|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-80 - 40 candidates
I am proposing cluster RECENT-80 for review and voting by the Editorial Board. Name: RECENT-80 Description: Candidates announced between 3/3/2001 and 7/26/2001 Size: 40 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0731 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0731 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20011008 Category: SF Reference: BUGTRAQ:20010709 How Google indexed a file with no external link Reference: URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net Reference: CONFIRM:http://www.apacheweek.com/issues/01-10-05#security Reference: MANDRAKE:MDKSA-2001:077 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3 Reference: BID:3009 Reference: URL:http://www.securityfocus.com/bid/3009 Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. Analysis ---------------- ED_PRI CAN-2001-0731 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1084 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: ALLAIRE:MPSB01-06 Reference: URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://www.iss.net/security_center/static/6793.php Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. Analysis ---------------- ED_PRI CAN-2001-1084 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1088 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing Reference: URL:http://www.securityfocus.com/archive/1/188752 Reference: CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241 Reference: XF:outlook-address-book-spoofing(6655) Reference: URL:http://xforce.iss.net/static/6655.php Reference: BID:2823 Reference: URL:http://www.securityfocus.com/bid/2823 Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. Analysis ---------------- ED_PRI CAN-2001-1088 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1108 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html Reference: XF:snapstream-dot-directory-traversal(6917) Reference: URL:http://xforce.iss.net/static/6917.php Reference: BID:3100 Reference: URL:http://www.securityfocus.com/bid/3100 Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL. Analysis ---------------- ED_PRI CAN-2001-1108 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: The online bulletin board includes a query about whether SnapStream fixed certain bugs, which included a URL to the problem description which indicates that it's the same as the Bugtraq post. "rakeshagrawal," whose email address is from SnapStream, said "issue 1 has been corrected," and issue 1 is the directory traversal problem identified in the Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1121 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://xforce.iss.net/static/6793.php Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows remote attackers to execute JavaScript on other clients via a web page URL that references a non-existent JSP file or Servlet, which causes the script to be returned in an error message. Analysis ---------------- ED_PRI CAN-2001-1121 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1141 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a Reference: URL:http://www.securityfocus.com/archive/1/195829 Reference: FREEBSD:FreeBSD-SA-01:51 Reference: URL:http://www.securityfocus.com/advisories/3475 Reference: NETBSD:NetBSD-SA2001-013 Reference: URL:http://www.securityfocus.com/advisories/3512 Reference: CONECTIVA:CLA-2001:418 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418 Reference: MANDRAKE:MDKSA-2001:065 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0 Reference: REDHAT:RHSA-2001:051-18 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-051.html Reference: ENGARDE:ESA-20010709-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1483.html Reference: BID:3004 Reference: URL:http://www.securityfocus.com/bid/3004 Reference: XF:openssl-prng-brute-force(6823) Reference: URL:http://xforce.iss.net/static/6823.php The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. Analysis ---------------- ED_PRI CAN-2001-1141 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1144 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty Reference: URL:http://www.securityfocus.com/archive/1/196272 Reference: NTBUGTRAQ:20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558 Reference: CERT-VN:VU#190267 Reference: URL:http://www.kb.cert.org/vuls/id/190267 Reference: BID:3020 Reference: URL:http://www.securityfocus.com/bid/3020 Reference: XF:mcafee-mycio-directory-traversal(6834) Reference: URL:http://www.iss.net/security_center/static/6834.php Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. Analysis ---------------- ED_PRI CAN-2001-1144 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1145 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NETBSD:NetBSD-SA2001-016 Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html Reference: FREEBSD:FreeBSD-SA-01:40 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001 Reference: URL:http://www.openbsd.org/errata28.html Reference: BID:3205 Reference: URL:http://online.securityfocus.com/bid/3205 fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. Analysis ---------------- ED_PRI CAN-2001-1145 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1146 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: ENGARDE:ESA-20010711-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1492.html Reference: XF:allcommerce-temp-symlink(6830) Reference: URL:http://xforce.iss.net/static/6830.php Reference: BID:3016 Reference: URL:http://online.securityfocus.com/bid/3016 AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates teporary files with predictable names, which allows local users to modify files via a symlink attack. Analysis ---------------- ED_PRI CAN-2001-1146 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1158 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010709 Check Point FireWall-1 RDP Bypass Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html Reference: BUGTRAQ:20010709 Check Point response to RDP Bypass Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1 Reference: CHECKPOINT:20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx Reference: URL:http://www.checkpoint.com/techsupport/alerts/rdp.html Reference: CERT:CA-2001-17 Reference: URL:http://www.cert.org/advisories/CA-2001-17.html Reference: CERT-VN:VU#310295 Reference: URL:http://www.kb.cert.org/vuls/id/310295 Reference: CIAC:L-109 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-109.shtml Reference: XF:fw1-rdp-bypass(6815) Reference: URL:http://xforce.iss.net/static/6815.php Reference: BID:2952 Reference: URL:http://www.securityfocus.com/bid/2952 Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. Analysis ---------------- ED_PRI CAN-2001-1158 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1161 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1161 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Lotus Domino Server Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194465 Reference: BUGTRAQ:20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194609 Reference: CERT-VN:VU#642239 Reference: URL:http://www.kb.cert.org/vuls/id/642239 Reference: BID:2962 Reference: URL:http://www.securityfocus.com/bid/2962 Reference: XF:lotus-domino-css(6789) Reference: URL:http://www.iss.net/security_center/static/6789.php Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. Analysis ---------------- ED_PRI CAN-2001-1161 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1162 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010623 smbd remote file creation vulnerability Reference: URL:http://www.securityfocus.com/archive/1/193027 Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/macroexploit.html Reference: MANDRAKE:MDKSA-2001-062 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3 Reference: HP:HPSBUX0107-157 Reference: URL:http://www.securityfocus.com/advisories/3423 Reference: SGI:20011002-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P Reference: CIAC:L-105 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-105.shtml Reference: IMMUNIX:IMNX-2001-70-027-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01 Reference: CALDERA:CSSA-2001-024.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt Reference: CONECTIVA:CLA-2001:405 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405 Reference: REDHAT:RHSA-2001:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-086.html Reference: DEBIAN:DSA-065 Reference: URL:http://www.debian.org/security/2001/dsa-065 Reference: BID:2928 Reference: URL:http://www.securityfocus.com/bid/2928 Reference: XF:samba-netbios-file-creation(6731) Reference: URL:http://xforce.iss.net/static/6731.php Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. Analysis ---------------- ED_PRI CAN-2001-1162 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1172 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1172 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html Reference: CONFIRM:http://www.omnisecure.com/security-alert.html Reference: XF:httprotect-protected-file-symlink(6880) Reference: URL:http://xforce.iss.net/static/6880.php OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. Analysis ---------------- ED_PRI CAN-2001-1172 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1174 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: REDHAT:RHSA-2001:091 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-091.html Reference: MANDRAKE:MDKSA-2001:067 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php Reference: XF:elm-messageid-bo(6852) Reference: URL:http://xforce.iss.net/static/6852.php Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. Analysis ---------------- ED_PRI CAN-2001-1174 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1175 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: REDHAT:RHSA-2001:095 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-095.html Reference: XF:vipw-world-readable-files(6851) Reference: URL:http://xforce.iss.net/static/6851.php Reference: BID:3036 Reference: URL:http://www.securityfocus.com/bid/3036 vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. Analysis ---------------- ED_PRI CAN-2001-1175 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1176 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010712 VPN-1/FireWall-1 Format Strings Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/format_strings.html Reference: BID:3021 Reference: URL:http://www.securityfocus.com/bid/3021 Reference: XF:fw1-management-format-string(6849) Reference: URL:http://xforce.iss.net/static/6849.php Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. Analysis ---------------- ED_PRI CAN-2001-1176 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1180 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html Reference: CIAC:L-111 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-111.shtml Reference: CERT-VN:VU#943633 Reference: URL:http://www.kb.cert.org/vuls/id/943633 Reference: FREEBSD:FreeBSD-SA-01:42 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc Reference: XF:bsd-rfork-signal-handlers(6829) Reference: URL:http://xforce.iss.net/static/6829.php Reference: BID:3007 Reference: URL:http://www.securityfocus.com/bid/3007 FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. Analysis ---------------- ED_PRI CAN-2001-1180 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1183 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CISCO:20010712 Cisco IOS PPTP Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html Reference: CERT-VN:VU#656315 Reference: URL:http://www.kb.cert.org/vuls/id/656315 Reference: BID:3022 Reference: URL:http://www.securityfocus.com/bid/3022 Reference: XF:cisco-ios-pptp-dos(6835) Reference: URL:http://xforce.iss.net/static/6835.php PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. Analysis ---------------- ED_PRI CAN-2001-1183 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#320944 Reference: URL:http://www.kb.cert.org/vuls/id/320944 Reference: XF:ftp-voyager-embedded-script-execution(7119) Reference: URL:http://xforce.iss.net/static/7119.php FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2001-1103 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1085 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010705 lmail local root exploit Reference: URL:http://www.securityfocus.com/archive/1/195022 Reference: XF:lmail-tmpfile-symlink(6809) Reference: URL:http://xforce.iss.net/static/6809.php Reference: BID:2984 Reference: URL:http://www.securityfocus.com/bid/2984 Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Analysis ---------------- ED_PRI CAN-2001-1085 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1086 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010704 xdm cookies fast brute force Reference: URL:http://www.securityfocus.com/archive/1/194907 Reference: BUGTRAQ:20010705 Re: xdm cookies fast brute force Reference: URL:http://online.securityfocus.com/archive/1/195008 Reference: BID:2985 Reference: URL:http://www.securityfocus.com/bid/2985 Reference: XF:xdm-cookie-brute-force(6808) Reference: URL:http://xforce.iss.net/static/6808.php XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. Analysis ---------------- ED_PRI CAN-2001-1086 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1087 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010705 RE: Tunnel ports allowed on NetApp NetCaches Reference: URL:http://www.securityfocus.com/archive/1/195176 Reference: XF:netcache-tunnel-default-configuration(6807) Reference: URL:http://xforce.iss.net/static/6807.php Reference: BID:2990 Reference: URL:http://www.securityfocus.com/bid/2990 The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. Analysis ---------------- ED_PRI CAN-2001-1087 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1097 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010724 UDP packet handling weird behaviour of various operating systems Reference: URL:http://www.securityfocus.com/archive/1/199558 Reference: BUGTRAQ:20010811 Re: UDP packet handling weird behaviour of various operating systems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99749327219189&w=2 Reference: BID:3096 Reference: URL:http://www.securityfocus.com/bid/3096 Reference: XF:cisco-ios-udp-dos(6319) Reference: URL:http://xforce.iss.net/static/6913.php Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. Analysis ---------------- ED_PRI CAN-2001-1097 3 Vendor Acknowledgement: unknown vague INCLUSION: The original post does not include specific details about the nature of the UDP packets. In addition, the vendor response indicated difficulty with reproducing the problem, but it may have been due to lack of detail in the original post. Finally, there is a long Bugtraq thread in which some posters suggest that the problem may be due to variations in hardware capabilities as opposed to underlying software flaws, but other followups indicate successful attacks on other operating systems. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1104 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010725 Weak TCP Sequence Numbers in Sonicwall SOHO Firewall Reference: URL:http://www.securityfocus.com/archive/1/199632 Reference: BID:3098 Reference: URL:http://www.securityfocus.com/bid/3098 SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. Analysis ---------------- ED_PRI CAN-2001-1104 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1106 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010725 Sambar Server password decryption Reference: URL:http://www.securityfocus.com/archive/1/199418 Reference: BID:3095 Reference: URL:http://www.securityfocus.com/bid/3095 Reference: XF:sambar-insecure-passwords(6909) Reference: URL:http://xforce.iss.net/static/6909.php The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. Analysis ---------------- ED_PRI CAN-2001-1106 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1107 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html Reference: XF:snapstream-dot-directory-traversal(6917) Reference: URL:http://xforce.iss.net/static/6917.php Reference: BID:3101 Reference: URL:http://www.securityfocus.com/bid/3101 SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server. Analysis ---------------- ED_PRI CAN-2001-1107 3 Vendor Acknowledgement: yes bboard Content Decisions: DESIGN-NO-ENCRYPTION ACKNOWLEDGEMENT: The online bulletin board includes a query about whether SnapStream fixed certain bugs, which included a URL to the problem description which indicates that it's the same as the Bugtraq post. "rakeshagrawal," whose email address is from SnapStream, said "passwords are still stored in plaintext on a SnapStream user's machine" which is an indicator of acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1120 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CONFIRM:http://www.allaire.com/handlers/index.cfm?id=21566 Reference: CERT-VN:VU#135531 Reference: URL:http://www.kb.cert.org/vuls/id/135531 Reference: BUGTRAQ:20010712 New Cold Fusion vulnerability Reference: URL:http://www.securityfocus.com/archive/1/196452 Reference: XF:coldfusion-unauthorized-file-access(6839) Reference: URL:http://xforce.iss.net/static/6839.php Reference: BID:3018 Reference: URL:http://www.securityfocus.com/bid/3018 Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates Analysis ---------------- ED_PRI CAN-2001-1120 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, VAGUE ABSTRACTION: CD:SF-LOC suggests splitting problems of different types. However, the vendor advisory does not provide enough details to be certain if this is the case. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1142 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010712 ArGoSoft FTP Server 1.2.2.2 Weak password encryption Reference: URL:http://www.securityfocus.com/archive/1/196968 Reference: BID:3029 Reference: URL:http://www.securityfocus.com/bid/3029 Reference: XF:argosoft-ftp-weak-encryption(6848) Reference: URL:http://www.iss.net/security_center/static/6848.php ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1142 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1143 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010711 IBM Windows DB2 DoS Reference: URL:http://www.securityfocus.com/archive/1/196140 Reference: BID:3010 Reference: URL:http://www.securityfocus.com/bid/3010 Reference: XF:ibm-db2-ccs-dos(6832) Reference: URL:http://www.iss.net/security_center/static/6832.php Reference: XF:ibm-db2-jds-dos(6833) Reference: URL:http://www.iss.net/security_center/static/6833.php IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. Analysis ---------------- ED_PRI CAN-2001-1143 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1148 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: VULN-DEV:20010613 SCO atcronsh auditsh termsh overflows Reference: URL:http://www.securityfocus.com/archive/82/191216 Reference: CALDERA:CSSA-2001-SCO.25 Reference: URL:http://www.securityfocus.com/archive/1/219966 Buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allows local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. Analysis ---------------- ED_PRI CAN-2001-1148 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC, VAGUE The SCO advisory is a little vague, so it can't be absolutely certain that all of the programs mentioned are affected by an overflow through TERM. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1159 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html Reference: MISC:http://www.squirrelmail.org/changelog.php Reference: BID:2968 Reference: URL:http://www.securityfocus.com/bid/2968 Reference: XF:squirrelmail-loadprefs-execute-code(6775) Reference: URL:http://www.iss.net/security_center/static/6775.php load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. Analysis ---------------- ED_PRI CAN-2001-1159 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: The change log for version 1.0.5 says, "MAJOR security issues addressed." The change log for Version 1.0.6 says, "Reworked validation for each page. It's now standardized in validate.php... Added more security checking to preference saving/loading." One of these change log quotes may refer to fixes for the PHP input validation problems SquirrelMail suffered in earlier versions. Howeverm since the change log information is vague, it's not clear that the change log is addressing this specific vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1160 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010618 udirectory from Microburst Technologies remote command execution Reference: URL:http://www.securityfocus.com/archive/1/191829 Reference: BID:2884 Reference: URL:http://www.securityfocus.com/bid/2884 Reference: XF:udirectory-remote-command-execution(6706) Reference: URL:http://xforce.iss.net/static/6706.php udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field. Analysis ---------------- ED_PRI CAN-2001-1160 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1163 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BID:2885 Reference: URL:http://www.securityfocus.com/bid/2885 Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500. Analysis ---------------- ED_PRI CAN-2001-1163 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1164 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CALDERA:CSSA-2001-SCO.4 Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.4/CSSA-2001-SCO.4.txt Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt. Analysis ---------------- ED_PRI CAN-2001-1164 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC, VAGUE INCLUSION: CAN-2001-0873 describes overflows through configuration files, not command line arguments. The advisory for this item is a little too vague to be certain whether it is fixing a new set of issues with the uucp utilities, or the problems that are identified by CAN-2001-0873. In addition, the advisory has no cross-references, which could make it easier to determine if it was addressing the CAN-2001-0873 problems. It's also possible that this is fixing CVE-2001-0190. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1173 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1173 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CONFIRM:ftp://innominate.org/oku/masqmail/ChangeLog-stable Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases. Analysis ---------------- ED_PRI CAN-2001-1173 3 Vendor Acknowledgement: yes changelog Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1177 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html Reference: BID:3008 Reference: URL:http://www.securityfocus.com/bid/3008 Reference: XF:samsung-printer-temp-symlink(6845) Reference: URL:http://xforce.iss.net/static/6845.php ml85p in Samsung ML-85G GDI printer driver allows local users to overwrite arbitrary files via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2001-1177 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1178 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010711 suid xman 3.1.6 overflows Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html Reference: BID:3030 Reference: URL:http://www.securityfocus.com/bid/3030 Reference: XF:xfree86-xman-manpath-bo(6853) Reference: URL:http://xforce.iss.net/static/6853.php Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. Analysis ---------------- ED_PRI CAN-2001-1178 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1179 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010717 xman (suid) exploit, made easier. Reference: URL:http://www.securityfocus.com/archive/1/197498 xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-1179 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1181 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: HP:HPSBUX0107-159 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0013.html Reference: CIAC:L-115 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-115.shtml Reference: XF:hpux-dlkm-gain-privileges(6861) Reference: URL:http://xforce.iss.net/static/6861.php Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1181 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE INCLUSION: CD:VAGUE states that if a vendor acknowledges or publicizes an issue and says it's security related, but the vendor is vague about the details, it should still be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1182 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: HP:HPSBUX0107-160 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0014.html Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges. Analysis ---------------- ED_PRI CAN-2001-1182 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE CD:VAGUE states that if a vendor acknowledges or publicizes an issue and says it's security related, but the vendor is vague about the details, it should still be included. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
