|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-82 - 44 candidates
I am proposing cluster RECENT-82 for review and voting by the Editorial Board. Name: RECENT-82 Description: Candidates announced between 12/8/2001 and 12/31/2001 Size: 44 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1193 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011213 EFTP 2.0.8.346 directory content disclosure Reference: URL:http://www.securityfocus.com/archive/1/245393 Reference: CONFIRM:http://www.eftp.org/releasehistory.html Reference: BID:3691 Reference: URL:http://www.securityfocus.com/bid/3691 Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. Analysis ---------------- ED_PRI CAN-2001-1193 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: In the release history, the entry for version 2.0.8.347, dated December 12, says "Fixed a security flaw where users could inadvertantly change directory by changing to '...'" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1199 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/246044 Reference: CONFIRM:http://www.agoracgi.com/security.html Reference: BID:3702 Reference: URL:http://www.securityfocus.com/bid/3702 Reference: XF:agora-cgi-css(7708) Reference: URL:http://www.iss.net/security_center/static/7708.php Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. Analysis ---------------- ED_PRI CAN-2001-1199 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The Agoracgi security page says "The Cross-Site Scripting vulnerability demonstrations (erroneously described as running on 3.x stores) don't work with this patch installed... No store version 3.0a through 4.0g should run without [this patch]" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1201 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 New Advisory + Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100863301405266&w=2 Reference: BUGTRAQ:20011218 wmcube-gdk is vulnerable to a local exploit Reference: URL:http://online.securityfocus.com/archive/1/246273 Reference: CONFIRM:http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz Reference: BID:3706 Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3706 Reference: XF:wmcubegdk-object-file-bo(7720) Reference: URL:http://www.iss.net/security_center/static/7720.php Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file. Analysis ---------------- ED_PRI CAN-2001-1201 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the CHANGES file in wmcube-gdk-0.98p2.tar.gz includes an entry dated 20011218, stating "drop kmem priviliges on FreeBSD after opening kvm." Given the timing of this file relative to the Bugtraq announcement, and the fact that it would fix the issue being discussed in this item, there is sufficient acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1203 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: DEBIAN:DSA-095 Reference: URL:http://www.debian.org/security/2001/dsa-095 Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2001-1203 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1215 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011220 [CERT-intexxia] pfinger Format String Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/246656 Reference: CONFIRM:http://www.xelia.ch/unix/pfinger/ChangeLog Reference: XF:pfinger-plan-format-string(7742) Reference: URL:http://www.iss.net/security_center/static/7742.php Reference: BID:3725 Reference: URL:http://online.securityfocus.com/bid/3725 Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file. Analysis ---------------- ED_PRI CAN-2001-1215 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the Change Log, the entry dated 2001-12-19 says "Security Fix: Malicious local user could induce a bad format string" and credits the disclosers. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0057 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20011214 MSIE6 can read local files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html Reference: BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366383408821&w=2 Reference: MS:MS02-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-008.asp Reference: BID:3699 Reference: URL:http://online.securityfocus.com/bid/3699 XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. Analysis ---------------- ED_PRI CAN-2002-0057 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1184 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011208 Winsock RSHD/NT 2.20.00 CPU overusage when invalid data is send Reference: URL:http://www.securityfocus.com/archive/1/244580 Reference: BUGTRAQ:20011213 WRSHDNT 2.21.00 CPU overusage Reference: URL:http://online.securityfocus.com/archive/1/245405 Reference: CONFIRM:http://www.denicomp.com/rshdnt.htm Reference: XF:winsock-rshdnt-error-dos(7694) Reference: URL:http://www.iss.net/security_center/static/7694.php Reference: BID:3659 Reference: URL:http://www.securityfocus.com/bid/3659 wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024. Analysis ---------------- ED_PRI CAN-2001-1184 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: The comments for version 2.21.00 in the changelog say: "If a malicious user wrote an rsh-like client that sent a negative number as the stderr port, the wrshdsp.exe process would go into a loop for a long period, eating up CPU cycles." ABSTRACTION: The vendor did not completely fix the original problem, so the 2 separate attack scenarios are merged into a single item. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1185 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011210 AIO vulnerability Reference: URL:http://www.securityfocus.com/archive/1/244583 Reference: XF:bsd-aio-overwrite-memory(7693) Reference: URL:http://www.iss.net/security_center/static/7693.php Reference: BID:3661 Reference: URL:http://www.securityfocus.com/bid/3661 Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. Analysis ---------------- ED_PRI CAN-2001-1185 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug. Reference: URL:http://www.securityfocus.com/archive/1/244892 Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack Reference: URL:http://online.securityfocus.com/archive/1/244931 Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved) Reference: URL:http://online.securityfocus.com/archive/1/245100 Reference: BID:3667 Reference: URL:http://www.securityfocus.com/bid/3667 Reference: XF:iis-false-content-length-dos(7691) Reference: URL:http://www.iss.net/security_center/static/7691.php Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. Analysis ---------------- ED_PRI CAN-2001-1186 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1187 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 CSVForm (Perl CGI) Remote Execution Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/244908 Reference: BID:3668 Reference: URL:http://online.securityfocus.com/bid/3668 Reference: XF:csvform-cgi-execute-commands(7692) Reference: URL:http://www.iss.net/security_center/static/7692.php csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter. Analysis ---------------- ED_PRI CAN-2001-1187 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1188 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 SPAMMERS DELIGHT: as feeble as feeble can be Reference: URL:http://www.securityfocus.com/archive/1/244909 Reference: BID:3669 Reference: URL:http://www.securityfocus.com/bid/3669 mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields. Analysis ---------------- ED_PRI CAN-2001-1188 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1189 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011213 IBM WebSphere on UNIX security alert ! Reference: URL:http://www.securityfocus.com/archive/1/245324 Reference: BID:3682 Reference: URL:http://www.securityfocus.com/bid/3682 Reference: XF:websphere-java-plaintext-passwords(7698) Reference: URL:http://www.iss.net/security_center/static/7698.php IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. Analysis ---------------- ED_PRI CAN-2001-1189 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1190 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: Reference: MANDRAKE:MDKSA-2001:091 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-091.php3 Reference: BID:3683 Reference: URL:http://www.securityfocus.com/bid/3683 Reference: XF:linux-passwd-weak-encryption(7706) Reference: URL:http://www.iss.net/security_center/static/7706.php The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. Analysis ---------------- ED_PRI CAN-2001-1190 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE INCLUSION: The advisory is not clear about the specific ramifications of the default PAM files. However, since this came from a vendor advisory, CD:VAGUE suggests that it should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1191 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Webseal 3.8 Reference: URL:http://www.securityfocus.com/archive/1/245283 Reference: BID:3685 Reference: URL:http://www.securityfocus.com/bid/3685 WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. Analysis ---------------- ED_PRI CAN-2001-1191 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CVE-2001-0982 describes a directory traversal issue in WebSEAL, related to %2e. It seems likely that in attempting to fix that problem, the vendor introduced a new type of issue. Since CD:SF-LOC suggests splitting problems of different types, this item should be separated from CVE-2001-0982. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1192 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011213 Kikkert Security Advisory: Potentially serious security flaw in Citrix Client Reference: URL:http://www.securityfocus.com/archive/1/245342 Reference: BID:3688 Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3688 Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a.ICA file, which is downloaded and automatically executed by the client. Analysis ---------------- ED_PRI CAN-2001-1192 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1194 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS Reference: URL:http://www.securityfocus.com/archive/1/245498 Reference: BUGTRAQ:20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS Reference: URL:http://www.securityfocus.com/archive/1/246182 Reference: BID:3695 Reference: URL:http://www.securityfocus.com/bid/3695 Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. Analysis ---------------- ED_PRI CAN-2001-1194 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1195 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011215 Novell Groupwise servlet gateway default username and password Reference: URL:http://www.securityfocus.com/archive/1/245871 Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm Reference: XF:groupwise-servlet-manager-default(7701) Reference: URL:http://www.iss.net/security_center/static/7701.php Reference: BID:3697 Reference: URL:http://online.securityfocus.com/bid/3697 Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1195 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PASS ACKNOWLEGDEMENT: The Novell acknowledgement is only for 5.5. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1196 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 webmin 0.91 ../.. problem Reference: URL:http://www.securityfocus.com/archive/1/245980 Reference: BUGTRAQ:20011218 Re: webmin 0.91 ../.. problem Reference: URL:http://marc.theaimsgroup.com/?l=webmin-l&m=100865390306103&w=2 Reference: BID:3698 Reference: URL:http://www.securityfocus.com/bid/3698 Reference: XF:webmin-dot-directory-traversal(7711) Reference: URL:http://www.iss.net/security_center/static/7711.php Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. Analysis ---------------- ED_PRI CAN-2001-1196 3 Vendor Acknowledgement: no disputed INCLUSION: the vendor claims that root privileges are already required to edit bootup actions. If so, then the attacker does not gain any privileges beyond what they already have, so it would not be a vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1197 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011214 klprfax_filter symlink vulnerability Reference: URL:http://www.securityfocus.com/archive/1/245500 Reference: BUGTRAQ:20011214 Re: klprfax_filter symlink vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100837486611350&w=2 Reference: BID:3694 Reference: URL:http://www.securityfocus.com/bid/3694 klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. Analysis ---------------- ED_PRI CAN-2001-1197 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1198 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011215 HP-UX setuid rlpdaemon induced to make illicit file writes Reference: URL:http://www.securityfocus.com/archive/1/245690 Reference: BID:3701 Reference: URL:http://www.securityfocus.com/bid/3701 Reference: XF:hp-rlpd-create-log(7729) Reference: URL:http://www.iss.net/security_center/static/7729.php RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option. Analysis ---------------- ED_PRI CAN-2001-1198 3 Vendor Acknowledgement: unknown vague Content Decisions: VAGUE ABSTRACTION: This sounds similar to CAN-2001-0817, but the ISS/HP advisories for that item are vague. However, CAN-2001-0817 was remotely exploitable. For this example, it's locally exploitable, and it doesn't seem like a remote attacker would be able to specify alternate log files. Assuming that's true, then by CD:SF-LOC, this issue should be treated differently. In addition, ISS has created separate XF references for this issue; their "inside knowledge" of CAN-2001-0817 would therefore suggest further that these are different issues. The discloser for this issue says that HPSBUX0111-176 fixes this problem, but it's uncertain whether the discloser is *assuming* it's been fixed because rlpdaemon is mentioned in the advisory. The issue is that HPSBUX0111-176 is too vague, and in fact only alludes to "a" vulnerability (i.e., one problem), assumably the ISS one. However, the discloser did say that they notified HP on August 8, which could have allowed HP time to fix this problem in HPSBUX0111-176. This is an interesting demonstration of the impact of vague advisories on *other* issues that aren't vaguely described. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP Reference: URL:http://www.securityfocus.com/archive/1/246014 Reference: BID:3703 Reference: URL:http://www.securityfocus.com/bid/3703 Reference: XF:winxp-hotkey-execute-programs(7713) Reference: URL:http://www.iss.net/security_center/static/7713.php Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. Analysis ---------------- ED_PRI CAN-2001-1200 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1202 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1202 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011228 DeleGate Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100956050432351&w=2 Reference: BID:3749 Reference: URL:http://online.securityfocus.com/bid/3749 Reference: XF:delegate-proxy-css(7745) Reference: URL:http://www.iss.net/security_center/static/7745.php Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error. Analysis ---------------- ED_PRI CAN-2001-1202 3 Vendor Acknowledgement: unknown Removed space. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1204 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011228 PHP Rocket Add-in (file transversal vulnerability) Reference: URL:http://www.securityfocus.com/archive/1/247559 Reference: BID:3751 Reference: URL:http://www.securityfocus.com/bid/3751 Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. Analysis ---------------- ED_PRI CAN-2001-1204 3 Vendor Acknowledgement: no Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1205 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns Reference: URL:http://www.securityfocus.com/archive/1/247710 Reference: BID:3754 Reference: URL:http://www.securityfocus.com/bid/3754 Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via a '..' (dot dot) attack. Analysis ---------------- ED_PRI CAN-2001-1205 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests a SPLIT between different problem types, thus a different CVE item is being created for the directory traversal versus the shell metacharacters. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1206 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1206 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: Reference: BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns Reference: URL:http://www.securityfocus.com/archive/1/247710 Reference: BID:3755 Reference: URL:http://www.securityfocus.com/bid/3755 Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands by failing to validate shell meta characters. Analysis ---------------- ED_PRI CAN-2001-1206 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests a SPLIT between different problem types, thus a different CVE item is being created for the directory traversal versus the shell metacharacters. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1207 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011230 DayDream BBS buffer overflows Reference: URL:http://www.securityfocus.com/archive/1/247708 Reference: CONFIRM:http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog Reference: BID:3757 Reference: URL:http://www.securityfocus.com/bid/3757 Reference: XF:daydream-bbs-control-code-bo(7755) Reference: URL:http://www.iss.net/security_center/static/7755.php Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA. Analysis ---------------- ED_PRI CAN-2001-1207 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1208 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011231 Daydream BBS Format strings issue. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100977623710528&w=2 Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code. Analysis ---------------- ED_PRI CAN-2001-1208 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1209 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011231 blackshell2: zml.cgi remote exploit Reference: URL:http://www.securityfocus.com/archive/1/247742 Reference: VULNWATCH:20011231 [VulnWatch] blackshell2: zml.cgi remote exploit Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0086.html Reference: MISC:http://www.jero.cc/zml/zml.html Reference: BID:3759 Reference: URL:http://www.securityfocus.com/bid/3759 Reference: XF:zml-cgi-directory-traversal(7751) Reference: URL:http://www.iss.net/security_center/static/7751.php Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Analysis ---------------- ED_PRI CAN-2001-1209 3 Vendor Acknowledgement: no disputed Content Decisions: INCLUSION INCLUSION: The author of the zml.cgi program says that the vulnerable version is not his, and that zml.cgi does not take a file parameter. If this is an adaptation of that zml.cgi program, and the adaptation is not generally available, then it should not be included in CVE. Almost all of the hits on Google for "zml.cgi" are references to the reported vulnerability, and a search for "zml" doesn't turn up any obvious web pages, so it cannot be determined if there is another product that happens to use a script named zml.cgi. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1210 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011230 Possible security problem with Cisco ubr900 series routers Reference: URL:http://www.securityfocus.com/archive/1/247718 Reference: BID:3758 Reference: URL:http://online.securityfocus.com/bid/3758 Reference: XF:cisco-docsis-default-strings(7806) Reference: URL:http://www.iss.net/security_center/static/7806.php Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. Analysis ---------------- ED_PRI CAN-2001-1210 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: CF Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1211 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/247786 Reference: MISC:http://support.ipswitch.com/kb/IM-20020301-DM02.htm Reference: MISC:http://support.ipswitch.com/kb/IM-20011219-DM01.htm Reference: BID:3766 Reference: URL:http://www.securityfocus.com/bid/3766 Reference: XF:imail-admin-domain-change(7752) Reference: URL:http://www.iss.net/security_center/static/7752.php Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Analysis ---------------- ED_PRI CAN-2001-1211 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: the release notes for IMail 7.06 say "Fixed remote handling on Info manager settings." However, this item is not labeled as a security fix, nor is it specific enough to be certain. The release notes for 7.05 say "iWebMsg: List, rule and alias security hacks thwarted," which sounds more like the issue, but it's still not quite clear enough to be certain that the vendor has acknowledged the problem, especially since there are additional reports of *different* vulnerabilities in the same version. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1212 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011218 Aktivate Shopping System Cross Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/246274 Reference: XF:aktivate-shopping-css(7717) Reference: URL:http://www.iss.net/security_center/static/7717.php Reference: BID:3714 Reference: URL:http://online.securityfocus.com/bid/3714 Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter. Analysis ---------------- ED_PRI CAN-2001-1212 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1213 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011218 FTPXQ default install read/write capabilities Reference: URL:http://www.securityfocus.com/archive/1/246285 Reference: XF:ftpxq-default-permissions(7715) Reference: URL:http://www.iss.net/security_center/static/7715.php Reference: BID:3716 Reference: URL:http://online.securityfocus.com/bid/3716 The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder. Analysis ---------------- ED_PRI CAN-2001-1213 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1214 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011215 *ALERT* "Unix Manual" PHP-Script allows arbitrary code execution Reference: URL:http://www.securityfocus.com/archive/1/247332 Reference: XF:unixmanual-php-command-execution(7719) Reference: URL:http://www.iss.net/security_center/static/7719.php Reference: BID:3718 Reference: URL:http://online.securityfocus.com/bid/3718 manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2001-1214 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1216 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1216 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001) Reference: URL:http://www.securityfocus.com/archive/1/246663 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf Reference: CERT-VN:VU#500203 Reference: URL:http://www.kb.cert.org/vuls/id/500203 Reference: XF:oracle-appserver-modplsql-bo(7727) Reference: URL:http://www.iss.net/security_center/static/7727.php Reference: BID:3726 Reference: URL:http://www.securityfocus.com/bid/3726 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. Analysis ---------------- ED_PRI CAN-2001-1216 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1217 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001) Reference: URL:http://www.securityfocus.com/archive/1/246663 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf Reference: XF:oracle-appserver-modplsql-traversal(7728) Reference: URL:http://www.iss.net/security_center/static/7728.php Reference: BID:3727 Reference: URL:http://www.securityfocus.com/bid/3727 Reference: CERT-VN:VU#758483 Reference: URL:http://www.kb.cert.org/vuls/id/758483 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Analysis ---------------- ED_PRI CAN-2001-1217 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1218 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1218 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition Reference: URL:http://www.securityfocus.com/archive/1/246611 Reference: BID:3729 Reference: URL:http://online.securityfocus.com/bid/3729 Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. Analysis ---------------- ED_PRI CAN-2001-1218 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1219 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1219 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011220 MSIE DoS Using javascript Reference: URL:http://www.securityfocus.com/archive/1/246649 Reference: BID:3730 Reference: URL:http://online.securityfocus.com/bid/3730 Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. Analysis ---------------- ED_PRI CAN-2001-1219 3 Vendor Acknowledgement: unknown Content Decisions: EX-CLIENT-DOS INCLUSION: The current version of CD:EX-CLIENT-DOS suggests that if there is a client-side DoS which is only exploitable through a passive attack, then if the scope is limited to the application only and it can be fixed with a restart, then the problem should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1220 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1220 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration Reference: URL:http://www.securityfocus.com/archive/1/246849 Reference: BID:3735 Reference: URL:http://www.securityfocus.com/bid/3735 Reference: XF:dlink-ap-public-mib(7733) Reference: URL:http://www.iss.net/security_center/static/7733.php D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. Analysis ---------------- ED_PRI CAN-2001-1220 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION ABSTRACTION: CD:SF-LOC suggests a SPLIT between problems of different types. One issue is a plaintext password (lack of encryption) whose scope is limited to those who know the community string - however, there's a default community string, which is a different type of issue (default), that makes the plaintext password problem worse than it might originally be, but it is still a problem even if there is a non-default community string. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1221 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1221 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration Reference: URL:http://www.securityfocus.com/archive/1/246849 Reference: BID:3736 Reference: URL:http://www.securityfocus.com/bid/3736 D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. Analysis ---------------- ED_PRI CAN-2001-1221 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC, CF-PASS ABSTRACTION: CD:SF-LOC suggests a SPLIT between problems of different types. One issue is a plaintext password (lack of encryption) whose scope is limited to those who know the community string - however, there's a default community string, which is a different type of issue (default), that makes the plaintext password problem worse than it might originally be, but it is still a problem even if there is a non-default community string. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1222 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1222 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011221 twlc advisory: plesk (psa) allows reading of .php files Reference: URL:http://www.securityfocus.com/archive/1/246861 Reference: BID:3737 Reference: URL:http://www.securityfocus.com/bid/3737 Reference: XF:psa-php-reveal-source(7735) Reference: URL:http://www.iss.net/security_center/static/7735.php Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain. Analysis ---------------- ED_PRI CAN-2001-1222 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1223 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011226 Phoenix Sistemi Security Advisory: ELSA Lancom 1100 Office Security Problems Reference: URL:http://www.securityfocus.com/archive/1/247274 Reference: BID:3746 Reference: URL:http://www.securityfocus.com/bid/3746 Reference: XF:elsa-lancom-web-administration(7739) Reference: URL:http://www.iss.net/security_center/static/7739.php The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. Analysis ---------------- ED_PRI CAN-2001-1223 3 Vendor Acknowledgement: unknown Content Decisions: DESIGN-NO-AUTH Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1224 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011223 GOBBLES CGI MARATHON #001 Reference: URL:http://www.securityfocus.com/archive/1/246994 Reference: BID:3739 Reference: URL:http://www.securityfocus.com/bid/3739 Reference: XF:adrotate-sql-execute-commands(7736) Reference: URL:http://www.iss.net/security_center/static/7736.php get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack. Analysis ---------------- ED_PRI CAN-2001-1224 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1225 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011226 msql DoS Reference: URL:http://www.securityfocus.com/archive/1/247222 Reference: BID:3742 Reference: URL:http://www.securityfocus.com/bid/3742 Reference: XF:msql-char-array-dos(7746) Reference: URL:http://www.iss.net/security_center/static/7746.php Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried. Analysis ---------------- ED_PRI CAN-2001-1225 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1226 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011225 GOBBLES CGI MARATHON #002 Reference: URL:http://www.securityfocus.com/archive/1/247126 Reference: BID:3741 Reference: URL:http://www.securityfocus.com/bid/3741 Reference: XF:adcycle-modify-sql-query(7762) Reference: URL:http://www.iss.net/security_center/static/7762.php AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database. Analysis ---------------- ED_PRI CAN-2001-1226 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
