[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-78 - 54 candidates



I am proposing cluster RECENT-78 for review and voting by the
Editorial Board.

Name: RECENT-78
Description: Candidates announced between 11/2/2001 and 11/30/2001
Size: 54

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0723
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0723
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp

Internet Explorer 5.5 and 6.0 allows remote attackers to read and
modify user cookies via Javascript, aka the "Second Cookie Handling
Vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0723 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0724
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp

Internet Explorer 5.5 allows remote attackers to bypass security
restrictions via malformed URLs that contain dotless IP addresses,
which causes Internet Explorer to process the page in the Intranet
Zone, which may have fewer security restrictions, aka the "Zone
Spoofing Vulnerability variant" of CAN-2001-0664.

Analysis
----------------
ED_PRI CAN-2001-0724 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0869
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011129
Category: SF
Reference: SUSE:SuSE-SA:2001:042
Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3
Reference: CALDERA:CSSA-2001-040.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt
Reference: REDHAT:RHSA-2001-150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html
Reference: REDHAT:RHSA-2001-151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html
Reference: XF:cyrus-sasl-format-string(7443)
Reference: URL:http://xforce.iss.net/static/7443.php

Format string vulnerability in the default logging callback function
in Cyrus SASL library (cyrus-sasl) may allow remote attackers to
execute arbitrary commands.

Analysis
----------------
ED_PRI CAN-2001-0869 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0884
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0884
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011213
Category: SF
Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/242839
Reference: CONECTIVA:CLA-2001:445
Reference: URL:http://www.securityfocus.com/advisories/3721
Reference: REDHAT:RHSA-2001:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html
Reference: REDHAT:RHSA-2001:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html
Reference: XF:mailman-java-css(7617)
Reference: URL:http://xforce.iss.net/static/7617.php
Reference: BID:3602
Reference: URL:http://www.securityfocus.com/bid/3602

Cross-site scripting vulnerability in Mailman email archiver before
2.08 allows attackers to obtain sensitive information or
authentication credentials via a malicious link that is accessed by
other web users.

Analysis
----------------
ED_PRI CAN-2001-0884 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2
Reference: SGI:20020101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16
for CRAY UNICOS allows a local user to gain root privileges by using
qsub to submit a batch job whose name contains formatting characters.

Analysis
----------------
ED_PRI CAN-2001-0891 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0894
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0894
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100584160110303&w=2
Reference: MANDRAKE:MDKSA-2001:089
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-089.php3?dis=8.1
Reference: DEBIAN:DSA-093
Reference: URL:http://www.debian.org/security/2001/dsa-093
Reference: BID:3544
Reference: URL:http://www.securityfocus.com/bid/3544
Reference: XF:postfix-smtp-log-dos(7568)
Reference: URL:http://xforce.iss.net/static/7568.php

Vulnerability in Postfix SMTP server before 20010228-pl07, when
configured to email the postmaster when SMTP errors cause the session
to terminate, allows remote attackers to cause a denial of service
(memory exhaustion) by generating a large number of SMTP errors, which
forces the SMTP session log to grow too large.

Analysis
----------------
ED_PRI CAN-2001-0894 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0895
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0895
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml

Multiple Cisco networking products allow remote attackers to cause a
denial of service on the local network via a series of ARP packets
sent to the router's interface that contains a different MAC address
for the router, which eventually causes the router to overwrite the
MAC address in its ARP table.

Analysis
----------------
ED_PRI CAN-2001-0895 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0896
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0896
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CALDERA:CSSA-2001-SCO.33
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt

Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of
service (crash) via a port scan, e.g. with nmap -PO.

Analysis
----------------
ED_PRI CAN-2001-0896 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0918
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0918
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: SUSE:SuSE-SA:2001:041
Reference: URL:http://www.suse.de/de/support/security/2001_041_susehelp_txt.txt
Reference: XF:susehelp-cgi-command-execution(7583)
Reference: URL:http://xforce.iss.net/static/7583.php
Reference: BID:3576
Reference: URL:http://www.securityfocus.com/bid/3576

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow
remote attackers to execute arbitrary commands by not opening files
securely.

Analysis
----------------
ED_PRI CAN-2001-0918 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0929
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0929
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set
Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml

Cisco IOS Firewall Feature set, aka Context Based Access Control
(CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through
12.2T does not properly check the IP protocol type, which could allow
remote attackers to bypass access control lists.

Analysis
----------------
ED_PRI CAN-2001-0929 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0897
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011115 UBB vulnerablietis + about: using example
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586033530341&w=2
Reference: BUGTRAQ:20011115 Re: UBB vulnerablietis + about: using example
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586541317940&w=2

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board
(UBB) before 5.47e allows remote attackers to steal user cookies via
an [IMG] tag that references an about: URL with an onerror field.

Analysis
----------------
ED_PRI CAN-2001-0897 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0899
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0899
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100593523104176&w=2
Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute
commands on the server via shell metacharacters in the $hostinput
variable.

Analysis
----------------
ED_PRI CAN-2001-0899 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The comment for version 0.3, dated November 26, says
"This version is a bug fix to the remote command execution security
hole in version 0.2" A look at the source code shows that all calls to
system() are now quoted.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0900
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0900
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2
Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=

Directory traversal vulnerability in modules.php in Gallery before
1.2.3 allows remote attackers to read arbitrary files via a .. (dot
dot) in the include parameter.

Analysis
----------------
ED_PRI CAN-2001-0900 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0901
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0901
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626603407639&w=2
Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz

Hypermail allows remote attackers to execute arbitrary commands on a
server supporting SSI via an attachment with a .shtml extension, which
is archived on the server and can then be executed by requesting the
URL for the attachment.

Analysis
----------------
ED_PRI CAN-2001-0901 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: In the ChangeLog in HyperMail 2.1.4, the entry for
Nov 14, 2001 says "Changes relevant to security...  attachment
filenames ending in .shtml get changed to .html."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0912
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: MANDRAKE:MDKSA-2001:087
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1
Reference: XF:linux-expect-unauth-root(7604)
Reference: URL:http://xforce.iss.net/static/7604.php

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect
to search for its libraries in the /home/snailtalk directory before
other directories, which could allow a local user to gain root
privileges.

Analysis
----------------
ED_PRI CAN-2001-0912 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2
Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2

Linux kernel before 2.4.11pre3 in multiple Linux distributions allows
local users to cause a denial of service (crash) by starting the core
vmlinux kernel, possibly related to poor error checking during ELF
loading.

Analysis
----------------
ED_PRI CAN-2001-0914 2
Vendor Acknowledgement: yes followup

ABSTRACTION: There could be a rediscovery of CVE-2000-0729, but there
is insufficient information to be certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0917
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0917
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011122 Hi
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654722925155&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=100658457507305&w=2

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path
information by requesting a long URL with a .JSP extension.

Analysis
----------------
ED_PRI CAN-2001-0917 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0920
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0920
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100680319004162&w=2
Reference: CONFIRM:http://and.sourceforge.net/
Reference: XF:and-format-string(7606)
Reference: URL:http://xforce.iss.net/static/7606.php
Reference: BID:3580
Reference: URL:http://www.securityfocus.com/bid/3580

Format string vulnerability in auto nice daemon (AND) 1.0.4 and
earlier allows a local user to possibly execute arbitrary code via a
process name containing a format string.

Analysis
----------------
ED_PRI CAN-2001-0920 2
Vendor Acknowledgement: yes advisory

The home page for AND states "Security Alert!  A format string
vulnerability has been found in AND 1.0.4 and before.  Update to 1.0.5
or newer NOW!" and references the author of the Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0936
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100713367307799&w=2
Reference: CONFIRM:http://frox.sourceforge.net/security.txt
Reference: XF:frox-ftp-proxy-bo(7632)
Reference: URL:http://xforce.iss.net/static/7632.php
Reference: BID:3606
Reference: URL:http://www.securityfocus.com/bid/3606

Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with
the local caching method selected, allows remote FTP servers to run
arbitrary code via a long response to an MDTM request.

Analysis
----------------
ED_PRI CAN-2001-0936 2
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The vendor advisory is a verbatim copy of the
advisory that was sent to Bugtraq.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0939
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0939
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715316426817&w=2
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88
Reference: BID:3607
Reference: URL:http://www.securityfocus.com/bid/3607

Lotus Domino 5.08 and earlier allows remote attackers to cause a
denial of service (crash) via a SunRPC NULL command to port 443.

Analysis
----------------
ED_PRI CAN-2001-0939 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0868
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0868
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011123
Category: SF
Reference: BUGTRAQ:20011123 Redhat Stronghold Secure Server File System Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654958131854&w=2
Reference: XF:stronghold-webserver-obtain-information(7582)
Reference: URL:http://xforce.iss.net/static/7582.php

Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve
system information via an HTTP GET request to (1) stronghold-info or
(2) stronghold-status.

Analysis
----------------
ED_PRI CAN-2001-0868 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0870
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011130
Category: CF
Reference: BUGTRAQ:20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715758109838&w=2
Reference: BID:3598
Reference: URL:http://www.securityfocus.com/bid/3598
Reference: XF:alchemy-http-view-log(7630)
Reference: URL:http://xforce.iss.net/static/7630.php

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through
2.6.18 is enabled without authentication by default, which allows
remote attackers to obtain network monitoring logs with potentially
sensitive information by directly requesting the eye.ini file.

Analysis
----------------
ED_PRI CAN-2001-0870 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0871
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011130
Category: SF
Reference: BUGTRAQ:20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714173510535&w=2
Reference: BID:3599
Reference: URL:http://www.securityfocus.com/bid/3599
Reference: XF:alchemy-http-dot-variant(7626)
Reference: URL:http://xforce.iss.net/static/7626.php

Directory traversal vulnerability in HTTP server for Alchemy Eye and
Alchemy Network Monitor allows remote attackers to execute arbitrary
commands via an HTTP request containing (1) a .. in versions 2.0
through 2.6.18, or (2) a DOS device name followed by a .. in versions
2.6.19 through 3.0.10.

Analysis
----------------
ED_PRI CAN-2001-0871 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION:

This is a difficult problem.  CD:SF-LOC suggsts combining problems of
the same type that affect the same software versions.  The problem
described in (2) also shows up in the earlier versions, so there is
overlap in terms of versions there.  One could argue that the vendor
did not completely fix the initial problem, still leaving it partially
vulnerable, in which case it makes sense to combine them into a single
entry.  However, improperly handling DOS device names in pathnames is
emerging as a new type of problem, but it is not known if the DOS
device names have any impact without the directory traversal, so there
is insufficient information here (and the content decisions are murky)
to be sure which approach is best.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0892
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0892
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100568999726036&w=2
Reference: CONFIRM:http://www.acme.com/software/thttpd/

Acme Thttpd Secure Webserver before 2.22, with the chroot option
enabled, allows remote attackers to view sensitive files under the
document root (such as .htpasswd) via a GET request with a trailing /.

Analysis
----------------
ED_PRI CAN-2001-0892 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-CODEBASE

ACKNOWLEDGEMENT: the change log for version 2.22 states: "Fix for
security hole that exposed contents of .htpasswd in some cases
(noticed by zeno@cgisecurity.com). "
ABSTRACTION: The .htpasswd problem appears in 2 Acme products, Thttpd
and mini_httpd.  Since the two products are distributed separately
(and aren't part of the same package), CD:SF-CODEBASE recommends that
they should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0893
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0893
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
Reference: URL:http://marc.theaimsgroup.com/?t=100568954600004&w=2&r=1
Reference: CONFIRM:http://www.acme.com/software/mini_httpd/

Acme mini_httpd before 1.16 allows remote attackers to view sensitive
files under the document root (such as .htpasswd) via a GET request
with a trailing /.

Analysis
----------------
ED_PRI CAN-2001-0893 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-CODEBASE

ABSTRACTION: The .htpasswd problem appears in 2 Acme products, Thttpd
and mini_httpd.  Since the two products are distributed separately
(and aren't part of the same package), CD:SF-CODEBASE recommends that
they should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0898
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0898
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011115 Several javascript vulnerabilities in Opera
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586079932284&w=2
Reference: BUGTRAQ:20011116 Re: Several javascript vulnerabilities in Opera
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100588139312696&w=2

Opera 6.0 and earlier allows remote attackers to access sensitive
information such as cookies and links for other domains via
Javascript.

Analysis
----------------
ED_PRI CAN-2001-0898 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0902
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2
Reference: NTBUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via
an HTTP request that includes hex-encoded newline or form-feed
characters.

Analysis
----------------
ED_PRI CAN-2001-0902 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0903
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0903
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011120 A Cryptanalysis of the High-bandwidth Digital Content Protection System
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626641009560&w=2
Reference: MISC:http://nunce.org/hdcp/hdcp111901.htm

Linear key exchange process in High-bandwidth Digital Content
Protection (HDCP) System allows remote attackers to access data as
plaintext, avoid device blacklists, clone devices, and create new
device keyvectors by computing and using alternate key combinations
for authentication.

Analysis
----------------
ED_PRI CAN-2001-0903 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0904
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0904
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011120 MSIE 5.5/6 Q312461 patch disclose patch information
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619268115798&w=2

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies
the HTTP_USER_AGENT (UserAgent) information that indicates that the
patch has been installed, which could allow remote malicious web sites
to more easily identify and exploit vulnerable clients.

Analysis
----------------
ED_PRI CAN-2001-0904 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION, ABSTRACTION

INCLUSION: by the CVE definition, this issue is an exposure and as
such should be included in CVE.  However, this may be part of a larger
design issue, namely: web clients that identify themselves to web
servers is an exposure in general.  It may not be appropriate to
include this specific example in CVE without considering the more
general issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0908
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0908
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638693315933&w=2
Reference: BID:3566
Reference: URL:http://www.securityfocus.com/bid/3566
Reference: XF:win-terminal-spoof-address(7538)
Reference: URL:http://xforce.iss.net/static/7538.php

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is
provided by the client instead of obtaining it from the packet
headers, which allows clients to spoof their public IP address, e.g.
through Network Address Translation (NAT).

Analysis
----------------
ED_PRI CAN-2001-0908 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0909
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2
Reference: XF:winxp-helpctr-bo(7605)
Reference: URL:http://xforce.iss.net/static/7605.php

Buffer overflow in helpctr.exe program in Microsoft Help Center for
Windows XP allows remote attackers to execute arbitrary code via a
long hcp: URL.

Analysis
----------------
ED_PRI CAN-2001-0909 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0910
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0910
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 Legato Networker vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638782917917&w=2
Reference: XF:networker-reverse-dns-bypass-auth(7601)
Reference: URL:http://xforce.iss.net/static/7601.php
Reference: BID:3564
Reference: URL:http://www.securityfocus.com/bid/3564

Legato Networker before 6.1 allows remote attackers to bypass access
restrictions and gain privileges on the Networker interface by
spoofing the admin server name and IP address and connecting to
Networker from an IP address whose hostname can not be determined by a
DNS reverse lookup.

Analysis
----------------
ED_PRI CAN-2001-0910 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0911
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 PhpNuke Admin password can be stolen !
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638850219503&w=2
Reference: BID:3567
Reference: URL:http://www.securityfocus.com/bid/3567
Reference: XF:phpnuke-postnuke-insecure-passwords(7596)
Reference: URL:http://xforce.iss.net/static/7596.php

PHP-Nuke 5.1 stores user and administrator passwords in a base-64
encoded cookie, which could allow remote attackers to gain privileges
by stealing or sniffing the cookie and decoding it.

Analysis
----------------
ED_PRI CAN-2001-0911 3
Vendor Acknowledgement: unknown
Content Decisions: DESIGN-WEAK-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0913
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011122 [NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100655265508104&w=2
Reference: CONFIRM:http://lists.research.netsol.com/pipermail/rwhois-announce/2001-November/000023.html

Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and
earlier, when using syslog, allows remote attackers to corrupt memory
and possibly execute arbitrary code via a rwhois request that contains
format specifiers.

Analysis
----------------
ED_PRI CAN-2001-0913 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: This problem is the same type as that for CAN-2001-0838.
However, CAN-2001-0838 was fixed in 1.5.7.2.  This problem appears in
1.5.7.2 and wasn't fixed until 1.5.7.3.  So, this problem appears in a
different version than CAN-2001-0838.  CD:SF-LOC therefore suggests
that these issues should be SPLIT since they appear in different
versions.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0915
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0915
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33
and earlier allows a local user to gain root privileges via format
specifiers in the check argument of a shell definition.

Analysis
----------------
ED_PRI CAN-2001-0915 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC suggests splitting problems of different types, so the
format string and buffer overflow problems receive separate
candidates.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0916
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0916
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2

Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier
allows a local user to gain root privileges via a long check argument
of a shell definition.

Analysis
----------------
ED_PRI CAN-2001-0916 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC suggests splitting problems of different types, so the
format string and buffer overflow problems receive separate
candidates.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0919
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0919
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: CF
Reference: BUGTRAQ:20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100679857614967&w=2

Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow
cookies to be stored on your machine" enabled does not warn a user
when a cookie is set using Javascript,

Analysis
----------------
ED_PRI CAN-2001-0919 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011121 Mac Netscape password fields
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2
Reference: XF:macos-netscape-print-passwords(7593)
Reference: URL:http://xforce.iss.net/static/7593.php
Reference: BID:3565
Reference: URL:http://www.securityfocus.com/bid/3565

Netscape 4.79 and earlier for MacOS allows an attacker with access to
the browser to obtain passwords from form fields by printing the
document into which the password has been typed, which is printed in
cleartext.

Analysis
----------------
ED_PRI CAN-2001-0921 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0922
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011126 NMRC Advisory - NetDynamics Session ID is Reusable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100681274915525&w=2

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier
versions, allows remote attackers to steal session IDs and hijack
user sessions by reading the SPIDERSESSION and uniqueValue variables
from the login field, then using those variables after the next user
logs in.

Analysis
----------------
ED_PRI CAN-2001-0922 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0923
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011025 Advisory: Corrupt RPM Query Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/222542
Reference: CONECTIVA:CLA-2001:440
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440
Reference: BID:3472
Reference: URL:http://www.securityfocus.com/bid/3472
Reference: XF:Linux-rpm-execute-code(7349)
Reference: URL:http://xforce.iss.net/static/7349.php

RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to
execute arbitrary code via corrupted data in the RPM file when the
file is queried.

Analysis
----------------
ED_PRI CAN-2001-0923 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0924
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011122 double dot vulnerability on a site running Informix database.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654890029878&w=2
Reference: BUGTRAQ:20011127 Re: double dot vulnerability on a site running Informix database.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100688672019635&w=2
Reference: BID:3575
Reference: URL:http://www.securityfocus.com/bid/3575
Reference: XF:informix-web-datablade-directory-traversal(7585)
Reference: URL:http://xforce.iss.net/static/7585.php

Directory traversal vulnerability in ifx CGI program in Informix Web
DataBlade allows remote attackers to read arbitrary files via a
.. (dot dot) in the LO parameter.

Analysis
----------------
ED_PRI CAN-2001-0924 3
Vendor Acknowledgement:

INCLUSION: several followups indicate that others were unable to
reproduce the problem.  It may be that the "ifx" is not even specific
to Informix, rather the site that the original discloser was testing.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0926
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 JRun SSI Request Body Parsing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100697797325013&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
Reference: BID:3589
Reference: URL:http://www.securityfocus.com/bid/3589
Reference: XF:allaire-jrun-view-source(7622)
Reference: URL:http://xforce.iss.net/static/7622.php

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers
to obtain source code for Java server pages (.jsp) and other files in
the web root via an HTTP request for a non-existent SSI page, in which
the request's body has an #include statement.

Analysis
----------------
ED_PRI CAN-2001-0926 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0927
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0927
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011127 [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689302316077&w=2
Reference: MISC:ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz

Format string vulnerability in the permitted function of GNOME
libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers
to execute arbitrary code via an argument that contains format
specifiers that are passed into the (1) syslog_message and (2)
syslog_io_message functions.

Analysis
----------------
ED_PRI CAN-2001-0927 3
Vendor Acknowledgement: yes patch
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that the buffer overflow and format
string vulnerability should be separated because they are different
types of issues.
ACKNOWLEDGEMENT: In the NEWS file of the source for libgtop 1.0.13,
the "November 26, 2001" segment says "security fix," which is a little
unclear about whether *this* bug was truly fixed, though the dates
align closely.  The source for src/daemon/gnuserv.c doesn't look
vulnerable, but there are no programmer comments either.
HOWEVER... a "diff" of src/daemon/gnuserv.c for versions 1.0.13 and
1.0.12 shows that 'syslog (priority, buffer)' got changed to 'syslog
(priority, "%s", buffer)', which should be good enough for anyone :-)

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100699007010203&w=2

Buffer overflow in the permitted function of GNOME libgtop_daemon in
libgtop 1.0.13 and earlier may allow remote attackers to execute
arbitrary code via long authentication data.

Analysis
----------------
ED_PRI CAN-2001-0928 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that the buffer overflow and format
string vulnerability should be separated because they are different
types of issues.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0930
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 Sendpage (Perl CGI) Remote Execution Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689313216624&w=2

Sendpage.pl allows remote attackers to execute arbitrary commands via
a message containing shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0930 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0931
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0931
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2
Reference: XF:powerftp-dot-directory-traversal(7615)
Reference: URL:http://xforce.iss.net/static/7615.php
Reference: BID:3593
Reference: URL:http://www.securityfocus.com/bid/3593

Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03
allows attackers to list or read arbitrary files and directories via a
.. (dot dot) in (1) LS or (2) GET.

Analysis
----------------
ED_PRI CAN-2001-0931 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests combining vulnerabilities of the same
type.  Some people consider C: and D: "path escaping" to be a
directory traversal vulnerability in the same vein as .. problems,
which might argue for combining this issue with the LS/GET .. problem
as listed in another candidate.  However, if a ".." were filtered from
the requested pathname, this particular problem would still exist.  So
this should be considered a different type of problem than a .. issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0932
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2
Reference: XF:powerftp-long-command-dos(7616)
Reference: URL:http://xforce.iss.net/static/7616.php
Reference: BID:3595
Reference: URL:http://www.securityfocus.com/bid/3595

Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a long command.

Analysis
----------------
ED_PRI CAN-2001-0932 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0933
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0933
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2

Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the
contents of arbitrary drives via a ls (LIST) command that includes the
drive letter as an argument, e.g. "ls C:".

Analysis
----------------
ED_PRI CAN-2001-0933 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

CD:SF-LOC suggests combining vulnerabilities of the same type.  Some
people consider C: and D: "path escaping" to be a directory traversal
vulnerability in the same vein as .. problems, which might argue for
combining this issue with the LS/GET .. problem as listed in another
candidate.  However, if a ".." were filtered from the requested
pathname, this particular problem would still exist.  So this should
be considered a different type of problem than a .. issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0934
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0934
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2

Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the
physical path of the server root via the pwd command, which lists the
full pathname.

Analysis
----------------
ED_PRI CAN-2001-0934 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC, DESIGN-REAL-PATH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0935
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category:
Reference: SUSE:SuSE-SA:2001:043
Reference: URL:http://www.suse.de/de/support/security/2001_043_wuftpd_txt.html

Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which
is unrelated to the ftpglob bug described in CAN-2001-0550.

Analysis
----------------
ED_PRI CAN-2001-0935 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: The SUSE advisory describes the ftpglob buffer overflow
(CAN-2001-0550), then states "Some weeks ago, an internal source code
audit of wu-ftpd 2.6.0 performed by Thomas Biege, SuSE Security,
revealed some other security related bugs that are fixed."  It
provides no other details, so this problem should be distinguished.
There are no other details, so the CVE description is vague.
INCLUSION: CD:VAGUE suggests that when a vaguely worded advisory is
posted by a vendor, that it should still be included in CVE because
there is sufficient evidence that the problem is real (since it came
from the vendor).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0937
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011130 Vulnerabilities in PGPMail.pl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714269114686&w=2
Reference: VULN-DEV:20011129 PGPMail.pl possible remote command execution
Reference: URL:http://www.securityfocus.com/archive/82/243262

PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands
via shell metacharacters in the (1) recipient or (2) pgpuserid
parameters.

Analysis
----------------
ED_PRI CAN-2001-0937 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0938
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011130 Aspupload installs exploitable scripts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715294425985&w=2

Directory traversal vulnerability in AspUpload 2.1, in certain
configurations, allows remote attackers to upload and read arbitrary
files, and list arbitrary directories, via a .. (dot dot) in the
Filename parameter in (1) UploadScript11.asp or (2)
DirectoryListing.asp.

Analysis
----------------
ED_PRI CAN-2001-0938 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

ABSTRACTION: CD:SF-EXEC suggests combining problems of the same type
that appear in multiple executables of the same version of a package.
ACKNOWLEDGEMENT: the discloser claims that the vendor disputes the
severity of the vulnerability because the vendor recommendations
configuring the scripts with permissions that prevent execution.
Whether this is sufficient "acknowledgement" of the problem is
uncertain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0941
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100716693806967&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local
users to execute arbitrary code via a long ORACLE_HOME environment
variable.

Analysis
----------------
ED_PRI CAN-2001-0941 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting between problems of
different types, so the 3 issues described in the Oracle advisory are
being split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0942
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment
variable to find and execute the dbsnmp program, which allows local
users to execute arbitrary programs by pointing the ORACLE_HOME to an
alternate directory that contains a Trojan Horse version of dbsnmp.

Analysis
----------------
ED_PRI CAN-2001-0942 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting between problems of
different types, so the 3 issues described in the Oracle advisory are
being split.  It could be argued that the CHOWN/CHGRP and ORACLE_HOME
problems are of the same type (trusting a user-supplied search path),
but they occur in different versions, so CD:SF-LOC is clear on
splitting between them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007