|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-78 - 54 candidates
I am proposing cluster RECENT-78 for review and voting by the Editorial Board. Name: RECENT-78 Description: Candidates announced between 11/2/2001 and 11/30/2001 Size: 54 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0723 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0723 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." Analysis ---------------- ED_PRI CAN-2001-0723 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0724 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CAN-2001-0664. Analysis ---------------- ED_PRI CAN-2001-0724 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0869 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011129 Category: SF Reference: SUSE:SuSE-SA:2001:042 Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3 Reference: CALDERA:CSSA-2001-040.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt Reference: REDHAT:RHSA-2001-150 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html Reference: REDHAT:RHSA-2001-151 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html Reference: XF:cyrus-sasl-format-string(7443) Reference: URL:http://xforce.iss.net/static/7443.php Format string vulnerability in the default logging callback function in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2001-0869 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0884 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011213 Category: SF Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting Reference: URL:http://www.securityfocus.com/archive/1/242839 Reference: CONECTIVA:CLA-2001:445 Reference: URL:http://www.securityfocus.com/advisories/3721 Reference: REDHAT:RHSA-2001:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html Reference: REDHAT:RHSA-2001:170 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html Reference: XF:mailman-java-css(7617) Reference: URL:http://xforce.iss.net/static/7617.php Reference: BID:3602 Reference: URL:http://www.securityfocus.com/bid/3602 Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. Analysis ---------------- ED_PRI CAN-2001-0884 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0891 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2 Reference: SGI:20020101-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters. Analysis ---------------- ED_PRI CAN-2001-0891 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0894 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100584160110303&w=2 Reference: MANDRAKE:MDKSA-2001:089 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-089.php3?dis=8.1 Reference: DEBIAN:DSA-093 Reference: URL:http://www.debian.org/security/2001/dsa-093 Reference: BID:3544 Reference: URL:http://www.securityfocus.com/bid/3544 Reference: XF:postfix-smtp-log-dos(7568) Reference: URL:http://xforce.iss.net/static/7568.php Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. Analysis ---------------- ED_PRI CAN-2001-0894 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0895 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. Analysis ---------------- ED_PRI CAN-2001-0895 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0896 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.33 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO. Analysis ---------------- ED_PRI CAN-2001-0896 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0918 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: SUSE:SuSE-SA:2001:041 Reference: URL:http://www.suse.de/de/support/security/2001_041_susehelp_txt.txt Reference: XF:susehelp-cgi-command-execution(7583) Reference: URL:http://xforce.iss.net/static/7583.php Reference: BID:3576 Reference: URL:http://www.securityfocus.com/bid/3576 Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. Analysis ---------------- ED_PRI CAN-2001-0918 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0929 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. Analysis ---------------- ED_PRI CAN-2001-0929 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0897 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0897 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011115 UBB vulnerablietis + about: using example Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586033530341&w=2 Reference: BUGTRAQ:20011115 Re: UBB vulnerablietis + about: using example Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586541317940&w=2 Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. Analysis ---------------- ED_PRI CAN-2001-0897 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0899 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0899 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100593523104176&w=2 Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32 Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. Analysis ---------------- ED_PRI CAN-2001-0899 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: The comment for version 0.3, dated November 26, says "This version is a bug fix to the remote command execution security hole in version 0.2" A look at the source code shows that all calls to system() are now quoted. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0900 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2 Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order= Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. Analysis ---------------- ED_PRI CAN-2001-0900 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0901 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626603407639&w=2 Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. Analysis ---------------- ED_PRI CAN-2001-0901 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the ChangeLog in HyperMail 2.1.4, the entry for Nov 14, 2001 says "Changes relevant to security... attachment filenames ending in .shtml get changed to .html." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0912 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: MANDRAKE:MDKSA-2001:087 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1 Reference: XF:linux-expect-unauth-root(7604) Reference: URL:http://xforce.iss.net/static/7604.php Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-0912 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2 Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2 Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. Analysis ---------------- ED_PRI CAN-2001-0914 2 Vendor Acknowledgement: yes followup ABSTRACTION: There could be a rediscovery of CVE-2000-0729, but there is insufficient information to be certain. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0917 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011122 Hi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654722925155&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=100658457507305&w=2 Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. Analysis ---------------- ED_PRI CAN-2001-0917 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0920 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0920 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100680319004162&w=2 Reference: CONFIRM:http://and.sourceforge.net/ Reference: XF:and-format-string(7606) Reference: URL:http://xforce.iss.net/static/7606.php Reference: BID:3580 Reference: URL:http://www.securityfocus.com/bid/3580 Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string. Analysis ---------------- ED_PRI CAN-2001-0920 2 Vendor Acknowledgement: yes advisory The home page for AND states "Security Alert! A format string vulnerability has been found in AND 1.0.4 and before. Update to 1.0.5 or newer NOW!" and references the author of the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0936 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100713367307799&w=2 Reference: CONFIRM:http://frox.sourceforge.net/security.txt Reference: XF:frox-ftp-proxy-bo(7632) Reference: URL:http://xforce.iss.net/static/7632.php Reference: BID:3606 Reference: URL:http://www.securityfocus.com/bid/3606 Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request. Analysis ---------------- ED_PRI CAN-2001-0936 2 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The vendor advisory is a verbatim copy of the advisory that was sent to Bugtraq. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0939 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0939 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715316426817&w=2 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88 Reference: BID:3607 Reference: URL:http://www.securityfocus.com/bid/3607 Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. Analysis ---------------- ED_PRI CAN-2001-0939 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0868 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0868 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011123 Category: SF Reference: BUGTRAQ:20011123 Redhat Stronghold Secure Server File System Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654958131854&w=2 Reference: XF:stronghold-webserver-obtain-information(7582) Reference: URL:http://xforce.iss.net/static/7582.php Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. Analysis ---------------- ED_PRI CAN-2001-0868 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0870 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0870 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011130 Category: CF Reference: BUGTRAQ:20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715758109838&w=2 Reference: BID:3598 Reference: URL:http://www.securityfocus.com/bid/3598 Reference: XF:alchemy-http-view-log(7630) Reference: URL:http://xforce.iss.net/static/7630.php HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file. Analysis ---------------- ED_PRI CAN-2001-0870 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0871 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20011130 Category: SF Reference: BUGTRAQ:20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714173510535&w=2 Reference: BID:3599 Reference: URL:http://www.securityfocus.com/bid/3599 Reference: XF:alchemy-http-dot-variant(7626) Reference: URL:http://xforce.iss.net/static/7626.php Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. Analysis ---------------- ED_PRI CAN-2001-0871 3 Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: This is a difficult problem. CD:SF-LOC suggsts combining problems of the same type that affect the same software versions. The problem described in (2) also shows up in the earlier versions, so there is overlap in terms of versions there. One could argue that the vendor did not completely fix the initial problem, still leaving it partially vulnerable, in which case it makes sense to combine them into a single entry. However, improperly handling DOS device names in pathnames is emerging as a new type of problem, but it is not known if the DOS device names have any impact without the directory traversal, so there is insufficient information here (and the content decisions are murky) to be sure which approach is best. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0892 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0892 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100568999726036&w=2 Reference: CONFIRM:http://www.acme.com/software/thttpd/ Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. Analysis ---------------- ED_PRI CAN-2001-0892 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-CODEBASE ACKNOWLEDGEMENT: the change log for version 2.22 states: "Fix for security hole that exposed contents of .htpasswd in some cases (noticed by zeno@cgisecurity.com). " ABSTRACTION: The .htpasswd problem appears in 2 Acme products, Thttpd and mini_httpd. Since the two products are distributed separately (and aren't part of the same package), CD:SF-CODEBASE recommends that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0893 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0893 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln Reference: URL:http://marc.theaimsgroup.com/?t=100568954600004&w=2&r=1 Reference: CONFIRM:http://www.acme.com/software/mini_httpd/ Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. Analysis ---------------- ED_PRI CAN-2001-0893 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-CODEBASE ABSTRACTION: The .htpasswd problem appears in 2 Acme products, Thttpd and mini_httpd. Since the two products are distributed separately (and aren't part of the same package), CD:SF-CODEBASE recommends that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0898 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0898 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011115 Several javascript vulnerabilities in Opera Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586079932284&w=2 Reference: BUGTRAQ:20011116 Re: Several javascript vulnerabilities in Opera Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100588139312696&w=2 Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript. Analysis ---------------- ED_PRI CAN-2001-0898 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2 Reference: NTBUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. Analysis ---------------- ED_PRI CAN-2001-0902 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0903 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0903 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 A Cryptanalysis of the High-bandwidth Digital Content Protection System Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626641009560&w=2 Reference: MISC:http://nunce.org/hdcp/hdcp111901.htm Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication. Analysis ---------------- ED_PRI CAN-2001-0903 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0904 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011120 MSIE 5.5/6 Q312461 patch disclose patch information Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619268115798&w=2 Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. Analysis ---------------- ED_PRI CAN-2001-0904 3 Vendor Acknowledgement: unknown Content Decisions: INCLUSION, ABSTRACTION INCLUSION: by the CVE definition, this issue is an exposure and as such should be included in CVE. However, this may be part of a larger design issue, namely: web clients that identify themselves to web servers is an exposure in general. It may not be appropriate to include this specific example in CVE without considering the more general issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0908 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0908 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638693315933&w=2 Reference: BID:3566 Reference: URL:http://www.securityfocus.com/bid/3566 Reference: XF:win-terminal-spoof-address(7538) Reference: URL:http://xforce.iss.net/static/7538.php CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). Analysis ---------------- ED_PRI CAN-2001-0908 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2 Reference: XF:winxp-helpctr-bo(7605) Reference: URL:http://xforce.iss.net/static/7605.php Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. Analysis ---------------- ED_PRI CAN-2001-0909 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0910 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0910 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Legato Networker vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638782917917&w=2 Reference: XF:networker-reverse-dns-bypass-auth(7601) Reference: URL:http://xforce.iss.net/static/7601.php Reference: BID:3564 Reference: URL:http://www.securityfocus.com/bid/3564 Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. Analysis ---------------- ED_PRI CAN-2001-0910 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0911 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0911 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 PhpNuke Admin password can be stolen ! Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638850219503&w=2 Reference: BID:3567 Reference: URL:http://www.securityfocus.com/bid/3567 Reference: XF:phpnuke-postnuke-insecure-passwords(7596) Reference: URL:http://xforce.iss.net/static/7596.php PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. Analysis ---------------- ED_PRI CAN-2001-0911 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0913 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0913 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011122 [NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100655265508104&w=2 Reference: CONFIRM:http://lists.research.netsol.com/pipermail/rwhois-announce/2001-November/000023.html Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers. Analysis ---------------- ED_PRI CAN-2001-0913 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: This problem is the same type as that for CAN-2001-0838. However, CAN-2001-0838 was fixed in 1.5.7.2. This problem appears in 1.5.7.2 and wasn't fixed until 1.5.7.3. So, this problem appears in a different version than CAN-2001-0838. CD:SF-LOC therefore suggests that these issues should be SPLIT since they appear in different versions. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0915 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0915 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2 Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. Analysis ---------------- ED_PRI CAN-2001-0915 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC CD:SF-LOC suggests splitting problems of different types, so the format string and buffer overflow problems receive separate candidates. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0916 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0916 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2 Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. Analysis ---------------- ED_PRI CAN-2001-0916 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC CD:SF-LOC suggests splitting problems of different types, so the format string and buffer overflow problems receive separate candidates. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0919 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0919 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100679857614967&w=2 Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript, Analysis ---------------- ED_PRI CAN-2001-0919 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Mac Netscape password fields Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2 Reference: XF:macos-netscape-print-passwords(7593) Reference: URL:http://xforce.iss.net/static/7593.php Reference: BID:3565 Reference: URL:http://www.securityfocus.com/bid/3565 Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. Analysis ---------------- ED_PRI CAN-2001-0921 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0922 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0922 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011126 NMRC Advisory - NetDynamics Session ID is Reusable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100681274915525&w=2 ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in. Analysis ---------------- ED_PRI CAN-2001-0922 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0923 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0923 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011025 Advisory: Corrupt RPM Query Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/222542 Reference: CONECTIVA:CLA-2001:440 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440 Reference: BID:3472 Reference: URL:http://www.securityfocus.com/bid/3472 Reference: XF:Linux-rpm-execute-code(7349) Reference: URL:http://xforce.iss.net/static/7349.php RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. Analysis ---------------- ED_PRI CAN-2001-0923 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0924 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011122 double dot vulnerability on a site running Informix database. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654890029878&w=2 Reference: BUGTRAQ:20011127 Re: double dot vulnerability on a site running Informix database. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100688672019635&w=2 Reference: BID:3575 Reference: URL:http://www.securityfocus.com/bid/3575 Reference: XF:informix-web-datablade-directory-traversal(7585) Reference: URL:http://xforce.iss.net/static/7585.php Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. Analysis ---------------- ED_PRI CAN-2001-0924 3 Vendor Acknowledgement: INCLUSION: several followups indicate that others were unable to reproduce the problem. It may be that the "ifx" is not even specific to Informix, rather the site that the original discloser was testing. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0926 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0926 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 JRun SSI Request Body Parsing Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100697797325013&w=2 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full Reference: BID:3589 Reference: URL:http://www.securityfocus.com/bid/3589 Reference: XF:allaire-jrun-view-source(7622) Reference: URL:http://xforce.iss.net/static/7622.php SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. Analysis ---------------- ED_PRI CAN-2001-0926 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0927 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0927 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011127 [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689302316077&w=2 Reference: MISC:ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. Analysis ---------------- ED_PRI CAN-2001-0927 3 Vendor Acknowledgement: yes patch Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that the buffer overflow and format string vulnerability should be separated because they are different types of issues. ACKNOWLEDGEMENT: In the NEWS file of the source for libgtop 1.0.13, the "November 26, 2001" segment says "security fix," which is a little unclear about whether *this* bug was truly fixed, though the dates align closely. The source for src/daemon/gnuserv.c doesn't look vulnerable, but there are no programmer comments either. HOWEVER... a "diff" of src/daemon/gnuserv.c for versions 1.0.13 and 1.0.12 shows that 'syslog (priority, buffer)' got changed to 'syslog (priority, "%s", buffer)', which should be good enough for anyone :-) Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100699007010203&w=2 Buffer overflow in the permitted function of GNOME libgtop_daemon in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. Analysis ---------------- ED_PRI CAN-2001-0928 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests that the buffer overflow and format string vulnerability should be separated because they are different types of issues. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0930 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 Sendpage (Perl CGI) Remote Execution Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689313216624&w=2 Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-0930 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0931 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0931 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2 Reference: XF:powerftp-dot-directory-traversal(7615) Reference: URL:http://xforce.iss.net/static/7615.php Reference: BID:3593 Reference: URL:http://www.securityfocus.com/bid/3593 Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. Analysis ---------------- ED_PRI CAN-2001-0931 3 Vendor Acknowledgement: no Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests combining vulnerabilities of the same type. Some people consider C: and D: "path escaping" to be a directory traversal vulnerability in the same vein as .. problems, which might argue for combining this issue with the LS/GET .. problem as listed in another candidate. However, if a ".." were filtered from the requested pathname, this particular problem would still exist. So this should be considered a different type of problem than a .. issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0932 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0932 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2 Reference: XF:powerftp-long-command-dos(7616) Reference: URL:http://xforce.iss.net/static/7616.php Reference: BID:3595 Reference: URL:http://www.securityfocus.com/bid/3595 Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. Analysis ---------------- ED_PRI CAN-2001-0932 3 Vendor Acknowledgement: no Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0933 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0933 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2 Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:". Analysis ---------------- ED_PRI CAN-2001-0933 3 Vendor Acknowledgement: no Content Decisions: SF-LOC CD:SF-LOC suggests combining vulnerabilities of the same type. Some people consider C: and D: "path escaping" to be a directory traversal vulnerability in the same vein as .. problems, which might argue for combining this issue with the LS/GET .. problem as listed in another candidate. However, if a ".." were filtered from the requested pathname, this particular problem would still exist. So this should be considered a different type of problem than a .. issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0934 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0934 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2 Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname. Analysis ---------------- ED_PRI CAN-2001-0934 3 Vendor Acknowledgement: no Content Decisions: SF-LOC, DESIGN-REAL-PATH Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0935 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0935 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: Reference: SUSE:SuSE-SA:2001:043 Reference: URL:http://www.suse.de/de/support/security/2001_043_wuftpd_txt.html Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CAN-2001-0550. Analysis ---------------- ED_PRI CAN-2001-0935 3 Vendor Acknowledgement: Content Decisions: SF-LOC, VAGUE ABSTRACTION: The SUSE advisory describes the ftpglob buffer overflow (CAN-2001-0550), then states "Some weeks ago, an internal source code audit of wu-ftpd 2.6.0 performed by Thomas Biege, SuSE Security, revealed some other security related bugs that are fixed." It provides no other details, so this problem should be distinguished. There are no other details, so the CVE description is vague. INCLUSION: CD:VAGUE suggests that when a vaguely worded advisory is posted by a vendor, that it should still be included in CVE because there is sufficient evidence that the problem is real (since it came from the vendor). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0937 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0937 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011130 Vulnerabilities in PGPMail.pl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714269114686&w=2 Reference: VULN-DEV:20011129 PGPMail.pl possible remote command execution Reference: URL:http://www.securityfocus.com/archive/82/243262 PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. Analysis ---------------- ED_PRI CAN-2001-0937 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0938 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0938 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011130 Aspupload installs exploitable scripts Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715294425985&w=2 Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. Analysis ---------------- ED_PRI CAN-2001-0938 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC ABSTRACTION: CD:SF-EXEC suggests combining problems of the same type that appear in multiple executables of the same version of a package. ACKNOWLEDGEMENT: the discloser claims that the vendor disputes the severity of the vulnerability because the vendor recommendations configuring the scripts with permissions that prevent execution. Whether this is sufficient "acknowledgement" of the problem is uncertain. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0941 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0941 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100716693806967&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. Analysis ---------------- ED_PRI CAN-2001-0941 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting between problems of different types, so the 3 issues described in the Oracle advisory are being split. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0942 Final-Decision: Interim-Decision: Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a Trojan Horse version of dbsnmp. Analysis ---------------- ED_PRI CAN-2001-0942 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests splitting between problems of different types, so the 3 issues described in the Oracle advisory are being split. It could be argued that the CHOWN/CHGRP and ORACLE_HOME problems are of the same type (trusting a user-supplied search path), but they occur in different versions, so CD:SF-LOC is clear on splitting between them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
