|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster LEGACY-MISC-1999-C - 77 candidates
I am proposing cluster LEGACY-MISC-1999-C for review and voting by the Editorial Board. Name: LEGACY-MISC-1999-C Description: Legacy candidates announced between 9/1/1999 and 12/31/1999 Size: 77 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1047 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94026690521279&w=2 Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94036662326185&w=2 Reference: XF:gauntlet-bsdi-bypass When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities. Analysis ---------------- ED_PRI CAN-1999-1047 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1109 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94632241202626&w=2 Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94780566911948&w=2 Reference: BID:904 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=904 Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. Analysis ---------------- ED_PRI CAN-1999-1109 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1111 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94218618329838&w=2 Reference: BID:786 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=786 Reference: XF:immunix-stackguard-bo(3524) Reference: URL:http://xforce.iss.net/static/3524.php Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. Analysis ---------------- ED_PRI CAN-1999-1111 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1341 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991022 Local user can send forged packets Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94061108411308&w=2 Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. Analysis ---------------- ED_PRI CAN-1999-1341 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1351 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990924 Kvirc bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93845560631314&w=2 Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request. Analysis ---------------- ED_PRI CAN-1999-1351 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1356 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93646669500991&w=2 Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637792706047&w=2 Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822830815&w=2 Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy. Analysis ---------------- ED_PRI CAN-1999-1356 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1530 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94209954200450&w=2 Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225629200045&w=2 Reference: BID:777 Reference: URL:http://www.securityfocus.com/bid/777 cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. Analysis ---------------- ED_PRI CAN-1999-1530 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1531 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1531 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2 Reference: BID:763 Reference: URL:http://www.securityfocus.com/bid/763 Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag. Analysis ---------------- ED_PRI CAN-1999-1531 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1542 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915641729415&w=2 Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923853105687&w=2 Reference: XF:linux-rh-rpmmail(3353) Reference: URL:http://xforce.iss.net/static/3353.php RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command. Analysis ---------------- ED_PRI CAN-1999-1542 2 Vendor Acknowledgement: yes remote Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1548 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BINDVIEW:19991124 Cabletron SmartSwitch Router 8000 Firmware v2.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_Cabletron.html Reference: BID:821 Reference: URL:http://www.securityfocus.com/bid/841 Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit. Analysis ---------------- ED_PRI CAN-1999-1548 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1550 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217006208374&w=2 Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94217879020184&w=2 Reference: BUGTRAQ:19991109 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225879703021&w=2 Reference: BID:778 Reference: URL:http://www.securityfocus.com/bid/778 bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter. Analysis ---------------- ED_PRI CAN-1999-1550 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0679 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010829 Category: SF Reference: NTBUGTRAQ:19991108 Interscan VirusWall NT 3.23/3.3 buffer overflow. Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9911&L=NTBUGTRAQ&P=R2331 Reference: NTBUGTRAQ:19991109 InterScan VirusWall 3.23/3.3 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94216491202063&w=2 Reference: BUGTRAQ:19991108 Patch for VirusWall 3.23. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94204166130782&w=2 Reference: NTBUGTRAQ:19991108 Patch for VirusWall 3.23. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94208143007829&w=2 Reference: XF:viruswall-helo-bo(3465) Reference: URL:http://xforce.iss.net/static/3465.php A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server. Analysis ---------------- ED_PRI CAN-2001-0679 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-0926 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0926 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. Analysis ---------------- ED_PRI CAN-1999-0926 3 Vendor Acknowledgement: yes Content Decisions: SF-CODEBASE Followups indicate that people were able to cause the server to slow down, but not to crash. So, this may not be a "real" vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1013 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BID:673 Reference: URL:http://www.securityfocus.com/bid/673 Reference: BUGTRAQ:19990923 named-xfer hole on AIX (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837026726954&w=2 named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. Analysis ---------------- ED_PRI CAN-1999-1013 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1014 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93727925026476&w=2 Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846422810162&w=2 Reference: XF:sun-usrbinmail-local-bo(3297) Reference: URL:http://xforce.iss.net/static/3297.php Reference: BID:672 Reference: URL:http://www.securityfocus.com/bid/672 Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. Analysis ---------------- ED_PRI CAN-1999-1014 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1050 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991112 FormHandler.cgi Reference: URL:http://www.securityfocus.com/archive/1/34600 Reference: BUGTRAQ:19991116 Re: FormHandler.cgi Reference: URL:http://www.securityfocus.com/archive/1/34939 Reference: BID:798 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=798 Reference: BID:799 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=799 Reference: XF:formhandler-cgi-absolute-path(3550) Reference: URL:http://xforce.iss.net/static/3550.php Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying the filename as a template. Analysis ---------------- ED_PRI CAN-1999-1050 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1051 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19991116 Re: FormHandler.cgi Reference: URL:http://www.securityfocus.com/archive/1/34939 Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. Analysis ---------------- ED_PRI CAN-1999-1051 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1053 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: VULN-DEV:19990913 Guestbook perl script (long) Reference: URL:http://www.securityfocus.com/archive/82/27296 Reference: VULN-DEV:19990916 Re: Guestbook perl script (error fix) Reference: URL:http://www.securityfocus.com/archive/82/27560 Reference: BUGTRAQ:19991105 Guestbook.pl, sloppy SSI handling in Apache? (VD#2) Reference: URL:http://www.securityfocus.com/archive/1/33674 Reference: BID:776 Reference: URL:http://www.securityfocus.com/bid/776 guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". Analysis ---------------- ED_PRI CAN-1999-1053 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1058 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19991122 Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94337185023159&w=2 Reference: BUGTRAQ:19991122 Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94329968617085&w=2 Reference: XF:vermillion-ftp-cwd-overflow(3543) Reference: URL:http://xforce.iss.net/static/3543.php Reference: BID:818 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=818 Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands. Analysis ---------------- ED_PRI CAN-1999-1058 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1065 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991104 Palm Hotsync vulnerable to DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94175465525422&w=2 Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while the manager is in network mode. Analysis ---------------- ED_PRI CAN-1999-1065 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1066 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991222 Quake "smurf" - Quake War Utils Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94589559631535&w=2 Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. Analysis ---------------- ED_PRI CAN-1999-1066 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1076 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991026 Mac OS 9 Idle Lock Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94096348604173&w=2 Reference: BID:745 Reference: URL:http://www.securityfocus.com/bid/745 Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session. Analysis ---------------- ED_PRI CAN-1999-1076 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1077 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991101 Re: Mac OS 9 Idle Lock Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94149318124548&w=2 Reference: BID:756 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=756 Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock. Analysis ---------------- ED_PRI CAN-1999-1077 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1082 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991008 Jana webserver exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93941794201059&w=2 Reference: BID:699 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=699 Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack. Analysis ---------------- ED_PRI CAN-1999-1082 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1083 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:20000502 Security Bug in Jana HTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95730430727064&w=2 Reference: BID:699 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=699 Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-1999-1083 3 Vendor Acknowledgement: Content Decisions: SF-LOC This is a slightly different exploit than the ...... one for 1.40, but the versions are different; however, it may be the same bug. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1092 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: unknown Reference: BUGTRAQ:19991117 default permissions for tin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286179032648&w=2 tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file. Analysis ---------------- ED_PRI CAN-1999-1092 3 Vendor Acknowledgement: It's possible that tin inherited the umask of the user; this is not addressed by the discloser. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1110 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: Reference: BUGTRAQ:19991114 IE 5.0 and Windows Media Player ActiveX object allow checking the existence of local files and directories Reference: URL:http://www.securityfocus.com/archive/1/34675 Reference: BID:793 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=793 Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. Analysis ---------------- ED_PRI CAN-1999-1110 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1112 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991109 Irfan view 3.07 buffer overflow Reference: URL:http://www.securityfocus.com/archive/1/34066 Reference: MISC:http://stud4.tuwien.ac.at/~e9227474/main2.html Reference: XF:irfan-view32-bo(3549) Reference: URL:http://xforce.iss.net/static/3549.php Reference: BID:781 Reference: URL:http://www.securityfocus.com/bid/781 Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. Analysis ---------------- ED_PRI CAN-1999-1112 3 Vendor Acknowledgement: unknown Under version 3.10, the vendor says "Some PSD bugs are fixed," and another page indicates that PSD is Photo Shop. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1129 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990901 VLAN Security Reference: URL:http://www.securityfocus.com/archive/1/26008 Reference: MISC:http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v8x/eescg8x/aleakyv.htm Reference: XF:cisco-catalyst-vlan-frames(3294) Reference: URL:http://xforce.iss.net/static/3294.php Reference: BID:615 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=615 Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers to inject 802.1q frames into another VLAN by forging the VLAN identifier in the trunking tag. Analysis ---------------- ED_PRI CAN-1999-1129 3 Vendor Acknowledgement: unknown There is some extensive discussion on Bugtraq as to whether the problem is due to implementation, configuration, or a design flaw in 802.1q itself. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=822 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. Analysis ---------------- ED_PRI CAN-1999-1189 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1190 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.securiteam.com/exploits/E-MailClub__FROM__remote_buffer_overflow.html Reference: BID:801 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=801 Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message. Analysis ---------------- ED_PRI CAN-1999-1190 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1226 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html Reference: XF:netscape-huge-key-dos(3436) Reference: URL:http://xforce.iss.net/static/3436.php Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. Analysis ---------------- ED_PRI CAN-1999-1226 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1234 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1234 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991026 Re: LSA vulnerability on NT40 SP5 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94096671308565&w=2 Reference: XF:msrpc-samr-open-dos(3293) Reference: URL:http://xforce.iss.net/static/3293.php LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. Analysis ---------------- ED_PRI CAN-1999-1234 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1236 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19991001 Vulnerabilities in the Internet Anywhere Mail Server Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9910&L=ntbugtraq&F=&S=&P=662 Reference: BID:731 Reference: URL:http://www.securityfocus.com/bid/731 Reference: XF:iams-passwords-plaintext(3285) Reference: URL:http://xforce.iss.net/static/3285.php Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf. Analysis ---------------- ED_PRI CAN-1999-1236 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1340 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991104 hylafax-4.0.2 local exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94173799532589&w=2 Reference: BID:765 Reference: URL:http://www.securityfocus.com/bid/765 Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument. Analysis ---------------- ED_PRI CAN-1999-1340 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1342 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1342 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19991017 ICQ ActiveList Server Exploit... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94042342010662&w=2 ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port. Analysis ---------------- ED_PRI CAN-1999-1342 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1343 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1343 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991013 Xerox DocuColor 4 LP D.O.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93986405412867&w=2 HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters. Analysis ---------------- ED_PRI CAN-1999-1343 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1344 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991005 Auto_FTP v0.02 Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923873006014&w=2 Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file. Analysis ---------------- ED_PRI CAN-1999-1344 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1345 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991005 Auto_FTP v0.02 Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923873006014&w=2 Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing them in the directory, and (2) view files that are being transferred. Analysis ---------------- ED_PRI CAN-1999-1345 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1346 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1346 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991007 Problems with redhat 6 Xsession and pam.d/rlogin. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942774609925&w=2 PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file. Analysis ---------------- ED_PRI CAN-1999-1346 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1347 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991007 Problems with redhat 6 Xsession and pam.d/rlogin. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942774609925&w=2 Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. Analysis ---------------- ED_PRI CAN-1999-1347 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1349 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991006 Omni-NFS/X Enterprise (nfsd.exe) DOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93923679004325&w=2 NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111. Analysis ---------------- ED_PRI CAN-1999-1349 3 Vendor Acknowledgement: One followup indicated that the problem could not be reproduced. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1350 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990929 Multiple Vendor ARCAD permission problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93871933521519&w=2 ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse. Analysis ---------------- ED_PRI CAN-1999-1350 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1352 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990928 Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93855134409747&w=2 mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges. Analysis ---------------- ED_PRI CAN-1999-1352 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1353 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1353 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990907 MsgCore mailserver stores passwords in clear text Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93698162708211&w=2 Nosque MsgCore 2.14 stores passwords in cleartext: (1) the administrator password in the AdmPasswd registry key, and (2) user passwords in the Userbase.dbf data file, which could allow local users to gain privielges. Analysis ---------------- ED_PRI CAN-1999-1353 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1357 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991005 Time to update those CGIs again Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915331626185&w=2 Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters. Analysis ---------------- ED_PRI CAN-1999-1357 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1377 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MISC:http://pulhas.org/phrack/55/P55-07.html Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. Analysis ---------------- ED_PRI CAN-1999-1377 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1454 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1454 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991004 Weakness In "The Matrix" Screensaver For Windows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93915027622690&w=2 Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the ESC (Escape) key. Analysis ---------------- ED_PRI CAN-1999-1454 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1469 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1469 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990930 mini-sql Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93871926821410&w=2 Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header. Analysis ---------------- ED_PRI CAN-1999-1469 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1475 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1475 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991119 ProFTPd - mod_sqlpw.c Reference: URL:http://www.securityfocus.com/archive/1/35483 Reference: BID:812 Reference: URL:http://www.securityfocus.com/bid/812 ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command. Analysis ---------------- ED_PRI CAN-1999-1475 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1477 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1477 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990923 Linux GNOME exploit Reference: URL:http://www.securityfocus.com/archive/1/28717 Reference: BID:663 Reference: URL:http://www.securityfocus.com/bid/663 Reference: XF:gnome-espeaker-local-bo(3349) Reference: URL:http://xforce.iss.net/static/3349.php Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack. Analysis ---------------- ED_PRI CAN-1999-1477 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1484 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1484 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990924 Several ActiveX Buffer Overruns Reference: URL:http://www.securityfocus.com/archive/1/28719 Reference: XF:msn-setup-bbs-activex-bo(3310) Reference: URL:http://xforce.iss.net/static/3310.php Reference: BID:668 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=668 Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured. Analysis ---------------- ED_PRI CAN-1999-1484 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1497 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991221 [w00giving '99 #11] IMail's password encryption scheme Reference: URL:http://www.securityfocus.com/archive/1/39329 Reference: BID:880 Reference: URL:http://www.securityfocus.com/bid/880 Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to to read passwords for e-mail accounts. Analysis ---------------- ED_PRI CAN-1999-1497 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1500 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19991001 Vulnerabilities in the Internet Anywhere Mail Server Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93880357530599&w=2 Reference: BID:733 Reference: URL:http://www.securityfocus.com/bid/733 Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments. Analysis ---------------- ED_PRI CAN-1999-1500 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1508 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991116 [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286041430870&w=2 Reference: BID:806 Reference: URL:http://www.securityfocus.com/bid/806 Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html. Analysis ---------------- ED_PRI CAN-1999-1508 3 Vendor Acknowledgement: unknown [SMC] This vulnerability was apparently rediscovered (or never fixed) and publicized in: BUGTRAQ:20010425 Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW) http://www.securityfocus.com/archive/1/179875 although the URL changed. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1509 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1509 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19991104 Eserv 2.50 Web interface Server Directory Traversal Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94177470915423&w=2 Reference: BUGTRAQ:19991104 Eserv 2.50 Web interface Server Directory Traversal Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94183041514522&w=2 Reference: BID:773 Reference: URL:http://www.securityfocus.com/bid/773 Reference: XF:eserv-fileread Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL. Analysis ---------------- ED_PRI CAN-1999-1509 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1511 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991110 Multiples Remotes DoS Attacks in Artisoft XtraMail v1.11 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94226003804744&w=2 Reference: BID:791 Reference: URL:http://www.securityfocus.com/bid/791 Reference: XF:xtramail-pass-dos(3488) Reference: URL:http://xforce.iss.net/static/3488.php Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of service (crash) and possibly execute arbitrary commands via (1) a long PASS command in the POP3 service, (2) a long HELO command in the SMTP service, or (3) a long user name in the Control Service. Analysis ---------------- ED_PRI CAN-1999-1511 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC While there are multiple services that are affected with different commands, they appear in the same package and version, so CD:SF-EXEC suggests combining them into a single entry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1516 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990902 [SECURITY] TenFour TFS SMTP 3.2 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93677241318492&w=2 A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string. Analysis ---------------- ED_PRI CAN-1999-1516 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1517 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19991101 Amanda multiple vendor local root compromises Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94148942818975&w=2 Reference: BID:750 Reference: URL:http://www.securityfocus.com/bid/750 runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. Analysis ---------------- ED_PRI CAN-1999-1517 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1519 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1519 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991117 Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286244700573&w=2 Reference: BID:805 Reference: URL:http://www.securityfocus.com/bid/805 Reference: XF:g6ftp-username-dos(3513) Reference: URL:http://xforce.iss.net/static/3513.php Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of service (resource exhaustion) via a long (1) user name or (2) password. Analysis ---------------- ED_PRI CAN-1999-1519 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC BID:805 appears to be the only item which describes the problem in the password; other sources describe the long user name. As the problem has been reported in the same versions and is the same type of problem, CD:SF-LOC suggests combining them into a single CVE entry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1521 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1521 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990912 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93720402717560&w=2 Reference: BUGTRAQ:19990729 Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94121824921783&w=2 Reference: BID:633 Reference: URL:http://www.securityfocus.com/bid/633 Reference: XF:cmail-command-bo(2240) Reference: URL:http://xforce.iss.net/static/2240.php Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server. Analysis ---------------- ED_PRI CAN-1999-1521 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1522 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1522 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991007 Roxen security alert Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93942579008408&w=2 Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. Analysis ---------------- ED_PRI CAN-1999-1522 3 Vendor Acknowledgement: unknown -- Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1523 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991004 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93901161727373&w=2 Reference: BUGTRAQ:19991006 Re: Sample DOS against the Sambar HTTP-Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93941351229256&w=2 Reference: XF:sambar-logging-bo(1672) Reference: URL:http://xforce.iss.net/static/1672.php Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. Analysis ---------------- ED_PRI CAN-1999-1523 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1527 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1527 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991123 NetBeans/ Forte' Java IDE HTTP vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94338883114254&w=2 Reference: BID:816 Reference: URL:http://www.securityfocus.com/bid/816 Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server. Analysis ---------------- ED_PRI CAN-1999-1527 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE The discloser notes that Netbeans was renamed to Forte, so the two applications probably share the same codebase. Thus CD:SF-CODEBASE suggests combining these into a single entry. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1528 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: unknown Reference: BUGTRAQ:19991114 MacOS 9 and the MacOS Netware Client Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94261444428430&w=2 Reference: BID:794 Reference: URL:http://www.securityfocus.com/bid/794 ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session. Analysis ---------------- ED_PRI CAN-1999-1528 3 Vendor Acknowledgement: unknown ABSTRACTION: There is some debate in the Bugtraq thread regarding whether this is a bug in this implementation or a general problem of interactions between an application's "logout" mechanisms versus those of the parent operating system. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1529 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991107 Interscan VirusWall NT 3.23/3.3 buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94201512111092&w=2 Reference: NTBUGTRAQ:19991107 Interscan VirusWall NT 3.23/3.3 buffer overflow. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94199707625818&w=2 Reference: BUGTRAQ:19991108 Re: Interscan VirusWall NT 3.23/3.3 buffer overflow. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94210427406568&w=2 Reference: BUGTRAQ:19991108 Patch for VirusWall 3.23. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94204166130782&w=2 Reference: NTBUGTRAQ:19991108 Patch for VirusWall 3.23. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94208143007829&w=2 Reference: BUGTRAQ:20000417 New DOS on Interscan NT/3.32 Reference: URL:http://www.securityfocus.com/archive/1/55551 Reference: BID:787 Reference: URL:http://www.securityfocus.com/bid/787 Reference: XF:viruswall-helo-bo(3465) Reference: URL:http://xforce.iss.net/static/3465.php A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code. Analysis ---------------- ED_PRI CAN-1999-1529 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC ABSTRACTION: Trend Micro's patch for this buffer overflow only partially worked still leaving the SMTP gateway open to a denial of service with an overly long HELO command. I considered the twin problem part of the same original problem. Not all may agree. -- Pease CD:SF-LOC, at least the version in my head, suggests that "incompletely fixed bugs" should be combined into the same entry. -- Christey Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1532 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991029 message:Netscape Messaging Server RCPT TO vul. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94117465014255&w=2 Reference: BID:748 Reference: URL:http://www.securityfocus.com/bid/748 Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands, Analysis ---------------- ED_PRI CAN-1999-1532 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Examining Netscape's website I could see that they produced their messaging servers for Solaris and NT. Although the operating systems are different I believe the problem is in common application code (CD:SF-CODEBASE). Two bugs are involved in this exploitation. When they are exploited together they produce the DoS. One is an unbounded buffer in the the SMTP RCPT TO command and the other a memory leak where the messaging server software fails to deallocate memory allocated for the RCPT TO buffer. --Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1533 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990926 DoS Exploit in Eicon Diehl LAN ISDN Modem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93846522511387&w=2 Reference: BID:665 Reference: URL:http://www.securityfocus.com/bid/665 Reference: XF:diva-lan-isdn-dos(3317) Reference: URL:http://xforce.iss.net/static/3317.php Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service. Analysis ---------------- ED_PRI CAN-1999-1533 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1534 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2 Reference: BID:661 Reference: URL:http://www.securityfocus.com/bid/661 Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable. Analysis ---------------- ED_PRI CAN-1999-1534 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC ABSTRACTION: I wrote this up as one bug because the same C exploit works on both binaries (CD:SF-EXEC). One only has to change the program name in the execl call. This argues that both binaries have code in common or a very similar mistake in the way they both handle the HOME environment variable -- Pease Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1539 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1539 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991110 Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94225924803704&w=2 Reference: NTBUGTRAQ:19991110 Remote DoS Attack in QVT/Term 'Plus' 4.2d FTP Server Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94223972910670&w=2 Reference: BID:796 Reference: URL:http://www.securityfocus.com/bid/796 Reference: XF:qvtterm-login-dos(3491) Reference: URL:http://xforce.iss.net/static/3491.php Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password. Analysis ---------------- ED_PRI CAN-1999-1539 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1540 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: L0PHT:19991004 Reference: URL:http://www.atstake.com/research/advisories/1999/shell-lock.txt Reference: BUGTRAQ:19991005 Cactus Software's shell-lock Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93916168802365&w=2 Reference: XF:cactus-shell-lock-retrieve-shell-code(3356) Reference: URL:http://xforce.iss.net/static/3356.php shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code. Analysis ---------------- ED_PRI CAN-1999-1540 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1541 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: L0PHT:19991004 Reference: URL:http://www.atstake.com/research/advisories/1999/shell-lock.txt Reference: BUGTRAQ:19991005 Cactus Software's shell-lock Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93916168802365&w=2 Reference: XF:cactus-shell-lock-root-privs(3358) Reference: URL:http://xforce.iss.net/static/3358.php shell-lock in Cactus Software Shell Lock allows local users to read or modify decoded shell files before they are executed, via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-1999-1541 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1547 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991125 Oracle Web Listener Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94359982417686&w=2 Reference: NTBUGTRAQ:19991125 Oracle Web Listener Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94390053530890&w=2 Reference: BID:841 Reference: URL:http://www.securityfocus.com/bid/841 Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. Analysis ---------------- ED_PRI CAN-1999-1547 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1549 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991116 lynx 2.8.x - 'special URLs' anti-spoofing protection is weak Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94286509804526&w=2 Reference: BID:804 Reference: URL:http://www.securityfocus.com/bid/804 Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. Analysis ---------------- ED_PRI CAN-1999-1549 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1562 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1562 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990905 gftp Reference: URL:http://www.securityfocus.com/archive/1/26915 gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file. Analysis ---------------- ED_PRI CAN-1999-1562 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1563 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1563 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:19991014 NEUROCOM: Nashuatec printer, 3 vulnerabilities found Reference: URL:http://www.securityfocus.com/archive/1/30849 Reference: BUGTRAQ:19991116 NEUROCOM: Nashuatec D445/435 vulnerabilities updated Reference: URL:http://www.securityfocus.com/archive/1/35075 Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm. Analysis ---------------- ED_PRI CAN-1999-1563 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1564 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1564 Final-Decision: Interim-Decision: Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990902 [ Kernel panic with FreeBSD-3.2-19990830-STABLE ] Reference: URL:http://www.securityfocus.com/archive/1/26166 FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes. Analysis ---------------- ED_PRI CAN-1999-1564 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
