|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-74 - 29 candidates
I am proposing cluster RECENT-74 for review and voting by the Editorial Board. Name: RECENT-74 Description: Candidates announced between 11/1/2001 and 11/20/2001 Size: 29 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0719 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0719 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20010927 Category: SF Reference: MS:MS01-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-056.asp Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. Analysis ---------------- ED_PRI CAN-2001-0719 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0722 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0722 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100527618108521&w=2 Reference: BUGTRAQ:20011019 Minor IE vulnerability: about: URLs Reference: URL:http://www.securityfocus.com/archive/1/221612 Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL. Analysis ---------------- ED_PRI CAN-2001-0722 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0801 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0801 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011025 Category: SF Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2 Reference: SGI:20011003-02-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library Analysis ---------------- ED_PRI CAN-2001-0801 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0803 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0803 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011029 Category: SF Reference: ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service Reference: URL:http://xforce.iss.net/alerts/advise101.php Reference: CERT:CA-2001-31 Reference: URL:http://www.cert.org/advisories/CA-2001-31.html Reference: CERT-VN:VU#172583 Reference: URL:http://www.kb.cert.org/vuls/id/172583 Reference: HP:HPSBUX0111-175 Reference: URL:http://www.securityfocus.com/advisories/3651 Reference: CALDERA:CSSA-2001-SCO.30 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/ Reference: BID:3517 Reference: URL:http://www.securityfocus.com/bid/3517 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands Analysis ---------------- ED_PRI CAN-2001-0803 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0817 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0817 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011115 Category: SF Reference: ISS:20011120 Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon Reference: URL:http://xforce.iss.net/alerts/advise102.php Reference: HP:HPSBUX0111-176 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0047.html Reference: XF:hpux-rlpdaemon-logic-flaw(7234) Reference: URL:http://xforce.iss.net/static/7234.php Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. Analysis ---------------- ED_PRI CAN-2001-0817 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0850 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CALDERA:CSSA-2001-037.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. Analysis ---------------- ED_PRI CAN-2001-0850 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0851 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: ENGARDE:ESA-20011106-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1683.html Reference: CALDERA:CSSA-2001-38.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt Reference: SUSE:SuSE-SA:2001:039 Reference: URL:http://www.suse.de/de/support/security/2001_039_kernel2_txt.txt Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. Analysis ---------------- ED_PRI CAN-2001-0851 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0852 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011105 RH Linux Tux HTTPD DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498100112191&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tux-list&m=100584714702328&w=2 Reference: REDHAT:RHSA-2001:142 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via sending a malformed header. Analysis ---------------- ED_PRI CAN-2001-0852 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: While REDHAT:RHSA-2001:142 appears to be focused on the syncookie problem, one paragraph says "these packages fix a remote denial of service attack against the TUX web server" and credits the researcher who posted to Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0859 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0859 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: REDHAT:RHSA-2001:148 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-148.html 2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions. Analysis ---------------- ED_PRI CAN-2001-0859 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0861 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0861 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. Analysis ---------------- ED_PRI CAN-2001-0861 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0862 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0862 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. Analysis ---------------- ED_PRI CAN-2001-0862 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0863 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. Analysis ---------------- ED_PRI CAN-2001-0863 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0864 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. Analysis ---------------- ED_PRI CAN-2001-0864 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0865 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. Analysis ---------------- ED_PRI CAN-2001-0865 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0866 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. Analysis ---------------- ED_PRI CAN-2001-0866 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0867 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. Analysis ---------------- ED_PRI CAN-2001-0867 1 Vendor Acknowledgement: yes advisory ABSTRACTION: This sounds like a duplicate of several other issues included in this advisory, but Cisco used a different bug ID (CSCdt69741) than the others, and slightly different IOS versions are affected, so this is a different problem and should be separated from the others. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0857 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0857 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2 Reference: BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2 Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. Analysis ---------------- ED_PRI CAN-2001-0857 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0721 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0721 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011101 Three Windows XP UPNP DOS attacks Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100467787323377&w=2 Reference: BUGTRAQ:20011109 Important Information Regarding MS01-054 and WindowsME Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100528449024158&w=2 Reference: MS:MS01-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-054.asp Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. Analysis ---------------- ED_PRI CAN-2001-0721 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: Several different types of DoS problems are included in the original Bugtraq posts, so this CAN should probably be SPLIT. At least one problem deals with a malformed header, and a different one deals with handling a flood of incoming requests. From the CVE perspective, these are at lest 2 different types of problems. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0799 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0799 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011025 Category: SF Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2 Reference: SGI:20011003-02-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. Analysis ---------------- ED_PRI CAN-2001-0799 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC CD:SF-LOC says to distinguish between vulnerabilities of different types, so the buffer overflow is separated from the shell metacharacter problem (CAN-2001-0800). In addition, the SGI advisory and LSD description both imply that multiple buffer overflows are involved. Since the problems are fixed in the same version, CD:SF-LOC says to combine the overflows into a single item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0800 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0800 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011025 Category: SF/CF/MP/SA/AN/unknown Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2 Reference: SGI:20011003-02-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0800 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC CD:SF-LOC says to distinguish between vulnerabilities of different types, so the shell metacharacter problem is separated from the buffer overflow (CAN-2001-0799). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0815 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0815 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011113 Category: SF Reference: BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100583978302585&w=2 Reference: CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062 Reference: BID:3526 Reference: URL:http://www.securityfocus.com/bid/3526 Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to exute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. Analysis ---------------- ED_PRI CAN-2001-0815 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0848 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011101 Fuse Talk vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100463832209281&w=2 join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. Analysis ---------------- ED_PRI CAN-2001-0848 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0849 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0849 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011101 Vulnerability in Viralator proxy extension Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100463639800515&w=2 Reference: MISC:http://viralator.loddington.com/changes.html viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. Analysis ---------------- ED_PRI CAN-2001-0849 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: In the change log at http://viralator.loddington.com/changes.html, the "0.9pre1 to 0.9pre2" section says "Security fixes - viralator now runs with taint checking turned on," which would address the problem being described here. However, it's not specific enough to be sure. At http://viralator.loddington.com/about.html, 0.9pre2 is dated 05/11/2001, which is likely November 5 (and not May 11), which is shortly after the date of the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0853 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: CF Reference: BUGTRAQ:20011105 New getAccess[tm] Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100498111712723&w=2 Reference: BUGTRAQ:20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. Analysis ---------------- ED_PRI CAN-2001-0853 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0854 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0854 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011105 Copying and Deleting Files Using PHP-Nuke Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100525739116093&w=2 PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. Analysis ---------------- ED_PRI CAN-2001-0854 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0855 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0855 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011109 ClearCase db_loader TERM environment variable buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100528623328037&w=2 Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable. Analysis ---------------- ED_PRI CAN-2001-0855 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0856 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0856 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011109 Extracting a 3DES key from an IBM 4758 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100533053219673&w=2 Reference: MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/ Reference: MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/attack.html Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key. Analysis ---------------- ED_PRI CAN-2001-0856 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0858 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0858 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011113 Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100562386012917&w=2 Reference: CALDERA:CSSA-2001-SCO.32 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/ Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-0858 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0860 Final-Decision: Interim-Decision: Modified: Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100578220002083&w=2 Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). Analysis ---------------- ED_PRI CAN-2001-0860 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
