[PROPOSAL] Cluster RECENT-71 - 23 candidates

["Steven M. Christey" <coley@linus.mitre.org>]

I am proposing cluster RECENT-71 for review and voting by the
Editorial Board.

Name: RECENT-71
Description: Candidates reserved and announced between 7/24/2001 and 10/10/2001
Size: 23

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.




Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0540
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-040.asp

Memory leak in Terminal servers in Windows NT and Windows 2000 allows
remote attackers to cause a denial of service (memory exhaustion) via
a large number of malformed Remote Data Protocol (RDP) requests to
port 3389.

Analysis
----------------
ED_PRI CAN-2001-0540 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0544
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0544
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp

IIS 5.0 allows local users to cause a denial of service (hang) via by
installing content that produces a certain invalid MIME Content-Type
header, which corrupts the File Type table.

Analysis
----------------
ED_PRI CAN-2001-0544 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0545
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0545
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010710
Category: SF
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp

IIS 4.0 with URL redirection enabled allows remote attackers to cause
a denial of service (crash) via a malformed request that specifies a
length that is different than the actual length.

Analysis
----------------
ED_PRI CAN-2001-0545 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0660
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0660
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-047.asp
Reference: MSKB:Q307195
Reference: URL:http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier,
allows remote attackers to identify valid user email addresses by
directly accessing a back-end function that processes the global
address list (GAL).

Analysis
----------------
ED_PRI CAN-2001-0660 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0662
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0662
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-048
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-048.asp

RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause
a denial of service (loss of RPC services) via a malformed request.

Analysis
----------------
ED_PRI CAN-2001-0662 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0664
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass
security restrictions via malformed URLs that contain dotless IP
addresses, which causes Internet Explorer to process the page in the
Intranet Zone, which may have fewer security restrictions, aka the
"Zone Spoofing vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0664 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0665
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0665
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp

Internet Explorer 6 and earlier allows remote attackers to cause
certain HTTP requests to be automatically executed and appear to come
from the user, which could allow attackers to gain privileges or
execute operations within web-based services, aka the "HTTP Request
Encoding vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0665 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0666
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0666
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-049
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-049.asp

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an
authenticated user to cause a denial of service (CPU consumption) via
a malformed OWA request for a deeply nested folder within the user's
mailbox.

Analysis
----------------
ED_PRI CAN-2001-0666 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0667
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0667
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010815
Category: SF
Reference: MS:MS01-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp

Internet Explorer 6 and earlier, when used with the Telnet client in
Services for Unix (SFU) 2.0, allows remote attackers to execute
commands by spawning Telnet with a log file option on the command line
and writing arbitrary code into an executable file which is later
executed, aka a new variant of the Telnet Invocation vulnerability as
described in CVE-2001-0150.

Analysis
----------------
ED_PRI CAN-2001-0667 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0670
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0670
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010827
Category: SF
Reference: ISS:20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise94.php
Reference: OPENBSD:20010829
Reference: URL:http://www.openbsd.com/errata28.html
Reference: CALDERA:CSSA-2001-SCO.20
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various
BSD-based operating systems allows remote attackers to execute
arbitrary code via an incomplete print job followed by a request to
display the printer queue.

Analysis
----------------
ED_PRI CAN-2001-0670 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0717
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0717
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010926
Category: SF
Reference: ISS:20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service
Reference: URL:http://xforce.iss.net/alerts/advise98.php
Reference: HP:HPSBUX0110-168

Format string vulnerability in ToolTalk database server
rpc.ttdbserverd allows remote attackers to execute arbitrary commands
via format string specifiers that are passed to the syslog function.

Analysis
----------------
ED_PRI CAN-2001-0717 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0718
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0718
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010927
Category: SF
Reference: MS:MS01-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-050.asp
Reference: CERT:CA-2001-28
Reference: URL:http://www.cert.org/advisories/CA-2001-28.html

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2)
Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro
restrictions and execute arbitrary commands by modifying the data
stream in the document.

Analysis
----------------
ED_PRI CAN-2001-0718 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0728
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0728
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011002
Category: SF
Reference: COMPAQ:SSRT0758
Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory2.html

Buffer overflow in Compaq Management Agents before 5.2, included in
Compaq Web-enabled Management Software, allows local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2001-0728 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0730
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011008
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/01-09-28#security

split-logfile in Apache 1.3.20 allows remote attackers to overwrite
arbitrary files that end in the .log extension via an HTTP request
with a / (slash) in the Host: header.

Analysis
----------------
ED_PRI CAN-2001-0730 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0505
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0505
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010608
Category: SF
Reference: MS:MS01-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-039.asp
Reference: MSKB:Q294380
Reference: MSKB:Q301514

Memory leaks in Microsoft Services for Unix 2.0 allows remote
attackers to cause a denial of service (memory exhaustion) via a large
number of malformed requests to (1) the Telnet service, or (2) the NFS
service.

Analysis
----------------
ED_PRI CAN-2001-0505 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0535
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010628
Category: SF
Reference: ISS:20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications
Reference: URL:http://xforce.iss.net/alerts/advise92.php
Reference: ALLAIRE:MPSB01-08
Reference: URL:http://www.allaire.com/Handlers/index.cfm?ID=21700

Example applications (Exampleapps) in ColdFusion Server 4.x do not
properly restrict prevent access from outside the local host's domain,
which allows remote attackers to conduct upload, read, or execute
files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web
Publish" example script, and (2) the "Email" example script.

Analysis
----------------
ED_PRI CAN-2001-0535 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0652
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0652
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010809
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99745571104126&w=2

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to
gain root privileges via a long (1) XFILESEARCHPATH or (2)
XUSERFILESEARCHPATH environmental variable.

Analysis
----------------
ED_PRI CAN-2001-0652 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0669
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0669
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010827
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010905 %u encoding IDS bypass vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99972950200602&w=2
Reference: ISS:20010905 Multiple Vendor IDS Unicode Bypass Vulnerability
Reference: URL:http://xforce.iss.net/alerts/advise95.php
Reference: CISCO:20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml

Various Intrusion Detection Systems (IDS) including (1) Cisco Secure
Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion
Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before
1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2,
and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow
remote attackers to evade detection of HTTP attacks via non-standard
"%u" Unicode encoding of ASCII characters in the requested URL.

Analysis
----------------
ED_PRI CAN-2001-0669 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC, SEC-DESIGN

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0712
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0712
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010907
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20010727 TXT or HTML? -- IE NEW BUG
Reference: URL:http://www.securityfocus.com/archive/1/200109
Reference: BUGTRAQ:20010729 Re: TXT or HTML? -- IE NEW BUG
Reference: URL:http://www.securityfocus.com/archive/1/200291
Reference: BID:3116
Reference: URL:http://www.securityfocus.com/bid/3116

The rendering engine in Internet Explorer determines the MIME type
independently of the type that is specified by the server, which
allows remote servers to automatically execute script which is placed
in a file whose MIME type does not normally support scripting, such as
text (.txt), JPEG (.jpg), etc.

Analysis
----------------
ED_PRI CAN-2001-0712 3
Vendor Acknowledgement: no disputed

INCLUSION:

In a followup post, Microsoft claims that while script can be executed
from "non-scriptable" file types, the script would only execute in the
Web browser's current domain.  If that is the case, then the attacker
gains no additional privileges beyond that already allowed by the
browser, and this would not be a vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0713
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0713
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010925
Category: SF
Reference: BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm812.html

Sendmail before 8.12.1 does not properly drop privileges when the -C
option is used to load custom configuration files, which allows local
users to gain privileges via malformed arguments in the configuration
file whose names contain characters with the high bit set, such as (1)
macro names that are one character long, (2) a variable setting which
is processed by the setoption function, or (3) a Modifiers setting
which is processed by the getmodifiers function.

Analysis
----------------
ED_PRI CAN-2001-0713 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION:

Each of these issues is related to the same general problem: improper
data type conversion (or an invalid assumption of type).  Since these
problems appear in the same version, CD:SF-LOC suggests combining them
into a single item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0714
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0714
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010925
Category: SF/CF/MP/SA/AN/unknown
Reference: BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm812.html

Sendmail before 8.12.1, without the RestrictQueueRun option enabled,
allows local users to cause a denial of service (data loss) by (1)
setting a high initial message hop count option (-h), which causes
Sendmail to drop queue entries, (2) via the -qR option, or (3) via the
-qS option.

Analysis
----------------
ED_PRI CAN-2001-0714 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0715
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0715
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20010925
Category: SF
Reference: BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm812.html

Sendmail before 8.12.1, without the RestrictQueueRun option enabled,
allows local users to obtain potentially sensitive information about
the mail queue by setting debugging flags to enable debug mode.

Analysis
----------------
ED_PRI CAN-2001-0715 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0729
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0729
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20011012
Assigned: 20011008
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/01-09-28#security

Apache 1.3.20 on Windows servers allows remote attackers to cause a
denial of service via a URL with a large number of / (slash)
characters.

Analysis
----------------
ED_PRI CAN-2001-0729 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, REDISCOVERY

This is extremely similar to CVE-2000-0505, but that one applied to
older versions of Apache before 1.3.13.  This bug appears to have been
re-introduced into the codebase at a later time.  As such, this should
be treated as a separate problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS: