 Outlook Express Win98 bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407427342&w=2 Reference: BUGTRAQ:19990512 Outlook Express Win98 bug, addition. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004275&w=2 Reference: BID:252 Reference: URL:http://www.securityfocus.com/bid/252 Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang. Analysis ---------------- ED_PRI CAN-1999-1033 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1052 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19990824 Front Page form_results Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93582550911564&w=2 Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. Analysis ---------------- ED_PRI CAN-1999-1052 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1063 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990601 whois_raw.cgi problem Reference: URL:http://www.securityfocus.com/archive/1/14019 Reference: BID:304 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=304 Reference: XF:http-cgi-cdomain(2251) Reference: URL:http://xforce.iss.net/static/2251.php CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter. Analysis ---------------- ED_PRI CAN-1999-1063 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1064 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990822 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93555317429630&w=2 Reference: BUGTRAQ:19990824 Re: WindowMaker bugs (was sub:none ) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93582070508957&w=2 Reference: BID:596 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=596 Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]). Analysis ---------------- ED_PRI CAN-1999-1064 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1078 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990729 WS_FTP Pro 6.0 Weak Password Encryption Vulnerability Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P Reference: BID:547 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=547 WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. Analysis ---------------- ED_PRI CAN-1999-1078 3 Vendor Acknowledgement: The disclosers refer to a Bugtraq post from 1997 which they say is an earlier version of a decryption program, but is it really the same algorithm and program that's affected? BUGTRAQ:19970811 Program To decrypt password in ws_ftp.ini Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1080 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2 Reference: BUGTRAQ:19991011 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2 Reference: BID:250 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=250 rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. Analysis ---------------- ED_PRI CAN-1999-1080 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1086 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990715 NMRC Advisory: Netware 5 Client Hijacking Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93214475111651&w=2 Reference: BID:528 Reference: URL:http://www.securityfocus.com/bid/528 Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC fragmented packets that make NetWare Core Protocol (NCP) calls. Analysis ---------------- ED_PRI CAN-1999-1086 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1097 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990504 Microsoft Netmeeting Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92586457816446&w=2 Reference: XF:netmeeting-clipboard(2187) Reference: URL:http://xforce.iss.net/static/2187.php Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. Analysis ---------------- ED_PRI CAN-1999-1097 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1130 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990730 Netscape Enterprise Server yeilds source of JHTML Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93346448121208&w=2 Reference: NTBUGTRAQ:19990730 Netscape Enterprise Server yeilds source of JHTML Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93337389603117&w=2 Reference: BID:559 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=559 Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file. Analysis ---------------- ED_PRI CAN-1999-1130 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1164 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990625 Outlook denial of service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93041631215856&w=2 Microsoft Outlook client allows remote attackers to cause a denial of service by sending multiple email messages with the same X-UIDL headers, which causes Outlook to hang. Analysis ---------------- ED_PRI CAN-1999-1164 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1166 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990711 Linux 2.0.37 segment limit bug Reference: URL:http://www.securityfocus.com/archive/1/18156 Reference: BID:523 Reference: URL:http://www.securityfocus.com/bid/523 Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. Analysis ---------------- ED_PRI CAN-1999-1166 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1195 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990505 NAI AntiVirus Update Problem Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92587579032534&w=2 Reference: BUGTRAQ:19990505 NAI AntiVirus Update Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92588169005196&w=2 Reference: BID:169 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=169 NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly. Analysis ---------------- ED_PRI CAN-1999-1195 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1227 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html Reference: MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html Reference: XF:ethereal-dev-capturec-root(3334) Reference: URL:http://xforce.iss.net/static/3334.php Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. Analysis ---------------- ED_PRI CAN-1999-1227 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1231 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990609 ssh advirsory Reference: URL:http://www.securityfocus.com/archive/1/14758 Reference: XF:ssh-leak(2276) Reference: URL:http://xforce.iss.net/static/2276.php ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. Analysis ---------------- ED_PRI CAN-1999-1231 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1237 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990606 Buffer overflows in smbval library Reference: URL:http://www.securityfocus.com/archive/1/14384 Reference: XF:smbvalid-bo(2272) Reference: URL:http://xforce.iss.net/static/2272.php Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods. Analysis ---------------- ED_PRI CAN-1999-1237 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1241 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/NT/activex4.html Reference: XF:ie-filesystemobject(2173) Reference: URL:http://xforce.iss.net/static/2173.php Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. Analysis ---------------- ED_PRI CAN-1999-1241 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1338 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990721 Delegate creates directories writable for anyone Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93259112204664&w=2 Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions. Analysis ---------------- ED_PRI CAN-1999-1338 3 Vendor Acknowledgement: Content Decisions: SF-LOC The patch indicates multiple lines in the source code in which the bad permissions are set, e.g. via various mkdir() calls. CD:SF-LOC suggests combining all of them into a single entry since the problems are of the same type. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1348 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990630 linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93220073515880&w=2 Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service. Analysis ---------------- ED_PRI CAN-1999-1348 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. Analysis ---------------- ED_PRI CAN-1999-1365 3 Vendor Acknowledgement: The %systemroot% being writable by users is contrary to Microsoft recommended configuration. So, is this just one implication of a bad configuration problem? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1366 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1366 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990515 Pegasus Mail weak encryption Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92714118829880&w=2 Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. Analysis ---------------- ED_PRI CAN-1999-1366 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1367 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.pcworld.com/news/article/0,aid,10842,00.asp Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. Analysis ---------------- ED_PRI CAN-1999-1367 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1368 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990512 InoculateIT 4.53 Real-Time Exchange Scanner Flawed Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92652152723629&w=2 Reference: NTBUGTRAQ:20001116 InoculateIT AV Option for MS Exchange Server Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97439568517355&w=2 AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox. Analysis ---------------- ED_PRI CAN-1999-1368 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1378 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990917 improper chroot in dbmlparser.exe Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93250710625956&w=2 dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-1999-1378 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1393 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1393 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://freaky.staticusers.net/macsec/data/powerbooksecurity-data.html Reference: BID:532 Reference: URL:http://www.securityfocus.com/bid/532 Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. Analysis ---------------- ED_PRI CAN-1999-1393 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1394 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990702 BSD-fileflags Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93094058620450&w=2 Reference: BID:510 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=510 BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a device. Analysis ---------------- ED_PRI CAN-1999-1394 3 Vendor Acknowledgement: A followup by Darren Reed indicates that this problem may be a lack of clear documentation on the particular security settings. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1400 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990603 Huge Exploit in NT 4.0 SP5 Screensaver with Password Protection Enabled Reference: URL:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0007.html Reference: NTBUGTRAQ:19990603 Re: Huge Exploit in NT 4.0 SP5 Screensaver with Password Protecti on Enabled. Reference: URL:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0009.html Reference: NTBUGTRAQ:19990604 Official response from The Economist re: 1999 Screen Saver Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92851653600852&w=2 Reference: BID:466 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=466 The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked. Analysis ---------------- ED_PRI CAN-1999-1400 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1412 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1412 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990603 MacOS X system panic with CGI Reference: URL:http://www.securityfocus.com/archive/1/14215 Reference: BID:306 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=306 A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. Analysis ---------------- ED_PRI CAN-1999-1412 3 Vendor Acknowledgement: ABSTRACTION: The problem may be endemic to MacOS X and as such may not be related to Apache at all. Other descriptions of this problem may not include Apache at all. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1418 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1418 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990501 Update: security hole in the ICQ-Webserver Reference: URL:http://www.securityfocus.com/archive/1/13508 Reference: BID:246 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=246 ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). Analysis ---------------- ED_PRI CAN-1999-1418 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1444 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1444 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://catless.ncl.ac.uk/Risks/20.41.html#subj4 genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext. Analysis ---------------- ED_PRI CAN-1999-1444 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1460 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1460 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990713 Root Perms Gained with Patrol SNMP Agent 3.2 (all others?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93198293132463&w=2 Reference: BUGTRAQ:19990801 Re: Root Perms Gained with Patrol SNMP Agent 3.2 (all others?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93372579004129&w=2 Reference: BID:525 Reference: URL:http://www.securityfocus.com/bid/525 BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. Analysis ---------------- ED_PRI CAN-1999-1460 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1470 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1470 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990624 Eastman Software Work Management 3.21 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93034788412494&w=2 Reference: XF:eastman-cleartext-passwords(2303) Reference: URL:http://xforce.iss.net/static/2303.php Reference: BID:485 Reference: URL:http://www.securityfocus.com/bid/485 Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-1999-1470 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1485 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990531 IRIX 6.5 nsd virtual filesystem vulnerability Reference: URL:http://www.securityfocus.com/archive/1/13999 Reference: XF:sgi-nsd-view(2246) Reference: URL:http://xforce.iss.net/static/2246.php Reference: XF:sgi-nsd-create(2247) Reference: URL:http://xforce.iss.net/static/2247.php Reference: BID:412 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=412 nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system. Analysis ---------------- ED_PRI CAN-1999-1485 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1496 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1496 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990608 unneeded information in sudo Reference: URL:http://www.securityfocus.com/archive/1/14665 Reference: BID:321 Reference: URL:http://www.securityfocus.com/bid/321 Reference: XF:sudo-file-exists(2277) Reference: URL:http://xforce.iss.net/static/2277.php Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. Analysis ---------------- ED_PRI CAN-1999-1496 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1510 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1510 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92697301706956&w=2 Reference: XF:bisonware-command-bo(3234) Reference: URL:http://xforce.iss.net/static/3234.php Buffer overflows in Bisonware FTP server prior to 4.1 allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via long (1) USER, (2) LIST, or (3) CWD commands. Analysis ---------------- ED_PRI CAN-1999-1510 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Russ Cooper, NTBugraq Editor, emailed a copy of Arne Vidstrom's observations to BisonWare. Nick Barnes of BisonWare replied with an answer to each of Vidstrom's questions. Russ summarized the exchange. Nick Barnes acknowledged a fix in version 4.1 for all buffer overflows in commands taking arguments. -- Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1513 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990830 One more 3Com SNMP vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93616983223090&w=2 Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-1999-1513 3 Vendor Acknowledgement: no I believe this to be something more than a default or weak password problem. If I recall correctly from some work I did a few years ago requiring me to read some MIB specifications, I found MIBs defining a password object as a write only object so that no one could read it. 3Com may not have done this for their enterprise MIB. Compromising the read-write community string allows an attacker to modify router or switch configuration information which is very serious. In this instance the attacker would be using a default community string or one known to the attacker to access the read-write string. I have classified this as a software problem, since one bugtraq message in the thread mentions it was fixed by version 2.12. -- Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1514 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990729 ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94130292519646&w=2 Reference: BUGTRAQ:19990729 ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94121377716133&w=2 Reference: BID:749 Reference: URL:http://www.securityfocus.com/bid/749 Reference: XF:expressfs-command-bo(3401) Reference: URL:http://xforce.iss.net/static/3401.php Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command. Analysis ---------------- ED_PRI CAN-1999-1514 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1515 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BID:613 Reference: URL:http://www.securityfocus.com/bid/613 Reference: XF:tfs-gateway-dos(3290) Reference: URL:http://xforce.iss.net/static/3290.php A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds. Analysis ---------------- ED_PRI CAN-1999-1515 3 Vendor Acknowledgement: unknown Content Decisions: CF Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1518 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990715 Shared memory DoS's Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93207728118694&w=2 Reference: BID:526 Reference: URL:http://www.securityfocus.com/bid/526 Reference: XF:bsd-shared-memory-dos(2351) Reference: URL:http://xforce.iss.net/static/2351.php Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults. Analysis ---------------- ED_PRI CAN-1999-1518 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Exploit code is included in the BugTraq post entitled "Shared memory DoS's" dated July 15, 1999 posted by Mike Perry at this URL: http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990715003612.A18130@mikepery.linuxos.org --Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php In Microsoft Site Server 3.0 a configuration problem exists in the Ad Server Sample directory (AdSamples) allowing an attacker to retrieve SITE.CSC, exposing sensitive SQL database information. Analysis ---------------- ED_PRI CAN-1999-1520 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1524 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1524 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990807 Re: FlowPoint DSL router vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93424680430460&w=2 FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port. Analysis ---------------- ED_PRI CAN-1999-1524 3 Vendor Acknowledgement: unknown vague advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1536 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1536 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990730 World writable root owned script in SalesBuilder (RedHat 6.0) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93347785827287&w=2 Reference: BID:560 Reference: URL:http://www.securityfocus.com/bid/560 .sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file. Analysis ---------------- ED_PRI CAN-1999-1536 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. Analysis ---------------- ED_PRI CAN-1999-1537 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1543 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990710 MacOS system encryption algorithm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93188174906513&w=2 Reference: BUGTRAQ:19990914 MacOS system encryption algorithm 3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93736667813924&w=2 Reference: BID:519 Reference: URL:http://www.securityfocus.com/bid/519 MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File. Analysis ---------------- ED_PRI CAN-1999-1543 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1545 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1545 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990714 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93216103027827&w=2 Reference: BUGTRAQ:19990717 joe 2.8 makes world-readable DEADJOE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93226771401036&w=2 Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users. Analysis ---------------- ED_PRI CAN-1999-1545 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1561 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1561 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990820 Winamp SHOUTcast server: Gain Administrator Password Reference: URL:http://www.securityfocus.com/archive/1/24852 Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server. Analysis ---------------- ED_PRI CAN-1999-1561 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1566 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1566 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990508 iParty Daemon Vulnerability w/ Exploit Code (worse than thought?) Reference: URL:http://www.securityfocus.com/archive/1/13600 Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. Analysis ---------------- ED_PRI CAN-1999-1566 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
