|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-77 - 48 candidates
I am proposing cluster RECENT-77 for review and voting by the Editorial Board. Name: RECENT-77 Description: Candidates announced between 9/3/2001 and 10/18/2001 Size: 48 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011206 Category: SF Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems. Reference: URL:http://www.securityfocus.com/archive/1/212892 Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820 Reference: CALDERA:CSSA-2001-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt Reference: CONECTIVA:CLA-2001:425 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425 Reference: SUSE:SuSE-SA:2001:38 Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt Reference: BID:3312 Reference: URL:http://www.securityfocus.com/bid/3312 Reference: XF:uucp-argument-gain-privileges(7099) Reference: URL:http://xforce.iss.net/static/7099.php uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option. Analysis ---------------- ED_PRI CAN-2001-0873 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0961 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0961 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-076 Reference: URL:http://www.debian.org/security/2001/dsa-076 Reference: XF:most-file-create-bo(7149) Reference: URL:http://xforce.iss.net/static/7149.php Reference: BID:3347 Reference: URL:http://www.securityfocus.com/bid/3347 Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. Analysis ---------------- ED_PRI CAN-2001-0961 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1017 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1017 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: FREEBSD:FreeBSD-SA-01:59 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc Reference: XF:rmuser-insecure-password-file(7086) Reference: URL:http://xforce.iss.net/static/7086.php Reference: BID:3282 Reference: URL:http://www.securityfocus.com/bid/3282 rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. Analysis ---------------- ED_PRI CAN-2001-1017 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1028 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1035 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-078 Reference: URL:http://www.debian.org/security/2001/dsa-078 Reference: BID:3364 Reference: URL:http://www.securityfocus.com/bid/3364 Reference: XF:slrn-decode-script-execution(7166) Reference: URL:http://xforce.iss.net/static/7166.php Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post. Analysis ---------------- ED_PRI CAN-2001-1035 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3 Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. Analysis ---------------- ED_PRI CAN-2001-0907 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0940 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0940 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698954308436&w=2 Reference: CHECKPOINT:20010919 GUI Buffer Overflow Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. Analysis ---------------- ED_PRI CAN-2001-0940 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0962 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p Reference: XF:ibm-websphere-seq-predict(7153) Reference: URL:http://xforce.iss.net/static/7153.php IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. Analysis ---------------- ED_PRI CAN-2001-0962 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0963 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0963 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml Reference: XF:spoonftp-dot-directory-traversal(7147) Reference: URL:http://xforce.iss.net/static/7147.php Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. Analysis ---------------- ED_PRI CAN-2001-0963 2 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: The SpoonFTP main page says "A vulnerability existed in SponFTP 1.1 which allowed a remote user to break out of the ftp root" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HPBUG:PHCO_17719 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html Reference: HPBUG:PHCO_24454 Reference: BID:3289 Reference: URL:http://www.securityfocus.com/bid/3289 login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. Analysis ---------------- ED_PRI CAN-2001-0978 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0998 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0998 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010924 HACMP and port scans Reference: URL:http://www.securityfocus.com/archive/1/216105 Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability" Reference: URL:http://www.securityfocus.com/archive/1/217910 Reference: AIXAPAR:IY20943 Reference: AIXAPAR:IY17630 Reference: XF:hacmp-portscan-dos(7165) Reference: URL:http://xforce.iss.net/static/7165.php Reference: BID:3358 Reference: URL:http://www.securityfocus.com/bid/3358 IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. Analysis ---------------- ED_PRI CAN-2001-0998 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1016 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/211806 Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp Reference: BID:3280 Reference: URL:http://www.securityfocus.com/bid/3280 Reference: XF:pgp-invalid-key-display(7081) Reference: URL:http://xforce.iss.net/static/7081.php PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." Analysis ---------------- ED_PRI CAN-2001-1016 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1020 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010905 directorymanager bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589 Reference: BID:3288 Reference: URL:http://www.securityfocus.com/bid/3288 Reference: XF:directory-manager-execute-commands(7079) Reference: URL:http://xforce.iss.net/static/7079.php edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function. Analysis ---------------- ED_PRI CAN-2001-1020 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the Release Notes for version 0.91, dated September 5, 2001, the developer states "Fixed a nasty security bug allowing remote execution of shell commands." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1031 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010927 CARTSA-2001-03 Meteor FTPD 1.0 Directory Traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0231.html Reference: MISC:http://207.202.218.172/ Reference: XF:meteor-ftpd-directory-traversal(7176) Reference: URL:http://xforce.iss.net/static/7176.php Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. Analysis ---------------- ED_PRI CAN-2001-1031 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: In http://207.202.218.172/, apparently the "home page" for Meteor FTP (which is otherwise available on CNET.com), the author states "Version 1.2 adds ... important security and stability bug fixes", which is not specific enough to be certain that the vendor fixed this specific problem. However, meteorsoft@hotmail.com did acknowledge the bug and fix via email. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1048 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/ Reference: BID:3387 Reference: URL:http://www.securityfocus.com/bid/3387 AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1048 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: There is not enough public information to be certain if the vendor has acknowledged the problem. The AWOL changelog at http://www.gospelcom.net/mnn/topher/awol/changelog.php says "Removed condensed version due to security problems" for version 2.1.1, but it does not describe the problem, nor do the original disclosers provide sufficient detail to know whether this was the vulnerable script. A look at the source code does not provide clues. So, there is insufficient evidence that the vendor is aware of the problem. The support bulletin board might indicate an attempt at notification by the researcher that was noticed by the developer, but there is no evidence that any detailed information was exchanged. However, topher1kenobe@users.sourceforge.net acknowledged the problem in an email response on January 16, 2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1049 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://phorecast.org/ Reference: BID:3388 Reference: URL:http://www.securityfocus.com/bid/3388 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1049 2 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: on the home page in the News section, the news item dated 2001-10-14 says "IMPORTANT SECURITY NEWS" and includes a link to the Bugtraq post. The entry for 2001-12-22 says "version 0.40 ... corrects the security flaw." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1054 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952 Reference: BID:3392 Reference: URL:http://www.securityfocus.com/bid/3392 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1054 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1071 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011009 Cisco CDP attacks Reference: URL:http://www.securityfocus.com/archive/1/219257 Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP Reference: URL:http://www.securityfocus.com/archive/1/219305 Reference: BID:3412 Reference: URL:http://www.securityfocus.com/bid/3412 Reference: XF:cisco-ios-cdp-dos(7242) Reference: URL:http://xforce.iss.net/static/7242.php Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. Analysis ---------------- ED_PRI CAN-2001-1071 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0956 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0956 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010911 security alert: speechd from speechio.org Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0089.html Reference: CONFIRM:http://www.speechio.org/speechd.html Reference: XF:speechd-execute-commands(7121) Reference: URL:http://xforce.iss.net/static/7121.php Reference: BID:3326 Reference: URL:http://www.securityfocus.com/bid/3326 speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0956 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ACKNOWLEDGEMENT: The speechd home page says "There was a Bugtraq local exploit alert for speechd versions up to 0.54" and includes a URL to the BUGTRAQ reference associated with this CVE item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0958 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0958 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010912 [SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0099.html Reference: MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142 Reference: XF:interscan-emanager-bo(7104) Reference: URL:http://xforce.iss.net/static/7104.php Reference: BID:3327 Reference: URL:http://www.securityfocus.com/bid/3327 Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. Analysis ---------------- ED_PRI CAN-2001-0958 3 Vendor Acknowledgement: unknown foreign Content Decisions: SF-EXEC ACKNOWLEDGEMENT: The MISC reference to Trend Micro's Japanese web site may in fact be a vendor acknowledgement of the problem, but the author of this candidate cannot read Japanese to be certain. There did not seem to be any equivalent page on Trend Micro's USA site. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: BID:3342 Reference: URL:http://www.securityfocus.com/bid/3342 Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. Analysis ---------------- ED_PRI CAN-2001-0959 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it "addresses a potential security vulnerability in ARCserve 2000 when performing full backups," which may be a vague acknowledgement of the problem. Followup posts to the original Bugtraq post do not say that the patch does NOT fix the problem, so the combination of these implicit or vague clues may be sufficient to determine that the vendor has fixed the problem and, by extension, acknowledged it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html Reference: XF:arcserve-aremote-plaintext(7122) Reference: URL:http://xforce.iss.net/static/7122.php Reference: BID:3343 Reference: URL:http://www.securityfocus.com/bid/3343 Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2001-0960 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: document QO00945, dated September 14, states that it "addresses a potential security vulnerability in ARCserve 2000 when performing full backups," which may be a vague acknowledgement of the problem. Followup posts to the original Bugtraq post do not say that the patch does NOT fix the problem, so the combination of these implicit or vague clues may be sufficient to determine that the vendor has fixed the problem and, by extension, acknowledged it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0964 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0964 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Advisory: Half-Life remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0178.html Reference: XF:halflife-connect-bo(7148) Reference: URL:http://xforce.iss.net/static/7148.php Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. Analysis ---------------- ED_PRI CAN-2001-0964 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0979 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0979 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010903 hpux warez Reference: URL:http://www.securityfocus.com/archive/1/211687 Reference: BID:3279 Reference: URL:http://www.securityfocus.com/bid/3279 Reference: XF:hpux-swverify-bo(7078) Reference: URL:http://xforce.iss.net/static/7078.php Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-0979 3 Vendor Acknowledgement: Content Decisions: VAGUE DUPLICATION: a followup claims that this problem was fixed in PHCO_23483, but PHCO_23483 does not have sufficient details to know for sure. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0984 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0984 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010913 leak of information in counterpane/Bruce Schneier's Password Safe program Reference: URL:http://www.securityfocus.com/archive/1/213931 Reference: XF:counterpane-password-access(7123) Reference: URL:http://xforce.iss.net/static/7123.php Reference: BID:3337 Reference: URL:http://www.securityfocus.com/bid/3337 Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and promp on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. Analysis ---------------- ED_PRI CAN-2001-0984 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: it is not certain whether this issue appears in Password Safe or in the underlying OS or libraries. In addition, if the only way to access the passwords is through memory as reported in the Bugtraq post, then the amount of privileges required to access that memory would normally be at an administrator or kernel level, which would be enough to obtain the passwords through some other mechanism (e.g. keystroke logging). So, the "exploit" may not gain any privileges beyond the privileges that can be obtained by sysadmin, so this may not be a vulnerability in that sense. In addition, some might argue that the presence of cleartext in memory is not serious enough to merit inclusion in CVE. On the other hand, if a password utility is expected to clean passwords from memory, then Password Safe may be keeping the passwords in cleartext for longer than necessary. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0985 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010908 Shopping Cart Version 1.23 Reference: URL:http://www.securityfocus.com/archive/1/212827 Reference: MISC:http://www.irata.com/shopver.html Reference: BID:3308 Reference: URL:http://www.securityfocus.com/bid/3308 Reference: XF:hassan-cart-command-execution(7106) Reference: URL:http://xforce.iss.net/static/7106.php shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. Analysis ---------------- ED_PRI CAN-2001-0985 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: A note for version 1.34 dated 10/10/2000 says "Various security fixes" but it cannot be certain if the security fixes addressed the problem in here. The acknowledgement is too vague to be certain. ABSTRACTION: CD:SF-LOC suggests distinguishing between problems of different types. CVE-2000-0921 is a directory traversal vulnerability, while this isn't, therefore they should remain split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0986 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc) Reference: URL:http://www.securityfocus.com/archive/1/214217 Reference: XF:winnt-indexserver-sqlqhit-asp(7125) Reference: URL:http://xforce.iss.net/static/7125.php Reference: BID:3339 Reference: URL:http://www.securityfocus.com/bid/3339 SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. Analysis ---------------- ED_PRI CAN-2001-0986 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0990 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem Reference: URL:http://www.securityfocus.com/archive/1/212036 Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog Reference: BID:3284 Reference: URL:http://www.securityfocus.com/bid/3284 Reference: XF:vpopmail-insecure-auth-data(7076) Reference: URL:http://xforce.iss.net/static/7076.php Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. Analysis ---------------- ED_PRI CAN-2001-0990 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the poster says that the vendor fixed the problem, but the poster is not credited in the Change Log, and there is no clear fix to this problem mentioned. However, the entry for August 20 (2 weeks before the poster publicized the problem) states "security permission change on lib directory and library," which might be one solution to this issue. This is not sufficient evidence, however, to claim that the vendor has acknowledged the problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0992 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0992 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010905 ShopPlus Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html Reference: XF:shopplus-command-execution(7077) Reference: URL:http://xforce.iss.net/static/7077.php shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. Analysis ---------------- ED_PRI CAN-2001-0992 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0994 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0994 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010904 Telnet DoS Vulnerability in Marconi ATM Switch Software Reference: URL:http://www.securityfocus.com/archive/1/211956 Reference: XF:forethought-telnet-dos(7082) Reference: URL:http://xforce.iss.net/static/7082.php Reference: BID:3286 Reference: URL:http://www.securityfocus.com/bid/3286 Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. Analysis ---------------- ED_PRI CAN-2001-0994 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: this may be a rediscovery of the problem described in CAN-2001-0270. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0996 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0996 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010902 POP3Lite 0.2.3b minor client side DoS and message injection Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0436.html Reference: XF:pop3lite-dot-message-injection(7075) Reference: URL:http://xforce.iss.net/static/7075.php Reference: BID:3278 Reference: URL:http://www.securityfocus.com/bid/3278 POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. Analysis ---------------- ED_PRI CAN-2001-0996 3 Vendor Acknowledgement: unknown discloser-claimed INCLUSION: while the implications of this issue are not well understood and likely dependent on the specific client that is being attacked, the ability to simulate POP server responses from a remote location is at least an exposure, so this item can be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0997 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0997 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010911 Textor Webmasters Ltd (listrec.pl) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html Reference: XF:listrecpl-remote-command-execution(7117) Reference: URL:http://xforce.iss.net/static/7117.php Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. Analysis ---------------- ED_PRI CAN-2001-0997 3 Vendor Acknowledgement: Content Decisions: EX-ONLINE-SVC INCLUSION: It is not clear whether listrec.pl is part of a service of Textor that is solely controlled by Textor. If so, then CD:EX-ONLINE-SVC might suggest that this be omitted from CVE. If listrec.pl is provided to customers and it is up to customers to fix the problem, however, then CD:EX-ONLINE-SVC suggests including this in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0999 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0999 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010912 FREAK SHOW: Outlook Express 6.00 Reference: URL:http://www.securityfocus.com/archive/1/213754 Reference: BUGTRAQ:20010915 Proof-Of-Concept Perl Script for Bugtraq-ID: #3334 Reference: URL:http://www.securityfocus.com/archive/1/214453 Reference: XF:outlook-express-text-script-execution(7118) Reference: URL:http://xforce.iss.net/static/7118.php Reference: BID:3334 Reference: URL:http://www.securityfocus.com/bid/3334 Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. Analysis ---------------- ED_PRI CAN-2001-0999 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1000 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010907 rlmadmin v3.8M view file symlink vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0036.html Reference: XF:radius-rlmadmin-help-symlink(7096) Reference: URL:http://xforce.iss.net/static/7096.php Reference: BID:3302 Reference: URL:http://www.securityfocus.com/bid/3302 rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. Analysis ---------------- ED_PRI CAN-2001-1000 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: http://www.merit.edu/michnet/dial-in/aaa/michnet.html implies that this software is only intended for use within MichNet. If this software is not for download or purchase to the general public, then perhaps it should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1012 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1012 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: SUSE:SuSE-SA:2001:030 Reference: URL:http://www.suse.com/de/support/security/2001_030_screen_txt.txt Reference: XF:screen-local-privilege-elevation(7134) Reference: URL:http://xforce.iss.net/static/7134.php Vulnerability in screen before 3.9.10, related toa multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. Analysis ---------------- ED_PRI CAN-2001-1012 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1013 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1013 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000707 (no subject) Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html Reference: VULN-DEV:20000707 Re: your mail Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html Reference: VULN-DEV:20000707 Re: apache and 404/404 status codes Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html Reference: BUGTRAQ:20010912 Is there user Anna at your host ? Reference: URL:http://www.securityfocus.com/archive/1/213667 Reference: XF:linux-apache-username-exists(7129) Reference: URL:http://xforce.iss.net/static/7129.php Reference: BID:3335 Reference: URL:http://www.securityfocus.com/bid/3335 Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. Analysis ---------------- ED_PRI CAN-2001-1013 3 Vendor Acknowledgement: Content Decisions: INCLUSION INCLUSION: while it could be argued that this exposure provides no real additional information since the users on a web server will normally advertise themselves, it still has the effect of allowing a remote attacker to determine other users on the system who do not happen to have web pages. Thus this should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1014 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010915 advisory Reference: URL:http://www.securityfocus.com/archive/1/214456 Reference: BID:3340 Reference: URL:http://www.securityfocus.com/bid/3340 Reference: XF:eshop-script-execute-commands(7128) Reference: URL:http://xforce.iss.net/static/7128.php eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. Analysis ---------------- ED_PRI CAN-2001-1014 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1015 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1015 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011016 [ ** Snes9x buffer overflow vulnerability ** ] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html Reference: BID:3437 Reference: URL:http://www.securityfocus.com/bid/3437 Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-2001-1015 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1018 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010919 lotus domino server 5.08 is very gabby Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094373621813&w=2 Reference: BID:3350 Reference: URL:http://www.securityfocus.com/bid/3350 Reference: XF:lotus-domino-ip-reveal(7180) Reference: URL:http://xforce.iss.net/static/7180.php Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. Analysis ---------------- ED_PRI CAN-2001-1018 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1019 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010908 sglMerchant Version 1.0 Reference: URL:http://www.securityfocus.com/archive/1/212825 Reference: BID:3309 Reference: URL:http://www.securityfocus.com/bid/3309 Reference: XF:sglmerchant-dot-directory-traversal(7100) Reference: URL:http://xforce.iss.net/static/7100.php Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. Analysis ---------------- ED_PRI CAN-2001-1019 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1023 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html Reference: XF:xcache-path-disclosure(7159) Reference: URL:http://xforce.iss.net/static/7159.php Reference: BID:3352 Reference: URL:http://www.securityfocus.com/bid/3352 Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. Analysis ---------------- ED_PRI CAN-2001-1023 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. Analysis ---------------- ED_PRI CAN-2001-1029 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1032 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html Reference: XF:php-nuke-admin-file-overwrite(7170) Reference: URL:http://xforce.iss.net/static/7170.php admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. Analysis ---------------- ED_PRI CAN-2001-1032 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1033 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010925 Re: HACMP and port scans Reference: URL:http://www.securityfocus.com/archive/1/216323 Reference: XF:trucluster-portscan-dos(7171) Reference: URL:http://xforce.iss.net/static/7171.php Reference: BID:3362 Reference: URL:http://www.securityfocus.com/bid/3362 Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. Analysis ---------------- ED_PRI CAN-2001-1033 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1034 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010923 hylafax Reference: URL:http://www.securityfocus.com/archive/1/215984 Reference: XF:hylafax-hostname-format-string(7164) Reference: URL:http://xforce.iss.net/static/7164.php Reference: BID:3357 Reference: URL:http://www.securityfocus.com/bid/3357 Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. Analysis ---------------- ED_PRI CAN-2001-1034 3 Vendor Acknowledgement: Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1050 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: BID:3389 Reference: URL:http://www.securityfocus.com/bid/3389 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1050 3 Vendor Acknowledgement: no ACKNOWLEDGEMENT: information about this product cannot be found on the web, so acknowledgement cannot be determined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1051 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=440666&group_id=20971&atid=120971 Reference: BID:3390 Reference: URL:http://www.securityfocus.com/bid/3390 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1051 3 Vendor Acknowledgement: unknown vague Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1052 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html Reference: BID:3391 Reference: URL:http://www.securityfocus.com/bid/3391 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1052 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
