|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-72 - 18 candidates
I am proposing cluster RECENT-72 for review and voting by the Editorial Board. Name: RECENT-72 Description: Candidates announced between 6/2/2001 and 7/4/2001 Size: 18 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0819 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0819 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: DEBIAN:DSA-060 Reference: URL:http://www.debian.org/security/2001/dsa-060 Reference: ENGARDE:ESA-20010620-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1451.html Reference: MANDRAKE:MDKSA-2001:063 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1 Reference: CALDERA:CSSA-2001-022.1 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt Reference: CONECTIVA:CLA-2001:403 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403 Reference: BID:2877 Reference: URL:http://www.securityfocus.com/bid/2877 Reference: XF:fetchmail-long-header-bo(6704) Reference: URL:http://xforce.iss.net/static/6704.php A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. Analysis ---------------- ED_PRI CAN-2001-0819 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0823 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0823 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010618 pmpost - another nice symlink follower Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99290754901708&w=2 Reference: BUGTRAQ:20010619 Re: pmpost - another nice symlink follower Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html Reference: SGI:20010601-01-A Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A Reference: XF:irix-pcp-pmpost-symlink(6724) Reference: URL:http://xforce.iss.net/static/6724.php Reference: BID:2887 Reference: URL:http://www.securityfocus.com/bid/2887 The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR). Analysis ---------------- ED_PRI CAN-2001-0823 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99201419609509&w=2 Reference: BUGTRAQ:20010629 xinetd update -- Immunix OS 7.0-beta, 7.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99405800403778&w=2 Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: REDHAT:RHSA-2001:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html Reference: BID:2971 Reference: URL:http://www.securityfocus.com/bid/2971 Buffer overflow in internal string handling routines of xinetd before 2.3.1 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. Analysis ---------------- ED_PRI CAN-2001-0825 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0804 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com Reference: CONFIRM:http://www.valeriemates.com/story_download.html Reference: XF:interactive-story-next-directory-traversal(6843) Reference: URL:http://xforce.iss.net/static/6843.php Reference: BID:3028 Reference: URL:http://www.securityfocus.com/bid/3028 Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter. Analysis ---------------- ED_PRI CAN-2001-0804 2 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: http://www.valeriemates.com/story_download.html has a section titled "What's new in version 1.4?" which states "In version 1.3 ... readers could enter a specially crafted URL to view parts of any publicly readable file on your host." The release date for 1.4 is given as July 9. story.pl has been modified and commented in a way that shows that the vulnerability has been prevented, but it does not provide specifics. While the description is vague, there is enough evidence that it is addressing this particular problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0805 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi Reference: URL:http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com Reference: BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi Reference: URL:http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com Reference: XF:tarantella-ttawebtop-read-files(6723) Reference: URL:http://xforce.iss.net/static/6723.php Reference: BID:2890 Reference: URL:http://www.securityfocus.com/bid/2890 Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. Analysis ---------------- ED_PRI CAN-2001-0805 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0822 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0822 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99167206319643&w=2 Reference: CONFIRM:http://www.pkcrew.org/news.php Reference: XF:linux-fpf-kernel-dos(6659) Reference: URL:http://xforce.iss.net/static/6659.php Reference: BID:2816 Reference: URL:http://www.securityfocus.com/bid/2816 FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. Analysis ---------------- ED_PRI CAN-2001-0822 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: Vendor posted a fixed version of the software, acknowledging the problem next to the fixed version: http://www.pkcrew.org/tools.php Vendor also ack'ed problem in news items, saying "Released a new version of fpf that fixes a remote denial of service thanks to Styx" in http://www.pkcrew.org/news.php Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0806 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: CF Reference: BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99358249631139&w=2 Reference: BUGTRAQ: OS X 10.1 and localized desktop folder still vulnerable Reference: BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99436289015729&w=2 Reference: BID:2930 Reference: URL:http://www.securityfocus.com/bid/2930 Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. Analysis ---------------- ED_PRI CAN-2001-0806 3 Vendor Acknowledgement: no There were follow up posts claiming that the problem concerns accounts created with beta versions of the OS, that remained vulnerable despite upgrading to new versions. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0807 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0807 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010606 security bug Internet Explorer 5 Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341 Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. Analysis ---------------- ED_PRI CAN-2001-0807 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0808 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0808 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: SF Reference: BUGTRAQ:20010627 gnats update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html Reference: CONFIRM:http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html Reference: XF:gnatsweb-helpfile-execute-commands(6753) Reference: URL:http://xforce.iss.net/static/6753.php gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. Analysis ---------------- ED_PRI CAN-2001-0808 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: The advisory is vague about the specific nature of the problem. Examining the patch, the vulnerable statement (in Perl) was open("$file"). This could be subject to both a directory traversal and shell metacharacter problem, but it could be that some of the filename is cleansed before this call is reached. But if it's both types of problems, then CD:SF-LOC would recommend creating separate candidates. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0809 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011030 Category: unknown Reference: HP:HPSBUX0106-155 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0074.html Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources. Analysis ---------------- ED_PRI CAN-2001-0809 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE The advisory doesn't give much info, so the description is vague. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0818 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010612 Remote buffer overflow in MDBMS. Reference: URL:http://www.securityfocus.com/archive/1/190933 Reference: BID:2867 Reference: URL:http://www.securityfocus.com/bid/2867 Reference: XF:mdbms-query-display-bo(6700) Reference: URL:http://xforce.iss.net/static/6700.php A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. Analysis ---------------- ED_PRI CAN-2001-0818 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: http://www.hinttech.com/mdbms, which was listed as the web site for MDBMS, no longer exists. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0820 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0820 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010617 Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99279182704674&w=2 Reference: BUGTRAQ:20010630 Advisory Ghttp 1.4 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99406263214417&w=2 Reference: XF:gaztek-ghttpd-bo(6702) Reference: URL:http://xforce.iss.net/static/6702.php Reference: BID:2879 Reference: URL:http://www.securityfocus.com/bid/2879 Reference: BID:2965 Reference: URL:http://www.securityfocus.com/bid/2965 Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. Analysis ---------------- ED_PRI CAN-2001-0820 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC states that multiple problems of the same type in the same software should be combined. Thus the two separate Bugtraq posts, while identifying different problems in different files, need to be combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0821 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0821 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: CF Reference: BUGTRAQ:20010618 DCShop vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcshop/44.html Reference: BID:2889 Reference: URL:http://www.securityfocus.com/bid/2889 Reference: XF:dcshop-cgi-retrieve-information(6707) Reference: URL:http://xforce.iss.net/static/6707.php The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. Analysis ---------------- ED_PRI CAN-2001-0821 3 Vendor Acknowledgement: yes advisory Content Decisions: CF, EX-BETA Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0824 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0824 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/20010702202828.128B.TAKAGI@etl.go.jp Reference: BID:2969 Reference: URL:http://www.securityfocus.com/bid/2969 Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. Analysis ---------------- ED_PRI CAN-2001-0824 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0826 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0826 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010630 cesarFTP v0.98b 'HELP' buffer overflow Reference: URL:http://www.securityfocus.com/archive/1/20010630093621.66913.qmail@web13002.mail.yahoo.com Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd Reference: URL:http://www.securityfocus.com/archive/1/005701c10466$2332ed80$2c001fac@qualica.com Reference: BID:2972 Reference: URL:http://www.securityfocus.com/bid/2972 Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD. Analysis ---------------- ED_PRI CAN-2001-0826 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC says to MERGE problems of same type within the same version. All these commands are affected by a buffer overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0827 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0827 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd Reference: URL:http://www.securityfocus.com/archive/1/005701c10466$2332ed80$2c001fac@qualica.com Reference: BID:2976 Reference: URL:http://www.securityfocus.com/bid/2976 Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. Analysis ---------------- ED_PRI CAN-2001-0827 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0828 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0828 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: CONFIRM:http://www.caucho.com/products/resin/changes.xtp Reference: BID:2981 Reference: URL:http://www.securityfocus.com/bid/2981 A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. Analysis ---------------- ED_PRI CAN-2001-0828 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: In the change log at http://www.caucho.com/products/resin/changes.xtp, in the "1.2.4 - April 11, 2001" section, the vendor says "need to escape < for file not found (rep by Hiromitsu Takagi)" Since Takagi was the author of the Bugtraq article and said that he told the vendor in March, this constitutes enough evidence for acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0829 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0829 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/20010702202828.128B.TAKAGI@etl.go.jp Reference: MISC:http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme Reference: BID:2982 Reference: URL:http://www.securityfocus.com/bid/2982 A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. Analysis ---------------- ED_PRI CAN-2001-0829 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
