|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2001-002 - 42 candidates
I am proposing cluster MISC-2001-002 for review and voting by the Editorial Board. Name: MISC-2001-002 Description: Misc. Candidates announced between 7/3/2001 and 7/30/2001 Size: 42 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1237 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CONFIRM:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz Reference: BID:3393 Reference: URL:http://www.securityfocus.com/bid/3393 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. Analysis ---------------- ED_PRI CAN-2001-1237 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: Ack is in /phormation-0.9.2/phormation/CHANGELOG: - "changed the $phormationdir variable to be a constant. This closes a huge security hole: The client could set the variable to something like 'http://his_site.com'. Then your script would include http://his_site.com/form.php and execute his code! (assuming you haven't turned off certain php options)" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1240 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: ENGARDE:ESA-20010711-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1493.html The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. Analysis ---------------- ED_PRI CAN-2001-1240 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1266 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONFIRM:http://dnhttpd.sourceforge.net/changelog.html Reference: MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. Analysis ---------------- ED_PRI CAN-2001-1266 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the change log for version 0.4.1 says: "Just a bug/security fix. I mistakenly put the bit that checked for '..' in the URL *before* the bit that translated hex codes in URLs to ASCII, so you could use %2E%2E in place of '..' and view any directory listing or file in the filesystem that the server has read access to." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). Analysis ---------------- ED_PRI CAN-2001-1267 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the ChangeLog file for 1.13.25, the entry dated 2001-08-27 says "(extract_archive): Fix test for absolute pathnames and/or '..'." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Reference: FREEBSD:FreeBSD-SA-01:48 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Reference: BID:3065 Reference: URL:http://online.securityfocus.com/bid/3065 Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. Analysis ---------------- ED_PRI CAN-2001-1279 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1235 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1235 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/21800 Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Reference: BID:3395 Reference: URL:http://www.securityfocus.com/bid/3395 pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1235 2 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: Could not find ACK and the software has not been updated on sourceforge since Jun 05, 2001, 5 months before this vulnerability was announced. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1236 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Reference: BID:3394 Reference: URL:http://www.securityfocus.com/bid/3394 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. Analysis ---------------- ED_PRI CAN-2001-1236 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1238 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010716 W2k: Unkillable Applications Reference: URL:http://www.securityfocus.com/archive/1/197195 Reference: XF:win2k-taskmanager-unkillable-process(6919) Reference: URL:http://xforce.iss.net/static/6919.php Reference: BID:3033 Reference: URL:http://www.securityfocus.com/bid/3033 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. Analysis ---------------- ED_PRI CAN-2001-1238 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1241 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010717 multiple vulnerabilities in un-cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html Reference: BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi.html Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html Reference: BID:3057 Reference: URL:http://online.securityfocus.com/bid/3057 Reference: XF:uncgi-unexecutable-cgi(6847) Reference: URL:http://www.iss.net/security_center/static/6847.php Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name. Analysis ---------------- ED_PRI CAN-2001-1241 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACKNOWLEDGEMENT: The home page describes Un-CGI 1.10 and includes a SECURITY section that says "EXECUTABLES_ONLY - If set, Un-CGI's ability to execute shell scripts that begin with '#!' but don't have execute permission set in the filesystem is disabled." The change log for version 1.10 says "Add security-related compile-time option EXECUTABLES_ONLY," which would address the problem being described here. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1242 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010717 multiple vulnerabilities in un-cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html Reference: BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple vulnerabilities in un-cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html Reference: CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html Reference: BID:3056 Reference: URL:http://online.securityfocus.com/bid/3056 Reference: XF:uncgi-dot-directory-traversal(6846) Reference: URL:http://www.iss.net/security_center/static/6846.php Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. Analysis ---------------- ED_PRI CAN-2001-1242 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1243 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010704 NERF Advisory #4: MS IIS local and remote DoS Reference: URL:http://www.securityfocus.com/archive/1/194919 Reference: BID:2973 Reference: URL:http://www.securityfocus.com/bid/2973 Reference: XF:iis-device-asp-dos(6800) Reference: URL:http://www.iss.net/security_center/static/6800.php Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject. Analysis ---------------- ED_PRI CAN-2001-1243 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1244 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010708 Small TCP packets == very large overhead == DoS? Reference: URL:http://www.securityfocus.com/archive/1/195457 Reference: BID:2997 Reference: URL:http://www.securityfocus.com/bid/2997 Reference: XF:tcp-mss-dos(6824) Reference: URL:http://xforce.iss.net/static/6824.php Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. Analysis ---------------- ED_PRI CAN-2001-1244 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1245 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 Re: Opera Browser Heap Overflow (Session Replay Attack) Reference: URL:http://online.securityfocus.com/archive/1/196980 Reference: XF:opera-browser-header-bo(6838) Reference: URL:http://www.iss.net/security_center/static/6838.php Reference: BID:3012 Reference: URL:http://www.securityfocus.com/bid/3012 Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name. Analysis ---------------- ED_PRI CAN-2001-1245 3 Vendor Acknowledgement: unknown Content Decisions: EX-CLIENT-DOS DETAIL: The Bugtraq posting is a response to a message that was supposedly posted at http://www.securiteam.com/securitynews/5MP0B004UW.html, but that URL no longer exists, and there is no information on the SecuriTeam web site. The Bugtraq post does not provide specific details to understand what causes the problem, but it does use "X" as a value and a possible header name. When combined with the claim that the problem is due to a "mismatched new/delete[] pair," one could guess at the cause. INCLUSION: CD:EX-CLIENT-DOS recommends that DoSes that only affect a client and can be cleared by restarting, could be excluded from CVE. However, CD:EX-CLIENT-DOS is not final as of this writing. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1257 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: CONFIRM:http://online.securityfocus.com/archive/1/198495 Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: BID:3082 Reference: URL:http://www.securityfocus.com/bid/3082 Reference: XF:imp-cross-site-scripting(6905) Reference: URL:http://www.iss.net/security_center/static/6905.php Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. Analysis ---------------- ED_PRI CAN-2001-1257 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1258 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released Reference: URL:http://online.securityfocus.com/archive/1/198495 Reference: CALDERA:CSSA-2001-027.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt Reference: CONECTIVA:CLA-2001:410 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410 Reference: CONFIRM:http://online.securityfocus.com/archive/1/198495 Reference: DEBIAN:DSA-073 Reference: URL:http://www.debian.org/security/2001/dsa-073 Reference: XF:imp-prefslang-gain-privileges(6906) Reference: URL:http://www.iss.net/security_center/static/6906.php Reference: BID:3083 Reference: URL:http://www.securityfocus.com/bid/3083 Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. Analysis ---------------- ED_PRI CAN-2001-1258 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1264 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: HP:HPSBUX0107-161 Reference: URL:http://www.securityfocus.com/advisories/3459 Reference: CIAC:L-119 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-119.shtml Reference: CERT-VN:VU#420475 Reference: URL:http://www.kb.cert.org/vuls/id/420475 Reference: XF:hp-virtualvault-mkacct-privilege-elevation(6867) Reference: URL:http://xforce.iss.net/static/6867.php Reference: BID:3072 Reference: URL:http://www.securityfocus.com/bid/3072 Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. Analysis ---------------- ED_PRI CAN-2001-1264 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE INCLUSION: While there is very little information about this issue, CD:VAGUE says that problems that are identified by vague vendor advisories should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1265 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010720 IBM TFTP Server for Java vulnerability Reference: URL:http://online.securityfocus.com/archive/1/198297 Reference: BID:3076 Reference: URL:http://www.securityfocus.com/bid/3076 Reference: XF:ibm-tftp-directory-traversal(6864) Reference: URL:http://xforce.iss.net/static/6864.php Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2001-1265 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analysis ---------------- ED_PRI CAN-2001-1268 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: In a prominent orange box on the vendor page, the vendor states: "all versions of UnZip prior to 5.50 (i.e., 5.42 and earlier) have a directory-traversal vulnerability that allows them to unpack files in unexpected places. Specifically, if an archive contains files with leading '/' characters (i.e., relative to the root directory) or with '..' components... This bug is fixed in 5.50 and later." The statement includes a link to the Bugtraq reference. ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues. While some people use "directory traversal" to refer to both .. and leading-slash problems, if a programmer fixes one problem, there is still a strong possibility that they have not fixed the other issue. Therefore, the problems are different enough that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1269 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. Analysis ---------------- ED_PRI CAN-2001-1269 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: In a prominent orange box on the vendor page, the vendor states: "all versions of UnZip prior to 5.50 (i.e., 5.42 and earlier) have a directory-traversal vulnerability that allows them to unpack files in unexpected places. Specifically, if an archive contains files with leading '/' characters (i.e., relative to the root directory) or with '..' components... This bug is fixed in 5.50 and later." The statement includes a link to the Bugtraq reference. ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues. While some people use "directory traversal" to refer to both .. and leading-slash problems, if a programmer fixes one problem, there is still a strong possibility that they have not fixed the other issue. Therefore, the problems are different enough that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1270 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: MISC:http://www.security.nnov.ru/advisories/archdt.asp Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. Analysis ---------------- ED_PRI CAN-2001-1270 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1271 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: MISC:http://www.security.nnov.ru/advisories/archdt.asp Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames. Analysis ---------------- ED_PRI CAN-2001-1271 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1288 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010727 bug w2k Reference: URL:http://online.securityfocus.com/archive/1/200118 Reference: BUGTRAQ:20010801 F7-Enter bug details & workaround Reference: URL:http://online.securityfocus.com/archive/1/201151 Reference: VULN-DEV:20010730 RE: bug w2k Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=99651044701417&w=2 Reference: BUGTRAQ:20010729 Re: w2k dos Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99640583014377&w=2 Reference: BUGTRAQ:20010731 NT TS / Win 2K and F7 - Enter bug Reference: URL:http://online.securityfocus.com/archive/1/200985 Reference: BID:3115 Reference: URL:http://online.securityfocus.com/bid/3115 Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. Analysis ---------------- ED_PRI CAN-2001-1288 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1289 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010730 ADV: Quake 3 Arena 1.29f/g Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html Reference: BID:3123 Reference: URL:http://online.securityfocus.com/bid/3123 Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. Analysis ---------------- ED_PRI CAN-2001-1289 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1291 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 3Com TelnetD Reference: URL:http://www.securityfocus.com/archive/1/196957 Reference: XF:3com-telnetd-brute-force(6855) Reference: URL:http://xforce.iss.net/static/6855.php Reference: BID:3034 Reference: URL:http://www.securityfocus.com/bid/3034 The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. Analysis ---------------- ED_PRI CAN-2001-1291 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911 Reference: BID:3063 Reference: URL:http://www.securityfocus.com/bid/3063 Reference: XF:win2k-change-network-passwords(6876) Reference: URL:http://xforce.iss.net/static/6876.php The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. Analysis ---------------- ED_PRI CAN-2001-1302 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1303 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1303 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010718 Firewall-1 Information leak Reference: URL:http://www.securityfocus.com/archive/1/197566 Reference: BID:3058 Reference: URL:http://online.securityfocus.com/bid/3058 Reference: XF:fw1-securemote-gain-information(6857) Reference: URL:http://xforce.iss.net/static/6857.php The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. Analysis ---------------- ED_PRI CAN-2001-1303 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1306 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#276944 Reference: URL:http://www.kb.cert.org/vuls/id/276944 Reference: SGI:20011102-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1306 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1307 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT-VN:VU#276944 Reference: URL:http://www.kb.cert.org/vuls/id/276944 Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: SGI:20011102-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: XF:iplanet-ldap-protos-bo(6893) Reference: URL:http://xforce.iss.net/static/6893.php Reference: BID:3038 Reference: URL:http://www.securityfocus.com/bid/3038 Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1307 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1308 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#276944 Reference: URL:http://www.kb.cert.org/vuls/id/276944 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: SGI:20011102-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I Reference: MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: BID:3039 Reference: URL:http://www.securityfocus.com/bid/3039 Reference: XF:iplanet-ldap-protos-format-string(6898) Reference: URL:http://xforce.iss.net/static/6898.php Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1308 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1309 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#505564 Reference: URL:http://www.kb.cert.org/vuls/id/505564 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y Reference: BID:3040 Reference: URL:http://www.securityfocus.com/bid/3040 Reference: XF:secureway-ldap-protos-dos(6894) Reference: URL:http://xforce.iss.net/static/6894.php Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1309 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1310 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#505564 Reference: URL:http://www.kb.cert.org/vuls/id/505564 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y Reference: BID:3040 Reference: URL:http://www.securityfocus.com/bid/3040 Reference: XF:secureway-ldap-protos-dos(6894) Reference: URL:http://xforce.iss.net/static/6894.php IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1310 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1311 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#583184 Reference: URL:http://www.kb.cert.org/vuls/id/583184 Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: XF:domino-ldap-protos-bo(6895) Reference: URL:http://xforce.iss.net/static/6895.php Reference: BID:3041 Reference: URL:http://www.securityfocus.com/bid/3041 Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1311 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1312 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1312 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#583184 Reference: URL:http://www.kb.cert.org/vuls/id/583184 Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: XF:domino-ldap-protos-format-string(6896) Reference: URL:http://xforce.iss.net/static/6896.php Reference: BID:3042 Reference: URL:http://www.securityfocus.com/bid/3042 Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1312 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1313 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#583184 Reference: URL:http://www.kb.cert.org/vuls/id/583184 Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1313 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1314 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1314 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html Reference: CERT-VN:VU#657547 Reference: URL:http://www.kb.cert.org/vuls/id/657547 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: BID:3124 Reference: URL:http://www.securityfocus.com/bid/3124 Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1314 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1315 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1315 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html Reference: CERT-VN:VU#657547 Reference: URL:http://www.kb.cert.org/vuls/id/657547 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1315 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1316 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT-VN:VU#688960 Reference: URL:http://www.kb.cert.org/vuls/id/688960 Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: XF:teamware-ldap-protos-bo(6897) Reference: URL:http://xforce.iss.net/static/6897.php Reference: BID:3044 Reference: URL:http://www.securityfocus.com/bid/3044 Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1316 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1317 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1317 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT-VN:VU#688960 Reference: URL:http://www.kb.cert.org/vuls/id/688960 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1317 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1318 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT-VN:VU#717380 Reference: URL:http://www.kb.cert.org/vuls/id/717380 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: BID:3043 Reference: URL:http://www.securityfocus.com/bid/3043 Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1318 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC, SF-CODEBASE, VAGUE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1319 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#763400 Reference: URL:http://www.kb.cert.org/vuls/id/763400 Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CONFIRM:http://www.kb.cert.org/vuls/id/CFCN-4YAQC7 Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: BID:3045 Reference: URL:http://www.securityfocus.com/bid/3045 Reference: XF:exchange-ldap-protos-dos(6899) Reference: URL:http://xforce.iss.net/static/6899.php Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1319 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1320 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#765256 Reference: URL:http://www.kb.cert.org/vuls/id/765256 Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNK Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Reference: BID:3046 Reference: URL:http://www.securityfocus.com/bid/3046 Reference: XF:pgp-keyserver-ldap-bo(6900) Reference: URL:http://xforce.iss.net/static/6900.php Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1320 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE, VAGUE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1321 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CIAC:L-116 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-116.shtml Reference: CERT-VN:VU#869184 Reference: URL:http://www.kb.cert.org/vuls/id/869184 Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNV Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. Analysis ---------------- ED_PRI CAN-2001-1321 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-CODEBASE, VAGUE ABSTRACTION: It is difficult to be consistent in abstraction for the many LDAP issues that were discovered as a result of the PROTOS LDAP project. However, CD:SF-LOC and CD:SF-CODEBASE provide guidance. Separate CVE items are created according to the 5 different "Exceptional Elements" categories described in the PROTOS paper. It is assumed that each vendor is using a different codebase, unless the relationship is clear. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
