|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-70 - 28 candidates
I am proposing cluster RECENT-70 for review and voting by the Editorial Board. Name: RECENT-70 Description: Candidates announced between 6/2/2001 and 7/10/2001 Size: 28 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0757 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0757 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml Reference: BID:2874 Reference: URL:http://www.securityfocus.com/bid/2874 Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. Analysis ---------------- ED_PRI CAN-2001-0757 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0763 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: SUSE:SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. Analysis ---------------- ED_PRI CAN-2001-0763 1 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0764 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: VULN-DEV:20010609 suid scotty / ntping overflow Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html Reference: VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd) Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html Reference: BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd) Reference: URL:http://www.securityfocus.com/archive/1/192664 Reference: SUSE:SuSE-SA:2001:023 Reference: URL:http://www.suse.de/de/support/security/2001_023_scotty_txt.txt Reference: XF:scotty-ntping-bo(6735) Reference: URL:http://xforce.iss.net/static/6735.php Reference: BID:2911 Reference: URL:http://www.securityfocus.com/bid/2911 Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. Analysis ---------------- ED_PRI CAN-2001-0764 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0787 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0787 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: REDHAT:RHSA-2001:077 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-077.html LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. Analysis ---------------- ED_PRI CAN-2001-0787 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0765 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0765 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html Reference: CONFIRM:http://www.bisonftp.com/ServRev.htm Reference: BID:2963 Reference: URL:http://www.securityfocus.com/bid/2963 BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. Analysis ---------------- ED_PRI CAN-2001-0765 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: At http://www.bisonftp.com/ServRev.htm, the entry for July 2nd 2001 says "Fix to repair security problem, allowing a command line ftp client to traverse outside of the home directory if the client uploads their own *.bdl" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0733 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0733 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010621 bugtraq submission Reference: URL:http://www.securityfocus.com/archive/1/192711 Reference: BID:2912 Reference: URL:http://www.securityfocus.com/bid/2912 Reference: XF:eperl-embedded-code-execution(6743) Reference: URL:http://xforce.iss.net/static/6743.php The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code. Analysis ---------------- ED_PRI CAN-2001-0733 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0735 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0735 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010621 cfingerd local vulnerability (possibly root) Reference: URL:http://www.securityfocus.com/archive/1/192844 Reference: BUGTRAQ:20010711 Another exploit for cfingerd <= 1.4.3-8 Reference: URL:http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain Reference: DEBIAN:DSA-066 Reference: URL:http://www.debian.org/security/2001/dsa-066 Reference: BID:2914 Reference: URL:http://www.securityfocus.com/bid/2914 Reference: XF:cfingerd-util-bo(6744) Reference: URL:http://xforce.iss.net/static/6744.php Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. Analysis ---------------- ED_PRI CAN-2001-0735 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC says to separate problems of different types; thus this problem should be separated from CAN-2001-0609, which is a format string vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0743 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0743 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010602 O'Reilly WebBoard 4.10.30 JavaScript code execution problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0326.html Reference: BID:2814 Reference: URL:http://www.securityfocus.com/bid/2814 Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. Analysis ---------------- ED_PRI CAN-2001-0743 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0745 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0745 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. Analysis ---------------- ED_PRI CAN-2001-0745 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0756 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0756 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010607 cgisecurity.com Advisory #5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html Reference: BUGTRAQ:20010611 re: Advisory #5 Corrections. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99237435902211&w=2 CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. Analysis ---------------- ED_PRI CAN-2001-0756 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0758 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0758 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/windowsntfocus/5SP011P4KC.html Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. Analysis ---------------- ED_PRI CAN-2001-0758 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0759 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0759 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010614 Buffer overflow in BestCrypt for Linux Reference: URL:http://www.securityfocus.com/archive/1/191111 Reference: BID:2875 Reference: URL:http://www.securityfocus.com/bid/2875 Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. Analysis ---------------- ED_PRI CAN-2001-0759 3 Vendor Acknowledgement: unknown discloser-claimed ACKNOWLEDGEMENT: Discloser claimed acknowledgement but I cannot find it on jetico site. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0760 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0760 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010630 Nfuse reveals full path Reference: URL:http://www.securityfocus.com/archive/1/194449 Reference: BUGTRAQ:20010702 Re: Nfuse reveals full path Reference: URL:http://www.securityfocus.com/archive/1/194522 Reference: BID:2956 Reference: URL:http://www.securityfocus.com/bid/2956 Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request that does not provide the session field. Analysis ---------------- ED_PRI CAN-2001-0760 3 Vendor Acknowledgement: The reply to the original Bugtraq post notes inability to replicate. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0761 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0761 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010702 [SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194463 Reference: BID:2959 Reference: URL:http://www.securityfocus.com/bid/2959 Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. Analysis ---------------- ED_PRI CAN-2001-0761 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0762 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0762 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010602 su-wrapper 1.1.1 Local root exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0057.html Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument. Analysis ---------------- ED_PRI CAN-2001-0762 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0766 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0766 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010610 Mac OS X - Apache & Case Insensitive Filesystems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html Reference: BID:2852 Reference: URL:http://www.securityfocus.com/bid/2852 Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. Analysis ---------------- ED_PRI CAN-2001-0766 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0773 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap Reference: URL:http://www.securityfocus.com/archive/1/195644 Reference: BID:3001 Reference: URL:http://www.securityfocus.com/bid/3001 Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. Analysis ---------------- ED_PRI CAN-2001-0773 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0774 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0774 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010709 Tripwire temporary files Reference: URL:http://www.securityfocus.com/archive/1/195617 Reference: BID:3003 Reference: URL:http://www.securityfocus.com/bid/3003 Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to ovperwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. Analysis ---------------- ED_PRI CAN-2001-0774 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0775 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0775 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010710 xloadimage remote exploit - tstot.c Reference: URL:http://www.securityfocus.com/archive/1/195823 Reference: DEBIAN:DSA-069 Reference: URL:http://www.debian.org/security/2001/dsa-069 Reference: SUSE:SA:2001:024 Reference: URL:http://www.suse.de/de/support/security/2001_024_xli_txt.txt Reference: BID:3006 Reference: URL:http://www.securityfocus.com/bid/3006 Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attacker to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. Analysis ---------------- ED_PRI CAN-2001-0775 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0782 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0782 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010622 Symlinks symlinks...this time KTVision Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0302.html Reference: XF:ktvision-symlink(6741) Reference: URL:http://xforce.iss.net/static/6741.php KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. Analysis ---------------- ED_PRI CAN-2001-0782 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0783 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0783 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010618 Cisco TFTPD 1.1 Vulerablity Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html Reference: BID:2886 Reference: URL:http://www.securityfocus.com/bid/2886 Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. Analysis ---------------- ED_PRI CAN-2001-0783 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0784 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010626 Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html Reference: BID:2932 Reference: URL:http://www.securityfocus.com/bid/2932 Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. Analysis ---------------- ED_PRI CAN-2001-0784 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0785 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0785 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html Reference: BID:2883 Reference: URL:http://www.securityfocus.com/bid/2883 Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2001-0785 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0786 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0786 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html Reference: BID:2882 Reference: URL:http://www.securityfocus.com/bid/2882 Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file. Analysis ---------------- ED_PRI CAN-2001-0786 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: DESIGN-NO-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0788 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0788 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html Reference: BID:2881 Reference: URL:http://www.securityfocus.com/bid/2881 Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. Analysis ---------------- ED_PRI CAN-2001-0788 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0789 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0789 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010621 SECURITY.NNOV: KAV (AVP) for sendmail format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0274.html Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attacker to cause a denial of service or possibly execute arbitrary code via a malformed mail message. Analysis ---------------- ED_PRI CAN-2001-0789 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0794 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0794 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010621 A-FTP Anonymous FTP Server Remote DoS attack Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0280.html Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command. Analysis ---------------- ED_PRI CAN-2001-0794 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0795 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0795 Final-Decision: Interim-Decision: Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010625 Perception LiteServe MS-DOS filename vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0328.html Reference: BID:2926 Reference: URL:http://www.securityfocus.com/bid/2926 Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. Analysis ---------------- ED_PRI CAN-2001-0795 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
