[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-81 - 61 candidates



I am proposing cluster RECENT-81 for review and voting by the
Editorial Board.

Name: RECENT-81
Description: Candidates announced between 8/2/2001 and 11/2/2001
Size: 61

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-1100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1100
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011007 Bug found at W3Mail Webmail
Reference: URL:http://www.securityfocus.com/archive/1/218921
Reference: CONFIRM:http://www.w3mail.org/ChangeLog
Reference: BID:3673
Reference: URL:http://www.securityfocus.com/bid/3673
Reference: XF:w3mail-metacharacters-command-execution(7230)
Reference: URL:http://xforce.iss.net/static/7230.php

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs,
allows remote attackers to execute arbitrary commands via shell
metacharacters in any field of the 'Compose Message' page.

Analysis
----------------
ED_PRI CAN-2001-1100 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: in Version 1.0.3 of the ChangeLog, dated December 4,
2001, the vendor says "Fixed potential security exploit by filtering
special metacharacters."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26
Reference: URL:http://www.securityfocus.com/archive/1/203874
Reference: CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz
Reference: XF:trollftpd-long-path-bo(6974)
Reference: URL:http://xforce.iss.net/static/6974.php
Reference: BID:3174
Reference: URL:http://www.securityfocus.com/bid/3174

Buffer overflow in TrollFTPD 1.26 and earlier allows local users to
execute arbitrary code by creating a series of deeply nested
directories with long names, then running the ls -R (recursive)
command.

Analysis
----------------
ED_PRI CAN-2001-1113 1
Vendor Acknowledgement: yes patch

ACKNOWLEDGEMENT: the discloser says that a fixed version is at
ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz. There is
no clear acknowledgement on the web site or in the README file.  A
look at listdir() in ls.c indicates that snprintf is being used to
copy pathnmes.  So the question is, was this fix *always* there, or
was it just added?  Fortunately we can download troll-ftpd-1.26.tar.gz
and do a diff between the ls.c files from 1.26 and 1.27...  Sure
enough, 1.26 used sprintf whereas 1.27 used snprintf.  So we have
indirect vendor acknowledgement through creation of a patch.  QED.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1117
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010810 Linksys router security fix
Reference: URL:http://www.securityfocus.com/archive/1/203302
Reference: BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port
Reference: URL:http://www.securityfocus.com/archive/1/201390
Reference: CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip
Reference: XF:linksys-etherfast-reveal-passwords(6949)
Reference: URL:http://xforce.iss.net/static/6949.php
Reference: BID:3141
Reference: URL:http://www.securityfocus.com/bid/3141

LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before
1.39.3 Beta allows a remote attacker to view administration and user
passwords by connecting to the router and viewing the HTML source for
(1) index.htm and (2) Password.htm.

Analysis
----------------
ED_PRI CAN-2001-1117 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: In befsr-fw1402.zip available from the vendor, the
notes for version 4.40.2 in ver.txt, dated October 24 2001, says
"5. Fixed some time user can see the UI page without password problem"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1118
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable
Reference: URL:http://www.securityfocus.com/archive/1/201476
Reference: BUGTRAQ:20010802 FW: Security alert: Remote user can access any file
Reference: URL:http://www.securityfocus.com/archive/1/201499
Reference: CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html
Reference: BID:3145
Reference: URL:http://www.securityfocus.com/bid/3145
Reference: XF:roxen-urlrectifier-retrieve-files(6937)
Reference: URL:http://xforce.iss.net/static/6937.php

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not
properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could
allow a remote attacker to execute arbitrary commands or view
arbitrary files via an encoded URL.

Analysis
----------------
ED_PRI CAN-2001-1118 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1119
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CERT-VN:VU#105347
Reference: URL:http://www.kb.cert.org/vuls/id/105347
Reference: SUSE:SuSE-SA:2001:025
Reference: URL:http://www.suse.de/de/support/security/2001_025_xmcd_txt.html
Reference: BID:3148
Reference: URL:http://www.securityfocus.com/bid/3148
Reference: XF:xmcd-cda-symlink(6941)
Reference: URL:http://xforce.iss.net/static/6941.php

cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to
overwrite arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-1119 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1130
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/201216
Reference: SUSE:SuSE-SA:2001:027
Reference: URL:http://www.suse.de/de/support/security/2001_027_sdb_txt.txt
Reference: XF:sdbsearch-cgi-command-execution(7003)
Reference: URL:http://xforce.iss.net/static/7003.php

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to
execute arbitrary commands by uploading a keylist.txt file that
contains filenames with shell metacharacters, then causing the file to
be searched using a .. in the HTTP referer (from the HTTP_REFERER
variable) to point to the directory that contains the keylist.txt
file.

Analysis
----------------
ED_PRI CAN-2001-1130 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: CONECTIVA:CLA-2001:420
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420
Reference: XF:mailman-blank-passwords(7091)
Reference: URL:http://xforce.iss.net/static/7091.php

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to
list administrative pages when there is an empty site or list
password, which is not properly handled during the call to the crypt
function during authentication.

Analysis
----------------
ED_PRI CAN-2001-1132 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011008 pam_limits.so Bug!!
Reference: URL:http://www.securityfocus.com/archive/1/219175
Reference: REDHAT:RHSA-2001:132
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-132.html
Reference: MANDRAKE:MDKSA-2001:084
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3
Reference: SUSE:SuSE-SA:2001:034
Reference: URL:http://www.suse.de/de/support/security/2001_034_shadow_txt.txt
Reference: CIAC:M-009
Reference: URL:http://www.ciac.org/ciac/bulletins/m-009.shtml
Reference: BID:3415
Reference: URL:URL:http://www.securityfocus.com/bid/3415
Reference: XF:utillinux-pamlimits-gain-privileges(7266)
Reference: URL:http://www.iss.net/security_center/static/7266.php

The PAM implementation in /bin/login of the util-linux package before
2.11 causes a password entry to be rewritten across multiple PAM
calls, which could provide the credentials of one user to a different
user, when used in certain PAM modules such as pam_limits.

Analysis
----------------
ED_PRI CAN-2001-1147 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CALDERA:CSSA-2001-SCO.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0391.html
Reference: XF:openunix-lpsystem-bo(7041)
Reference: URL:http://www.iss.net/security_center/static/7041.php
Reference: BID:3248
Reference: URL:http://online.securityfocus.com/bid/3248

lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of
service and possibly execute arbitrary code via a long command line
argument.

Analysis
----------------
ED_PRI CAN-2001-1153 1
Vendor Acknowledgement: yes advisory

The advisory describes behavior indicating a buffer overflow; hence,
my choice given our limited time constraints. A long argument causes
lpsystem to have a segmentation violation. Unfortunately this url does
not get me there:
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.15/, so I
contented myself with the neohapsis archive reference.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1155
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the
PARANOID ACL option enabled does not properly check the result of a
reverse DNS lookup, which could allow remote attackers to bypass
intended access restrictions via DNS spoofing.

Analysis
----------------
ED_PRI CAN-2001-1155 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:55
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc
Reference: XF:linprocfs-process-memory-leak(7017)
Reference: URL:http://www.iss.net/security_center/static/7017.php
Reference: BID:3217
Reference: URL:http://www.securityfocus.com/bid/3217

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access
to kernel memory, which allows one process with debugging rights on a
privileged process to read restricted memory from that process.

Analysis
----------------
ED_PRI CAN-2001-1166 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01
Reference: URL:http://www.securityfocus.com/archive/1/213331
Reference: BID:3314
Reference: URL:http://www.securityfocus.com/bid/3314
Reference: XF:postgresql-nss-authentication-modules(7111)
Reference: URL:http://xforce.iss.net/static/7111.php

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to
execute arbitrary SQL queries by inserting SQL code into an HTTP
request.

Analysis
----------------
ED_PRI CAN-2001-1089 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: AIXAPAR:IY23401
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html

Buffer overflow in uuq in AIX 4 could alllow local users to execute
arbitrary code via a long -r parameter.

Analysis
----------------
ED_PRI CAN-2001-1095 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: AIXAPAR:IY23402
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html

Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a
core dump and possibly execute code.

Analysis
----------------
ED_PRI CAN-2001-1096 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information
Reference: URL:http://www.securityfocus.com/archive/1/212724
Reference: BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information
Reference: URL:http://www.securityfocus.com/archive/1/213762
Reference: XF:nav-exchange-reveal-information(7093)
Reference: URL:http://xforce.iss.net/static/7093.php
Reference: BID:3305
Reference: URL:http://www.securityfocus.com/bid/3305

The default configuration of Norton AntiVirus for Microsoft Exchange
2000 2.x allows remote attackers to identify the recipient's INBOX
file path by sending an email with an attachment containing malicious
content, which includes the path in the rejection notice.

Analysis
----------------
ED_PRI CAN-2001-1099 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1116
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: NTBUGTRAQ:20010802 Identix BioLogon Client security bug
Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71
Reference: NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug
Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724
Reference: XF:dentix-biologon-auth-bypass(6948)
Reference: URL:http://xforce.iss.net/static/6948.php
Reference: BID:3140
Reference: URL:http://www.securityfocus.com/bid/3140

Identix BioLogon 2.03 and earlier does not lock secondary displays on
a multi-monitor system running Windows 98 or ME, which allows an
attacker with physical access to the system to bypass authentication
through a secondary display.

Analysis
----------------
ED_PRI CAN-2001-1116 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1149
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: VULN-DEV:20010821 RE: Bug report -- Incident number 240649
Reference: URL:http://www.securityfocus.com/archive/82/209328

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to
cause a denial of service (crash) when a user selects an action for a
malformed UPX packed executable file.

Analysis
----------------
ED_PRI CAN-2001-1149 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1090
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01
Reference: URL:http://www.securityfocus.com/archive/1/213331
Reference: BID:3315
Reference: URL:http://www.securityfocus.com/bid/3315
Reference: XF:postgresql-nss-authentication-modules(7111)
Reference: URL:http://xforce.iss.net/static/7111.php

nss_postgresql 0.6.1 and before allows a remote attacker to execute
arbitrary SQL queries by inserting SQL code into an HTTP request.

Analysis
----------------
ED_PRI CAN-2001-1090 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: NETBSD:NetBSD-SA2001-014
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc
Reference: XF:bsd-dump-tty-privileges(7037)
Reference: URL:http://xforce.iss.net/static/7037.php

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1
do not properly drop privileges, which could allow local users to gain
privileges via the RCMD_CMD environment variable.

Analysis
----------------
ED_PRI CAN-2001-1091 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213238
Reference: CERT-VN:VU#440539
Reference: URL:http://www.kb.cert.org/vuls/id/440539
Reference: BID:3320
Reference: URL:http://www.securityfocus.com/bid/3320
Reference: XF:du-msgchk-symlink(7102)
Reference: URL:http://xforce.iss.net/static/7102.php

msgchk in Digital UNIX 4.0G and earlier allows a local user to read
the first line of arbitrary files via a symlink attack on the
.mh_profile file.

Analysis
----------------
ED_PRI CAN-2001-1092 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1093
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1093
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213238
Reference: XF:du-msgchk-bo(7101)
Reference: URL:http://xforce.iss.net/static/7101.php
Reference: BID:3311
Reference: URL:http://www.securityfocus.com/bid/3311

Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows
local users to execute arbitrary code via a long command line
argument.

Analysis
----------------
ED_PRI CAN-2001-1093 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4
Reference: URL:http://www.securityfocus.com/archive/1/213516
Reference: BID:3321
Reference: URL:http://www.securityfocus.com/bid/3321
Reference: XF:netop-school-bypass-authentication(7120)
Reference: URL:http://xforce.iss.net/static/7120.php

NetOp School 1.5 allows local users to bypass access restrictions on
the administration version by logging into the student version,
closing the student version, then starting the administration version.

Analysis
----------------
ED_PRI CAN-2001-1094 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
Reference: XF:cisco-pfm-plaintext-password(7265)
Reference: URL:http://xforce.iss.net/static/7265.php

Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in
plaintext in the pfm.log file, which could allow local users to obtain
the password by reading the file.

Analysis
----------------
ED_PRI CAN-2001-1098 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1101
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010908 Bug in remote GUI access in CheckPoint Firewall
Reference: URL:http://www.securityfocus.com/archive/1/212826
Reference: XF:fw1-log-file-overwrite(7095)
Reference: URL:http://xforce.iss.net/static/7095.php
Reference: BID:3303
Reference: URL:http://www.securityfocus.com/bid/3303

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris
3.0b through 4.1 SP2 does not check for the existence of '.log' files
when saving files, which allows (1) remote authenticated users to
overwrite arbitrary files ending in '.log', or (2) local users to
overwrite arbitrary files via a symlink attack.

Analysis
----------------
ED_PRI CAN-2001-1101 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1102
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010908 Bug in compile portion for older versions of CheckPoint Firewalls
Reference: URL:http://www.securityfocus.com/archive/1/212824
Reference: XF:fw1-tmp-file-symlink(7094)
Reference: URL:http://xforce.iss.net/static/7094.php
Reference: BID:3300
Reference: URL:http://www.securityfocus.com/bid/3300

Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users
to overwrite arbitrary files via a symlink attack on temporary policy
files that end in a .cpp extension, which are set world-writable.

Analysis
----------------
ED_PRI CAN-2001-1102 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CIAC:L-141
Reference: URL:http://www.ciac.org/ciac/bulletins/l-141.shtml
Reference: CISCO:20010912 Vulnerable SSL Implementation in iCDN
Reference: URL:http://www.cisco.com/warp/public/707/SSL-J-pub.html
Reference: CONFIRM:http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
Reference: BID:3329
Reference: URL:http://www.securityfocus.com/bid/3329
Reference: XF:bsafe-ssl-bypass-authentication(7112)
Reference: URL:http://xforce.iss.net/static/7112.php

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches
session IDs from failed login attempts, which could allow remote
attackers to bypass SSL client authentication and gain access to
sensitive data by logging in after an initial failure.

Analysis
----------------
ED_PRI CAN-2001-1105 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1109
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213647
Reference: MISC:http://www.eftp.org/releasehistory.html
Reference: XF:eftp-list-directory-traversal(7113)
Reference: URL:http://xforce.iss.net/static/7113.php
Reference: XF:eftp-quote-reveal-information(7114)
Reference: URL:http://xforce.iss.net/static/7114.php
Reference: BID:3331
Reference: URL:http://www.securityfocus.com/bid/3331
Reference: BID:3333
Reference: URL:http://www.securityfocus.com/bid/3333

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote
authenticated users to reveal directory contents via a .. (dot dot) in
the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.

Analysis
----------------
ED_PRI CAN-2001-1109 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: possible ack in the release history for 2001.12.04:
"Fixed some security flaws with directory listings."  However, this is
not clear enough to be absolutely certain.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213647

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials
by requesting information on a file that is in a network share, which
causes the server to send the credentials to the host that owns the
share, and allows the attacker to sniff the connection.

Analysis
----------------
ED_PRI CAN-2001-1110 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213647
Reference: XF:eftp-plaintext-password(7116)
Reference: URL:http://xforce.iss.net/static/7116.php
Reference: BID:3332
Reference: URL:http://www.securityfocus.com/bid/3332

EFTP 2.0.7.337 stores user passwords in plaintext in the
eftp2users.dat file.

Analysis
----------------
ED_PRI CAN-2001-1111 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1112
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/213647
Reference: BID:3330
Reference: URL:http://www.securityfocus.com/bid/3330
Reference: XF:eftp-lnk-bo(7115)
Reference: URL:http://xforce.iss.net/static/7115.php

Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute
arbitrary code by uploading a .lnk file containing a large number of
characters.

Analysis
----------------
ED_PRI CAN-2001-1112 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010813 NetCode NC Book 0.2b remote command execution vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/204094
Reference: XF:netcode-book-pipes-command(6986)
Reference: URL:http://xforce.iss.net/static/6986.php
Reference: BID:3178
Reference: URL:http://www.securityfocus.com/bid/3178

book.cgi in NetCode NC Book 0.2b allows remote attackers to execute
arbitrary commands via shell metacharacters in the "current"
parameter.

Analysis
----------------
ED_PRI CAN-2001-1114 3
Vendor Acknowledgement: unknown foreign

ACKNOWLEDGEMENT: Ack unknown ... can't read Russian:
URL:http://www.lgg.ru/

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1115
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010813 SIX-webboard 2.01 "show files" vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/204053
Reference: XF:sixwebboard-dot-directory-traversal(6975)
Reference: URL:http://xforce.iss.net/static/6975.php
Reference: BID:3175
Reference: URL:http://www.securityfocus.com/bid/3175

generate.cgi in SIX-webboard 2.01 and before allows remote attackers
to read arbitrary files via a dot dot (..) in the content parameter.

Analysis
----------------
ED_PRI CAN-2001-1115 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1122
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010803 REPOST: A damaging local DoS in WinNT SP6a
Reference: URL:http://www.securityfocus.com/archive/1/201722
Reference: XF:winnt-nt4all-dos(6943)
Reference: URL:http://xforce.iss.net/static/6943.php
Reference: BID:3144
Reference: URL:http://www.securityfocus.com/bid/3144

Windows NT 4.0 SP 6a allows a local user with write access to
winnt/system32 to cause a denial of service (crash in lsass.exe) by
running the NT4ALL exploit program in 'SPECIAL' mode.

Analysis
----------------
ED_PRI CAN-2001-1122 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION

INCLUSION: the poster indicates that the user must have write access
to winnt/system32 to exploit this.  If such permissions are sufficient
for a user to gain privileges *anyway* (e.g. by replacing a critical
DLL), then there are no additional privileges or benefits gained
beyond that which is already available to the user, and perhaps this
item should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1123
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: HP:HPSBUX0110-170
Reference: URL:http://www.securityfocus.com/advisories/3585
Reference: HP:HPSBUX0112-177
Reference: URL:http://www.securityfocus.com/advisories/3723
Reference: BID:3399
Reference: URL:http://www.securityfocus.com/bid/3399
Reference: XF:openview-nmm-gain-privileges(7222)
Reference: URL:http://xforce.iss.net/static/7222.php
Reference: CERT-VN:VU#782155
Reference: URL:http://www.kb.cert.org/vuls/id/782155

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP
OpenView allows a local user to execute arbitrary code, possibly via a
buffer overflow in a long hostname or object ID.

Analysis
----------------
ED_PRI CAN-2001-1123 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION: It is uncertain why there are two separate HP advisories
that appear to include the same patches and describe the same issue.
The later advisory has no reference to the earlier one.  There is a
possibility that there are 2 separate issues here, but it's too hard
to tell.
MISC: The patch documentation provides slightly more details on the
problem.  See "PHSS_24842:" in
URL:http://support.openview.hp.com/load.jsp?type=ov_patch&name=PHSS_25742

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1124
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: HP:HPSBUX0110-169
Reference: URL:http://www.securityfocus.com/advisories/3586
Reference: CIAC:M-003
Reference: URL:http://www.ciac.org/ciac/bulletins/m-003.shtml
Reference: XF:hp-rpcbind-dos(7221)
Reference: URL:http://xforce.iss.net/static/7221.php
Reference: BID:3400
Reference: URL:http://www.securityfocus.com/bid/3400

rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to
cause a denial of service (core dump) via a malformed RPC portmap
requests, possibly related to a buffer overflow.

Analysis
----------------
ED_PRI CAN-2001-1124 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

The HP advisory is vague about the cause of the problem, but the BID
suggest that it may be due to an overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011005 Symantec LiveUpdate attacks
Reference: URL:http://www.securityfocus.com/archive/1/218717
Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Reference: BID:3403
Reference: URL:http://www.securityfocus.com/bid/3403
Reference: XF:liveupdate-host-verification(7235)
Reference: URL:http://xforce.iss.net/static/7235.php

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the
integrity of download files, which allows remote attackers to execute
arbitrary code via DNS spoofing of the update.symantec.com site.

Analysis
----------------
ED_PRI CAN-2001-1125 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in
the same version, which would suggest combining the code execution and
DoS problems because both are due to an issue with DNS spoofing.
However, the DoS issue still exists in 1.6 whereas the code execution
does not, so CD:SF-LOC further suggests a SPLIT because there is a
problem that appears in one version but not another.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011005 Symantec LiveUpdate attacks
Reference: URL:http://www.securityfocus.com/archive/1/218717
Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Reference: XF:liveupdate-host-verification(7235)
Reference: URL:http://xforce.iss.net/static/7235.php
Reference: BID:3413
Reference: URL:http://www.securityfocus.com/bid/3413

Symantec LiveUpdate 1.4 through 1.6, and possibly later versions,
allows remote attackers to cause a denial of service (flood) via DNS
spoofing of the update.symantec.com site.

Analysis
----------------
ED_PRI CAN-2001-1126 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in
the same version, which would suggest combining the code execution and
DoS problems because both are due to an issue with DNS spoofing.
However, the DoS issue still exists in 1.6 whereas the code execution
does not, so CD:SF-LOC further suggests a SPLIT because there is a
problem that appears in one version but not another.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011005 Progress Database vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/218833
Reference: BID:3404
Reference: URL:http://www.securityfocus.com/bid/3404
Reference: XF:progress-strcpy-bo(7236)
Reference: URL:http://xforce.iss.net/static/7236.php

Buffer overflow in Progress database 8.3D and 9.1C could allow a local
user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3)
_mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8)
_sqldump.

Analysis
----------------
ED_PRI CAN-2001-1127 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: CD:SF-LOC suggests that if problems of the same type
appear in different versions, they should be SPLIT.  According to the
discloser, the buffer overflows in PROMSGS/PROTERMCAP files were
fixed, whereas the _proapsv/_mprosrv/etc. executables were not.  These
problems appear in different versions, so they should be SPLIT even
though they are the same type of issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011008 Progress TERM (protermcap) overflows and PROMSGS overflows
Reference: URL:http://www.securityfocus.com/archive/1/219174
Reference: XF:progress-protermcap-bo(7264)
Reference: URL:http://xforce.iss.net/static/7264.php
Reference: BID:3414
Reference: URL:http://www.securityfocus.com/bid/3414

Buffer overflow in Progress database 8.3D and 9.1C allows local users
to execute arbitrary code via long entries in files that are specified
by the (1) PROMSGS or (2) PROTERMCAP environment variables.

Analysis
----------------
ED_PRI CAN-2001-1128 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that if problems of the same type
appear in different versions, they should be SPLIT.  According to the
discloser, the buffer overflows in PROMSGS/PROTERMCAP files were
fixed, whereas the _proapsv/_mprosrv/etc. executables were not.  These
problems appear in different versions, so they should be SPLIT even
though they are the same type of issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011102 Progres Databse PROMSGS Format strings issue.
Reference: URL:http://www.securityfocus.com/archive/1/224395
Reference: BID:3502
Reference: URL:http://www.securityfocus.com/bid/3502
Reference: XF:progress-promsgs-format-string(7457)
Reference: URL:http://xforce.iss.net/static/7457.php

Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3)
_mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8)
_rfutil and (9) prolib in Progress database 9.1C allows a local user
to execute arbitrary code via format string specifiers in the file
used by the PROMSGS environment variable.

Analysis
----------------
ED_PRI CAN-2001-1129 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1131
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: MISC:http://www.securiteam.com/windowsntfocus/5RP0L0055O.html

Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2
allows an attacker to read arbitrary files and directories via a
... (modified dot dot) in the CD command.

Analysis
----------------
ED_PRI CAN-2001-1131 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010821 BSDi (3.0/3.1) reboot machine code as any user (non-specific)
Reference: URL:http://www.securityfocus.com/archive/1/209192
Reference: XF:bsd-kernel-dos(7023)
Reference: URL:http://www.iss.net/security_center/static/7023.php
Reference: BID:3220
Reference: URL:http://www.securityfocus.com/bid/3220

Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users
to cause a denial of service (reboot) in the kernel via a particular
sequence of instructions.

Analysis
----------------
ED_PRI CAN-2001-1133 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010720 Re: Two birds with one worm
Reference: URL:http://www.securityfocus.com/archive/1/198381
Reference: BUGTRAQ:20010809 Xerox N40 printers and Code Red worm
Reference: URL:http://www.securityfocus.com/archive/1/203025
Reference: XF:xerox-docuprint-dos(6976)
Reference: URL:http://www.iss.net/security_center/static/6976.php
Reference: BID:3170
Reference: URL:http://online.securityfocus.com/bid/3170

Xerox DocuPrint N40 Printers allow remote attackers to cause a denial
of service via malformed data, such as that produced by the Code Red
worm.

Analysis
----------------
ED_PRI CAN-2001-1134 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1135
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/204439
Reference: BUGTRAQ:20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password
Reference: URL:http://www.securityfocus.com/archive/1/203592
Reference: BUGTRAQ:20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password
Reference: URL:http://www.securityfocus.com/archive/1/203022
Reference: BUGTRAQ:20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network
Reference: URL:http://www.securityfocus.com/archive/1/214971
Reference: BID:3346
Reference: URL:http://www.securityfocus.com/bid/3346
Reference: XF:prestige-wan-bypass-filter(7146)
Reference: URL:http://xforce.iss.net/static/7146.php

ZyXEL Prestige 642R and 642R-I routers do not filter the routers'
Telnet and FTP ports on the external WAN interface from inside access,
allowing someone on an internal computer to reconfigure the router, if
the password is known.

Analysis
----------------
ED_PRI CAN-2001-1135 3
Vendor Acknowledgement: unknown discloser-claimed

Vendor acknowledgment not found on vendor site. However discloser
claimed contact and an attempt to fix the problem:
http://www.securityfocus.com/archive/1/204439

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1136
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: HP:HPSBUX0109-166
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0063.html
Reference: CIAC:L-143
Reference: URL:http://www.ciac.org/ciac/bulletins/l-143.shtml
Reference: XF:hp-virtualvault-libsecurity-dos(7124)
Reference: URL:http://xforce.iss.net/static/7124.php
Reference: BID:3338
Reference: URL:http://online.securityfocus.com/bid/3338

The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to
cause a denial of service.

Analysis
----------------
ED_PRI CAN-2001-1136 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

INCLUSION: CD:VAGUE states that an issue that is identified by a vague
vendor advisory should be included in CVE, despite the risks of
introducing inaccuracy.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010906 Malformed Fragmented Packets DoS Dlink Firewall/Routers
Reference: URL:http://www.securityfocus.com/archive/1/212532
Reference: XF:dlink-fragmented-packet-dos(7090)
Reference: URL:http://xforce.iss.net/static/7090.php
Reference: BID:3306
Reference: URL:http://online.securityfocus.com/bid/3306

D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows
remote attackers to cause a denial of service (reboot) via malformed
IP datagram fragments.

Analysis
----------------
ED_PRI CAN-2001-1137 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1138
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010907  *** Security Advisory *** Power UP HTML
Reference: URL:http://www.securityfocus.com/archive/1/212679
Reference: BID:3304
Reference: URL:http://www.securityfocus.com/bid/3304
Reference: XF:powerup-rcgi-directory-traversal(7092)
Reference: URL:http://xforce.iss.net/static/7092.php

Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker
Power Up HTML 0.8033beta allows remote attackers to read arbitrary
files and possibly execute arbitrary code via a .. (dot dot) in the
FILE parameter.

Analysis
----------------
ED_PRI CAN-2001-1138 3
Vendor Acknowledgement: unknown
Content Decisions: EX-BETA

INCLUSION: CD:EX-BETA suggests that beta versions of programs should
be excluded from CVE, unless they are "permanent" beta.  In this case,
the program has been available on the web site since August 16, 2000,
which should be close enough to "permanent" for inclusion in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1139
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010822 [SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/209414
Reference: MISC:http://www.tsc.ant.co.jp/products/download.htm
Reference: BID:3219
Reference: URL:http://www.securityfocus.com/bid/3219
Reference: XF:winwrapper-dot-directory-traversal(7015)
Reference: URL:http://www.iss.net/security_center/static/7015.php

Directory traversal vulnerability in ASCII NT WinWrapper Professional
allows remote attackers to read arbitrary files via a .. (dot dot) in
the server request.

Analysis
----------------
ED_PRI CAN-2001-1139 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: acknowledgement cannot be determined because the
product web pages are in Japanese.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1140
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010822 -- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory ] --
Reference: URL:http://www.securityfocus.com/archive/1/209545
Reference: XF:badblue-file-source-disclosure (7021)
Reference: URL:http://xforce.iss.net/static/7021.php
Reference: BID:3222
Reference: URL:http://www.securityfocus.com/bid/3222

BadBlue Personal Edition v1.02 beta allows remote attackers to read
source code for executable programs by appending a %00 (null byte) to
the request.

Analysis
----------------
ED_PRI CAN-2001-1140 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote
Reference: URL:http://www.securityfocus.com/archive/1/209375
Reference: BUGTRAQ:20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/210087
Reference: BID:3216
Reference: URL:http://www.securityfocus.com/bid/3216
Reference: XF:officescan-iuser-read-files(7014)
Reference: URL:http://www.iss.net/security_center/static/7014.php

Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate
Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers
to read arbitrary files.

Analysis
----------------
ED_PRI CAN-2001-1150 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1151
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)
Reference: URL:http://www.securityfocus.com/archive/1/220666
Reference: MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
Reference: XF:officescan-config-file-access(7286)
Reference: URL:http://xforce.iss.net/static/7286.php

Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53
allows remote attackers to access sensitive information from the
hotdownload directory without authentication, such as the ofcscan.ini
configuration file, which contains a weakly encrypted password.

Analysis
----------------
ED_PRI CAN-2001-1151 3
Vendor Acknowledgement: unknown foreign
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010905 Various problems in Baltimore WebSweeper URL filtering
Reference: URL:http://www.securityfocus.com/archive/1/212283
Reference: MISC:http://www.mimesweeper.com/support/technotes/notes/1043.asp
Reference: BID:3296
Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296

Baltimore Technologies WEBsweeper 4.02, when used to manage URL
blacklists, allows remote attackers to bypass blacklist restrictions
and connect to unauthorized web servers by modifying the requested
URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the
desired file is in the parentdir, (3) a /./, or (4) URL-encoded
characters.

Analysis
----------------
ED_PRI CAN-2001-1152 3
Vendor Acknowledgement: no disputed
Content Decisions: SECTOOL-DESIGN

INCLUSION: The tech note by the vendor states that "It is not
practical to use WEBsweeper to manage blacklists. WEBsweeper's primary
function is content analysis of a web traffic and is not designed as a
URL blocker."  Since the software is not being used for its advertised
purposes, perhaps this issue should not be included in CVE.
ABSTRACTION: A similar vulnerability is described in CAN-2001-1026,
but for that one, URL filtering is explicitly listed as a feature of
that product.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2
Reference: URL:http://www.securityfocus.com/archive/1/211056
Reference: BID:3260
Reference: URL:http://www.securityfocus.com/bid/3260
Reference: XF:cyrus-imap-php-dos(7053)
Reference: URL:http://xforce.iss.net/static/7053.php

Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled,
allows remote attackers to cause a denial of service (hang) using PHP
IMAP clients.

Analysis
----------------
ED_PRI CAN-2001-1154 3
Vendor Acknowledgement: no search-failed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1156
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20011008 [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/219167
Reference: CONFIRM:http://membres.lycos.fr/typsoft/eng/history.html
Reference: BID:3409
Reference: URL:http://www.securityfocus.com/bid/3409
Reference: XF:typsoft-ftp-retr-stor-dos(7247)
Reference: URL:http://www.iss.net/security_center/static/7247.php

TYPSoft FTP 0.95 allows remote attackers to cause a denial of service
(CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.

Analysis
----------------
ED_PRI CAN-2001-1156 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the Typsoft history file, obtained from the "history"
button on the vendor's home page, includes a description for 0.97:
"Fix a Security bug can cause the server to crash when an User do RETR
../../*" The home page indicates that this version was created around
March 1, 2002, assuming "Mars" in French is March.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1157
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010812 Various problems in Baltimore's WEBSweeper Script filter ing
Reference: URL:http://www.securityfocus.com/archive/1/203821
Reference: BID:3172
Reference: URL:http://www.securityfocus.com/bid/3172
Reference: BID:3173
Reference: URL:http://www.securityfocus.com/bid/3173

Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly
filter Javascript from HTML pages, which could allow remote attackers
to bypass the filtering via (1) an extra leading < and one or more
characters before the SCRIPT tag, or (2) tags using Unicode.

Analysis
----------------
ED_PRI CAN-2001-1157 3
Vendor Acknowledgement: unknown
Content Decisions: SECTOOL-DESIGN, SF-LOC

INCLUSION/ABSTRACTION: Similar to the Ptacek/Newsham paper on IDS
limitations, this particular attack seems to take advantage of
peculiar behavior of end systems (in this case, web clients that are
"forgiving" of malformed HTML), which could be regarded as a design
limitation of all tools of this type.  Therefore, it should be
considered whether a problem of this type should be included in CVE,
and if so, whethere there should be a single item for the general
limitation regardless of the number of vendors/products, or multiple
items, one for each product.  This is the basis of a new CVE content
decision, CD:SECTOOL-DESIGN.
ABSTRACTION: It could be argued that the malformed SCRIPT tags and
Unicode encodings are different types of problems; thus if
CD:SECTOOL-DESIGN is resolved one way or another,

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1165
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: MISC:http://www.securemac.com/fileguard.php#disengage
Reference: XF:fileguard-weak-password-encryption(7018)
Reference: URL:http://www.iss.net/security_center/static/7018.php
Reference: BID:3213
Reference: URL:http://www.securityfocus.com/bid/3213

Intego FileGuard 4.0 uses weak encryption to store user information
and passwords, which allows local users to gain privileges by
decrypting the information, e.g., with the Disengage tool.

Analysis
----------------
ED_PRI CAN-2001-1165 3
Vendor Acknowledgement:

ACKNOWLEDGEMENT: An email inquiry was sent to the vendor, who either
did not understand the problem, or did not read the securemac.com post
carefully.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: unknown
Reference: HP:HPSBUX0108-165
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

Vulnerability in /opt/prm/bin of HP Process Resource Manager (PRM)
C.01.08.2 and earlier allows local users to gain root privileges by
altering libraries or environment variables.

Analysis
----------------
ED_PRI CAN-2001-1167 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

INCLUSION: CD:VAGUE states that if a vendor acknowledges or publicizes
an issue and says it's security related, but the vendor is vague about
the details, it should still be included.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1168
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1168
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010829 eRisk Security Advisory:  PhpMyExplorer vulnerable to directory traversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0408.html
Reference: BUGTRAQ:20010830 Re: eRisk Security Advisory:  PhpMyExplorer vulnerable to directory traversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0418.html

Directory traversal vulnerability in index.php in PhpMyExplorer before
1.2.1 allows remote attackers to read arbitrary files via a ..%2F
(modified dot dot) in the chemin parameter.

Analysis
----------------
ED_PRI CAN-2001-1168 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010902 S/Key keyinit(1) authentication (lack thereof) + sudo(1)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html

keyinit in S/Key does not require authentication to initialize a
one-time password sequence, which allows an attacker who has gained
privileges to a user account to create new one-time passwords for use
in other activities that may use S/Key authentication, such as sudo.

Analysis
----------------
ED_PRI CAN-2001-1169 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

INCLUSION: Followup posts indicate that if an attacker has gained
privileges as a user, then the attacker could accomplish the same
results with other methods that don't require S/Key, such as keyboard
logging. So there is some question as to whether this gains any
additional privileges beyond that which is available by breaking into
the account.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010929 Vulnerability in Amtote International  homebet self service wagering system.
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=217373&start=2001-09-27&end=2001-10-03
Reference: BID:3370
Reference: URL:http://www.securityfocus.com/bid/3370
Reference: XF:homebet-view-logfile(7186)
Reference: URL:http://xforce.iss.net/static/7186.php

AmTote International homebet program stores the homebet.log file in
the homebet/ virtual directory, which allows remote attackers to steal
account and PIN numbers.

Analysis
----------------
ED_PRI CAN-2001-1170 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-1171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1171
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20010907 Bug in compile portion for older versions of CheckPoint Firewalls
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0046.html

Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and
creates a world-writable temporary .cpp file when compiling Policy
rules, which could allow local users to gain privileges or modify the
firewall policy.

Analysis
----------------
ED_PRI CAN-2001-1171 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

 
Page Last Updated: May 22, 2007