|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 191 candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-1080 CVE-1999-1080 CAN-1999-1362 CVE-1999-1362 CAN-2000-0060 CVE-2000-0060 CAN-2000-0072 CVE-2000-0072 CAN-2000-0087 CVE-2000-0087 CAN-2000-0976 CVE-2000-0976 CAN-2000-1166 CVE-2000-1166 CAN-2000-1193 CVE-2000-1193 CAN-2001-0508 CVE-2001-0508 CAN-2001-0550 CVE-2001-0550 CAN-2001-0553 CVE-2001-0553 CAN-2001-0726 CVE-2001-0726 CAN-2001-0727 CVE-2001-0727 CAN-2001-0731 CVE-2001-0731 CAN-2001-0769 CVE-2001-0769 CAN-2001-0770 CVE-2001-0770 CAN-2001-0797 CVE-2001-0797 CAN-2001-0869 CVE-2001-0869 CAN-2001-0872 CVE-2001-0872 CAN-2001-0884 CVE-2001-0884 CAN-2001-0886 CVE-2001-0886 CAN-2001-0887 CVE-2001-0887 CAN-2001-0888 CVE-2001-0888 CAN-2001-0889 CVE-2001-0889 CAN-2001-0894 CVE-2001-0894 CAN-2001-0895 CVE-2001-0895 CAN-2001-0896 CVE-2001-0896 CAN-2001-0899 CVE-2001-0899 CAN-2001-0900 CVE-2001-0900 CAN-2001-0901 CVE-2001-0901 CAN-2001-0905 CVE-2001-0905 CAN-2001-0906 CVE-2001-0906 CAN-2001-0912 CVE-2001-0912 CAN-2001-0917 CVE-2001-0917 CAN-2001-0918 CVE-2001-0918 CAN-2001-0920 CVE-2001-0920 CAN-2001-0929 CVE-2001-0929 CAN-2001-0936 CVE-2001-0936 CAN-2001-0939 CVE-2001-0939 CAN-2001-0940 CVE-2001-0940 CAN-2001-0946 CVE-2001-0946 CAN-2001-0961 CVE-2001-0961 CAN-2001-0962 CVE-2001-0962 CAN-2001-0977 CVE-2001-0977 CAN-2001-0981 CVE-2001-0981 CAN-2001-1002 CVE-2001-1002 CAN-2001-1022 CVE-2001-1022 CAN-2001-1027 CVE-2001-1027 CAN-2001-1030 CVE-2001-1030 CAN-2001-1032 CVE-2001-1032 CAN-2001-1043 CVE-2001-1043 CAN-2001-1046 CVE-2001-1046 CAN-2001-1053 CVE-2001-1053 CAN-2001-1062 CVE-2001-1062 CAN-2001-1071 CVE-2001-1071 CAN-2001-1072 CVE-2001-1072 CAN-2001-1074 CVE-2001-1074 CAN-2001-1079 CVE-2001-1079 CAN-2001-1083 CVE-2001-1083 CAN-2001-1084 CVE-2001-1084 CAN-2001-1085 CVE-2001-1085 CAN-2001-1088 CVE-2001-1088 CAN-2001-1089 CVE-2001-1089 CAN-2001-1095 CVE-2001-1095 CAN-2001-1096 CVE-2001-1096 CAN-2001-1099 CVE-2001-1099 CAN-2001-1100 CVE-2001-1100 CAN-2001-1108 CVE-2001-1108 CAN-2001-1113 CVE-2001-1113 CAN-2001-1116 CVE-2001-1116 CAN-2001-1117 CVE-2001-1117 CAN-2001-1118 CVE-2001-1118 CAN-2001-1119 CVE-2001-1119 CAN-2001-1121 CVE-2001-1121 CAN-2001-1130 CVE-2001-1130 CAN-2001-1132 CVE-2001-1132 CAN-2001-1141 CVE-2001-1141 CAN-2001-1144 CVE-2001-1144 CAN-2001-1146 CVE-2001-1146 CAN-2001-1147 CVE-2001-1147 CAN-2001-1149 CVE-2001-1149 CAN-2001-1153 CVE-2001-1153 CAN-2001-1155 CVE-2001-1155 CAN-2001-1158 CVE-2001-1158 CAN-2001-1160 CVE-2001-1160 CAN-2001-1161 CVE-2001-1161 CAN-2001-1162 CVE-2001-1162 CAN-2001-1166 CVE-2001-1166 CAN-2001-1172 CVE-2001-1172 CAN-2001-1174 CVE-2001-1174 CAN-2001-1175 CVE-2001-1175 CAN-2001-1176 CVE-2001-1176 CAN-2001-1177 CVE-2001-1177 CAN-2001-1180 CVE-2001-1180 CAN-2001-1183 CVE-2001-1183 CAN-2001-1185 CVE-2001-1185 CAN-2001-1193 CVE-2001-1193 CAN-2001-1199 CVE-2001-1199 CAN-2001-1201 CVE-2001-1201 CAN-2001-1203 CVE-2001-1203 CAN-2001-1215 CVE-2001-1215 CAN-2001-1227 CVE-2001-1227 CAN-2001-1231 CVE-2001-1231 CAN-2001-1234 CVE-2001-1234 CAN-2001-1235 CVE-2001-1235 CAN-2001-1236 CVE-2001-1236 CAN-2001-1237 CVE-2001-1237 CAN-2001-1240 CVE-2001-1240 CAN-2001-1246 CVE-2001-1246 CAN-2001-1247 CVE-2001-1247 CAN-2001-1252 CVE-2001-1252 CAN-2001-1266 CVE-2001-1266 CAN-2001-1276 CVE-2001-1276 CAN-2001-1277 CVE-2001-1277 CAN-2001-1295 CVE-2001-1295 CAN-2001-1297 CVE-2001-1297 CAN-2001-1299 CVE-2001-1299 CAN-2001-1322 CVE-2001-1322 CAN-2001-1342 CVE-2001-1342 CAN-2001-1345 CVE-2001-1345 CAN-2002-0002 CVE-2002-0002 CAN-2002-0003 CVE-2002-0003 CAN-2002-0004 CVE-2002-0004 CAN-2002-0007 CVE-2002-0007 CAN-2002-0018 CVE-2002-0018 CAN-2002-0020 CVE-2002-0020 CAN-2002-0021 CVE-2002-0021 CAN-2002-0022 CVE-2002-0022 CAN-2002-0023 CVE-2002-0023 CAN-2002-0025 CVE-2002-0025 CAN-2002-0026 CVE-2002-0026 CAN-2002-0027 CVE-2002-0027 CAN-2002-0028 CVE-2002-0028 CAN-2002-0038 CVE-2002-0038 CAN-2002-0040 CVE-2002-0040 CAN-2002-0043 CVE-2002-0043 CAN-2002-0044 CVE-2002-0044 CAN-2002-0045 CVE-2002-0045 CAN-2002-0046 CVE-2002-0046 CAN-2002-0047 CVE-2002-0047 CAN-2002-0049 CVE-2002-0049 CAN-2002-0050 CVE-2002-0050 CAN-2002-0051 CVE-2002-0051 CAN-2002-0052 CVE-2002-0052 CAN-2002-0055 CVE-2002-0055 CAN-2002-0057 CVE-2002-0057 CAN-2002-0059 CVE-2002-0059 CAN-2002-0060 CVE-2002-0060 CAN-2002-0063 CVE-2002-0063 CAN-2002-0064 CVE-2002-0064 CAN-2002-0065 CVE-2002-0065 CAN-2002-0066 CVE-2002-0066 CAN-2002-0070 CVE-2002-0070 CAN-2002-0078 CVE-2002-0078 CAN-2002-0080 CVE-2002-0080 CAN-2002-0081 CVE-2002-0081 CAN-2002-0082 CVE-2002-0082 CAN-2002-0083 CVE-2002-0083 CAN-2002-0092 CVE-2002-0092 CAN-2002-0096 CVE-2002-0096 CAN-2002-0097 CVE-2002-0097 CAN-2002-0098 CVE-2002-0098 CAN-2002-0107 CVE-2002-0107 CAN-2002-0111 CVE-2002-0111 CAN-2002-0115 CVE-2002-0115 CAN-2002-0117 CVE-2002-0117 CAN-2002-0121 CVE-2002-0121 CAN-2002-0128 CVE-2002-0128 CAN-2002-0139 CVE-2002-0139 CAN-2002-0143 CVE-2002-0143 CAN-2002-0151 CVE-2002-0151 CAN-2002-0152 CVE-2002-0152 CAN-2002-0153 CVE-2002-0153 CAN-2002-0159 CVE-2002-0159 CAN-2002-0160 CVE-2002-0160 CAN-2002-0166 CVE-2002-0166 CAN-2002-0167 CVE-2002-0167 CAN-2002-0168 CVE-2002-0168 CAN-2002-0175 CVE-2002-0175 CAN-2002-0176 CVE-2002-0176 CAN-2002-0179 CVE-2002-0179 CAN-2002-0196 CVE-2002-0196 CAN-2002-0197 CVE-2002-0197 CAN-2002-0207 CVE-2002-0207 CAN-2002-0209 CVE-2002-0209 CAN-2002-0211 CVE-2002-0211 CAN-2002-0226 CVE-2002-0226 CAN-2002-0237 CVE-2002-0237 CAN-2002-0251 CVE-2002-0251 CAN-2002-0265 CVE-2002-0265 CAN-2002-1056 CVE-2002-1056 ====================================================== Candidate: CAN-1999-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1080 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2 Reference: BUGTRAQ:19991011 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2 Reference: BID:250 Reference: URL:http://www.securityfocus.com/bid/250 Reference: SUNBUG:4205437 Reference: XF:solaris-rmmount-gain-root(8350) rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. Modifications: ADDREF SUNBUG:4205437 ADDREF XF:solaris-rmmount-gain-root(8350) INFERRED ACTION: CAN-1999-1080 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Cole, Dik MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Dik> sun bug: 4205437 Frech> XF:solaris-rmmount-gain-root(8350) ====================================================== Candidate: CAN-1999-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1362 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q160601 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp Reference: XF:nt-win32k-dos(7403) Reference: URL:http://www.iss.net/security_center/static/7403.php Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. Modifications: ADDREF XF:nt-win32k-dos(7403) INFERRED ACTION: CAN-1999-1362 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-win32k-dos(7403) ====================================================== Candidate: CAN-2000-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0060 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2 Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2 Reference: BID:894 Reference: URL:http://www.securityfocus.com/bid/894 Reference: XF:avirt-rover-pop3-dos(3765) Reference: URL:http://www.iss.net/security_center/static/3765.php Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. Modifications: ADDREF XF:avirt-rover-pop3-dos DESC add version ADDREF NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt INFERRED ACTION: CAN-2000-0060 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech NOOP(1) Balinsky Voter Comments: Frech> XF:avirt-rover-pop3-dos Balinsky> No mention of the problem or relevant patch on vendor website. Williams> Balinsky - this product is no longer supported by vendor. should include v1.1 for NT in title ====================================================== Candidate: CAN-2000-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0072 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Warning: VCasel security hole. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2 Reference: BID:937 Reference: URL:http://www.securityfocus.com/bid/937 Reference: XF:vcasel-filename-trusting(3867) Reference: URL:http://www.iss.net/security_center/static/3867.php Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. Modifications: ADDREF XF:vcasel-filename-trusting(3867) INFERRED ACTION: CAN-2000-0072 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech Voter Comments: Frech> XF:vcasel-filename-trusting(3867) ====================================================== Candidate: CAN-2000-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0087 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2 Reference: XF:netscape-mail-notify-plaintext(4385) Reference: URL:http://www.iss.net/security_center/static/4385.php Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. Modifications: ADDREF XF:netscape-mail-notify-plaintext(4385) INFERRED ACTION: CAN-2000-0087 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech Voter Comments: Frech> XF:netscape-mail-notify-plaintext ====================================================== Candidate: CAN-2000-0976 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0976 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 another Xlib buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html Reference: SGI:20020502-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I Reference: BID:1805 Reference: URL:http://www.securityfocus.com/bid/1805 Reference: XF:xfree-xlib-bo(5751) Reference: URL:http://www.iss.net/security_center/static/5751.php Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. Modifications: ADDREF XF:xfree-xlib-bo(5751) ADDREF SGI:20020502-01-I INFERRED ACTION: CAN-2000-0976 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Mell, Baker MODIFY(1) Frech NOOP(2) Christey, Cole Voter Comments: Frech> XF:xfree-xlib-bo(5751) Christey> This might not be exploitable; see followups CHANGE> [Christey changed vote from REVIEWING to NOOP] Christey> SGI:20020502-01-I ====================================================== Candidate: CAN-2000-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1166 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Reference: BID:1998 Reference: URL:http://www.securityfocus.com/bid/1998 Reference: XF:twig-php3-script-execute(5581) Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. Modifications: ADDREF XF:twig-php3-script-execute(5581) ADDREF CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG INFERRED ACTION: CAN-2000-1166 FINAL (Final Decision 20020625) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Voter Comments: Frech> XF:twig-php3-script-execute(5581) Christey> CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Dated December 18, 2000: "Fixed security hole with respect to vhosts." ====================================================== Candidate: CAN-2000-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1193 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: XF:irix-pcp-pmcd-dos(4284) Reference: URL:http://xforce.iss.net/static/4284.php Reference: SGI:20020407-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port. Modifications: CHANGEREF XF:irix-pcp-pmcd-dos(4284) ADDREF SGI:20020407-01-I INFERRED ACTION: CAN-2000-1193 FINAL (Final Decision 20020625) Current Votes: MODIFY(2) Frech, Williams NOOP(5) Wall, Foat, Cole, Stracener, Christey Voter Comments: Frech> XF:irix-pcp-pmcd-dos(4284) (same XF:ID number, but slightly different name) Williams> not just a DoS. also involves information gathering vuln. Christey> ADDREF SGI:20020407-01-I ====================================================== Candidate: CAN-2001-0508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0508 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010829 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 Reference: URL:http://online.securityfocus.com/archive/1/182579 Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: XF:iis-webdav-long-request-dos(6982) Reference: URL:http://www.iss.net/security_center/static/6982.php Reference: BID:2690 Reference: URL:http://www.securityfocus.com/bid/2690 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Modifications: ADDREF XF:iis-webdav-long-request-dos(6982) ADDREF BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 ADDREF BID:2690 INFERRED ACTION: CAN-2001-0508 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-webdav-long-request-dos(6982) Christey> Need to determine whether this CAN is fixing this problem: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 URL:http://www.securityfocus.com/archive/1/3AF56057.1CB06CBC@guninski.com If so, then ADDREF BID:2690 as well. Christey> Yes, these are the same issue Christey> BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 URL:http://online.securityfocus.com/archive/1/182579 (confirmed w/Microsoft) ====================================================== Candidate: CAN-2001-0550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010718 Category: SF Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{ Reference: URL:http://www.securityfocus.com/archive/82/180823 Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100700363414799&w=2 Reference: CERT:CA-2001-33 Reference: URL:http://www.cert.org/advisories/CA-2001-33.html Reference: CERT-VN:VU#886083 Reference: URL:http://www.kb.cert.org/vuls/id/886083 Reference: REDHAT:RHSA-2001-157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html Reference: CALDERA:CSSA-2001-041.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt Reference: CALDERA:CSSA-2001-SCO.36 Reference: MANDRAKE:MDKSA-2001:090 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 Reference: HP:HPSBUX0107-162 Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability Reference: BID:3581 Reference: URL:http://www.securityfocus.com/bid/3581 Reference: XF:wuftp-glob-heap-corruption(7611) wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). Modifications: ADDREF XF:wuftp-glob-heap-corruption(7611) ADDREF CALDERA:CSSA-2001-SCO.36 INFERRED ACTION: CAN-2001-0550 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:wuftp-glob-heap-corruption(7611) Christey> CALDERA:CSSA-2001-SCO.36 ====================================================== Candidate: CAN-2001-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0553 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010727 Assigned: 20010724 Category: SF Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html Reference: CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm Reference: CERT-VN:VU#737451 Reference: URL:http://www.kb.cert.org/vuls/id/737451 Reference: CIAC:L-121 Reference: URL:http://www.ciac.org/ciac/bulletins/l-121.shtml Reference: BID:3078 Reference: URL:http://www.securityfocus.com/bid/3078 Reference: XF:ssh-password-length-unauth-access(6868) SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. Modifications: ADDREF XF:ssh-password-length-unauth-access(6868) ADDREF CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm ADDREF CERT-VN:VU#737451 ADDREF BID:3078 ADDREF CIAC:L-121 INFERRED ACTION: CAN-2001-0553 FINAL (Final Decision 20020625) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(5) Christey, Wall, Foat, Cole, Ziese Voter Comments: Frech> XF:ssh-password-length-unauth-access(6868) Christey> CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm CERT-VN:VU#737451 URL:http://www.kb.cert.org/vuls/id/737451 BID:3078 URL:http://www.securityfocus.com/bid/3078 CIAC:L-121 URL:http://www.ciac.org/ciac/bulletins/l-121.shtml ====================================================== Candidate: CAN-2001-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0726 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-057.asp Reference: XF:exchange-owa-embedded-script-execution(7663) Reference: BID:3650 Reference: URL:http://online.securityfocus.com/bid/3650 Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. Modifications: ADDREF XF:exchange-owa-embedded-script-execution(7663) ADDREF BID:3650 INFERRED ACTION: CAN-2001-0726 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:exchange-owa-embedded-script-execution(7663) Christey> Consider adding BID:3650 ====================================================== Candidate: CAN-2001-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0727 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100835204509262&w=2 Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100861273114437&w=2 Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: CERT:CA-2001-36 Reference: URL:http://www.cert.org/advisories/CA-2001-36.html Reference: XF:ie-file-download-execution(7703) Reference: BID:3578 Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." Modifications: ADDREF XF:ie-file-download-execution(7703) ADDREF BID:3578 INFERRED ACTION: CAN-2001-0727 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:ie-file-download-execution(7703) Christey> Consider adding BID:3578 ====================================================== Candidate: CAN-2001-0731 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0731 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20011008 Category: SF Reference: BUGTRAQ:20010709 How Google indexed a file with no external link Reference: URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net Reference: CONFIRM:http://www.apacheweek.com/issues/01-10-05#security Reference: MANDRAKE:MDKSA-2001:077 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3 Reference: BID:3009 Reference: URL:http://www.securityfocus.com/bid/3009 Reference: XF:apache-multiviews-directory-listing(8275) Reference: SGI:20020301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. Modifications: ADDREF XF:apache-multiviews-directory-listing(8275) ADDREF SGI:20020301-01-P INFERRED ACTION: CAN-2001-0731 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Ziese, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> SGI:20020301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P Frech> XF:apache-multiviews-directory-listing(8275) ====================================================== Candidate: CAN-2001-0769 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0769 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-null-memory-leak(6613) Reference: URL:http://xforce.iss.net/static/6613.php Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. INFERRED ACTION: CAN-2001-0769 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Foat, Frech NOOP(4) Christey, Wall, Cole, Armstrong Voter Comments: Christey> Email ack received from guildftpd@nitrolic.com on 3/8/2002 ====================================================== Candidate: CAN-2001-0770 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0770 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020308-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-site-bo(6612) Reference: URL:http://xforce.iss.net/static/6612.php Reference: CONFIRM:http://www.nitrolic.com/help/history.htm Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. Modifications: ADDREF CONFIRM:http://www.nitrolic.com/help/history.htm INFERRED ACTION: CAN-2001-0770 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(3) Christey, Wall, Cole Voter Comments: Christey> Possible ACK at http://www.nitrolic.com/help/history.htm Inquiry sent to guildftpd@nitrolic.com on 2/25/2002 Christey> Email ack received from guildftpd@nitrolic.com on 3/8/2002 ====================================================== Candidate: CAN-2001-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0797 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011024 Category: SF Reference: ISS:20011212 Buffer Overflow in /bin/login Reference: URL:http://xforce.iss.net/alerts/advise105.php Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow Reference: URL:http://www.securityfocus.com/archive/1/246487 Reference: CERT:CA-2001-34 Reference: URL:http://www.cert.org/advisories/CA-2001-34.html Reference: CERT-VN:VU#569272 Reference: URL:http://www.kb.cert.org/vuls/id/569272 Reference: CALDERA:CSSA-2001-SCO.40 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt Reference: SUN:00213 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213 Reference: AIXAPAR:IY26221 Reference: SGI:20011201-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I Reference: SUNBUG:4516885 Reference: BUGTRAQ:20011214 Sun Solaris login bug patches out Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100844757228307&w=2 Reference: XF:telnet-tab-bo(7284) Reference: URL:http://xforce.iss.net/static/7284.php Reference: BID:3681 Reference: URL:http://www.securityfocus.com/bid/3681 Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. Modifications: ADDREF SUNBUG:4516885 ADDREF BUGTRAQ:20011214 Sun Solaris login bug patches out INFERRED ACTION: CAN-2001-0797 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Frech, Dik, Green NOOP(3) Christey, Wall, Foat Voter Comments: Dik> Sun bugid: 4516885 Christey> BUGTRAQ:20011214 Sun Solaris login bug patches out URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100844757228307&w=2 ====================================================== Candidate: CAN-2001-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0869 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011129 Category: SF Reference: SUSE:SuSE-SA:2001:042 Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3 Reference: CALDERA:CSSA-2001-040.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt Reference: REDHAT:RHSA-2001-150 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html Reference: REDHAT:RHSA-2001-151 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html Reference: MANDRAKE:MDKSA-2002:018 Reference: XF:cyrus-sasl-format-string(7443) Reference: URL:http://xforce.iss.net/static/7443.php Reference: FREEBSD:FreeBSD-SA-02:15 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc Format string vulnerability in the default logging callback function in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. Modifications: ADDREF MANDRAKE:MDKSA-2002:018 ADDREF FREEBSD:FreeBSD-SA-02:15 INFERRED ACTION: CAN-2001-0869 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(2) Christey, Wall Voter Comments: Christey> MANDRAKE:MDKSA-2002:018 Christey> ADDREF FREEBSD:FreeBSD-SA-02:15 URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc ====================================================== Candidate: CAN-2001-0872 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020228-01 Proposed: 20020131 Assigned: 20011203 Category: SF Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2 Reference: REDHAT:RHSA-2001:161 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html Reference: SUSE:SuSE-SA:2001:045 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html Reference: DEBIAN:DSA-091 Reference: URL:http://www.debian.org/security/2001/dsa-091 Reference: XF:openssh-uselogin-execute-code(7647) Reference: URL:http://xforce.iss.net/static/7647.php OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. Modifications: ADDREF DEBIAN:DSA-091 INFERRED ACTION: CAN-2001-0872 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0884 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011213 Category: SF Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting Reference: URL:http://www.securityfocus.com/archive/1/242839 Reference: CONECTIVA:CLA-2001:445 Reference: URL:http://www.securityfocus.com/advisories/3721 Reference: REDHAT:RHSA-2001:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html Reference: REDHAT:RHSA-2001:170 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html Reference: XF:mailman-java-css(7617) Reference: URL:http://xforce.iss.net/static/7617.php Reference: BID:3602 Reference: URL:http://www.securityfocus.com/bid/3602 Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. INFERRED ACTION: CAN-2001-0884 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011214 Category: SF Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues. Reference: URL:http://www.securityfocus.com/archive/1/245956 Reference: REDHAT:RHSA-2001-160 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html Reference: MANDRAKE:MDKSA-2001:095 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3 Reference: ENGARDE:ESA-20011217-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html Reference: XF:glibc-glob-bo(7705) Reference: URL:http://xforce.iss.net/static/7705.php Reference: BID:3707 Reference: URL:http://www.securityfocus.com/bid/3707 Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. INFERRED ACTION: CAN-2001-0886 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Green, Wall, Baker, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0887 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: FREEBSD:FreeBSD-SA-01:68 Reference: URL:http://www.securityfocus.com/advisories/3734 Reference: BID:3700 Reference: URL:http://www.securityfocus.com/bid/3700 Reference: XF:xsane-temp-symlink(7714) Reference: URL:http://xforce.iss.net/static/7714.php xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. INFERRED ACTION: CAN-2001-0887 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0888 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100895903202798&w=2 Reference: XF:atmel-snmp-community-dos(7734) Reference: URL:http://xforce.iss.net/static/7734.php Reference: BID:3734 Reference: URL:http://www.securityfocus.com/bid/3734 Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. INFERRED ACTION: CAN-2001-0888 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0889 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0889 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011221 Category: SF Reference: BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2 Reference: REDHAT:RHSA-2001:176 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html Reference: XF:exim-pipe-hostname-commands(7738) Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:exim-pipe-hostname-commands(7738) INFERRED ACTION: CAN-2001-0889 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:exim-pipe-hostname-commands(7738) ====================================================== Candidate: CAN-2001-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0894 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100584160110303&w=2 Reference: MANDRAKE:MDKSA-2001:089 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-089.php3?dis=8.1 Reference: DEBIAN:DSA-093 Reference: URL:http://www.debian.org/security/2001/dsa-093 Reference: REDHAT:RHSA-2001:156 Reference: BID:3544 Reference: URL:http://www.securityfocus.com/bid/3544 Reference: XF:postfix-smtp-log-dos(7568) Reference: URL:http://xforce.iss.net/static/7568.php Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. Modifications: ADDREF REDHAT:RHSA-2001:156 INFERRED ACTION: CAN-2001-0894 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech MODIFY(1) Cox NOOP(1) Wall Voter Comments: Cox> ADDREF REDHAT:RHSA-2001:156 ====================================================== Candidate: CAN-2001-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0895 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml Reference: XF:cisco-arp-overwrite-table(7547) Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. Modifications: ADDREF XF:cisco-arp-overwrite-table(7547) INFERRED ACTION: CAN-2001-0895 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-arp-overwrite-table(7547) ====================================================== Candidate: CAN-2001-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0896 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.33 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt Reference: BUGTRAQ:20020201 RE: DoS bug on Tru64 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101284101228656&w=2 Reference: BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101303877215098&w=2 Reference: XF:openserver-nmap-po-option(7571) Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO. Modifications: ADDREF BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 ADDREF BUGTRAQ:20020201 RE: DoS bug on Tru64 ADDREF XF:openserver-nmap-po-option(7571) INFERRED ACTION: CAN-2001-0896 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> A rediscovery of this issue was reported in: BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101303877215098&w=2 BUGTRAQ:20020201 RE: DoS bug on Tru64 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101284101228656&w=2 Frech> XF:openserver-nmap-po-option(7571) ====================================================== Candidate: CAN-2001-0899 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0899 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100593523104176&w=2 Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32 Reference: XF:phpnuke-nettools-command-execution(7578) Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. Modifications: ADDREF XF:phpnuke-nettools-command-execution(7578) INFERRED ACTION: CAN-2001-0899 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:phpnuke-nettools-command-execution(7578) ====================================================== Candidate: CAN-2001-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0900 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2 Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order= Reference: XF:phpnuke-gallery-directory-traversal(7580) Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. Modifications: ADDREF XF:phpnuke-gallery-directory-traversal(7580) INFERRED ACTION: CAN-2001-0900 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:phpnuke-gallery-directory-traversal(7580) ====================================================== Candidate: CAN-2001-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0901 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626603407639&w=2 Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz Reference: XF:hypermail-ssi-execute-commands(7576) Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. Modifications: ADDREF XF:hypermail-ssi-execute-commands(7576) INFERRED ACTION: CAN-2001-0901 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:hypermail-ssi-execute-commands(7576) ====================================================== Candidate: CAN-2001-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0905 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-083 Reference: URL:http://www.debian.org/security/2001/dsa-083 Reference: REDHAT:RHSA-2001:093 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-093.html Reference: MANDRAKE:MDKSA-2001:085 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3 Reference: FREEBSD:FreeBSD-SA-01:60 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc Reference: CONECTIVA:CLA-2001:433 Reference: BID:3071 Reference: URL:http://www.securityfocus.com/bid/3071 Reference: XF:procmail-signal-handling-race(6872) Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. Modifications: ADDREF CONECTIVA:CLA-2001:433 ADDREF XF:procmail-signal-handling-race(6872) INFERRED ACTION: CAN-2001-0905 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Green, Wall, Baker, Cole, Armstrong MODIFY(2) Christey, Frech NOOP(1) Foat Voter Comments: Frech> XF:procmail-signal-handling-race(6872) Christey> ADDREF CONECTIVA:CLA-2001:433 ====================================================== Candidate: CAN-2001-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0906 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit Reference: URL:http://www.securityfocus.com/archive/1/192647 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: MANDRAKE:MDKSA-2001:086 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3 Reference: IMMUNIX:IMNX-2001-70-030-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01 Reference: BID:2974 Reference: URL:http://www.securityfocus.com/bid/2974 Reference: XF:tetex-lprng-tmp-race(6785) Reference: URL:http://xforce.iss.net/static/6785.php teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. INFERRED ACTION: CAN-2001-0906 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0912 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: MANDRAKE:MDKSA-2001:087 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1 Reference: XF:linux-expect-unauth-root(7604) Reference: URL:http://xforce.iss.net/static/7604.php Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. INFERRED ACTION: CAN-2001-0912 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0917 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011122 Hi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654722925155&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=100658457507305&w=2 Reference: XF:tomcat-reveal-install-path(7599) Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. Modifications: ADDREF XF:tomcat-reveal-install-path(7599) INFERRED ACTION: CAN-2001-0917 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:tomcat-reveal-install-path(7599) ====================================================== Candidate: CAN-2001-0918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0918 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: SUSE:SuSE-SA:2001:041 Reference: URL:http://www.suse.de/de/support/security/2001_041_susehelp_txt.txt Reference: XF:susehelp-cgi-command-execution(7583) Reference: URL:http://xforce.iss.net/static/7583.php Reference: BID:3576 Reference: URL:http://www.securityfocus.com/bid/3576 Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. INFERRED ACTION: CAN-2001-0918 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0920 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0920 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100680319004162&w=2 Reference: CONFIRM:http://and.sourceforge.net/ Reference: XF:and-format-string(7606) Reference: URL:http://xforce.iss.net/static/7606.php Reference: BID:3580 Reference: URL:http://www.securityfocus.com/bid/3580 Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string. INFERRED ACTION: CAN-2001-0920 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0929 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml Reference: XF:ios-cbac-bypass-acl(7614) Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. Modifications: ADDREF XF:ios-cbac-bypass-acl(7614) INFERRED ACTION: CAN-2001-0929 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:ios-cbac-bypass-acl(7614) ====================================================== Candidate: CAN-2001-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0936 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100713367307799&w=2 Reference: CONFIRM:http://frox.sourceforge.net/security.txt Reference: XF:frox-ftp-proxy-bo(7632) Reference: URL:http://xforce.iss.net/static/7632.php Reference: BID:3606 Reference: URL:http://www.securityfocus.com/bid/3606 Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request. INFERRED ACTION: CAN-2001-0936 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0939 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0939 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715316426817&w=2 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88 Reference: BID:3607 Reference: URL:http://www.securityfocus.com/bid/3607 Reference: XF:lotus-domino-nhttp-dos(7631) Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. Modifications: ADDREF XF:lotus-domino-nhttp-dos(7631) INFERRED ACTION: CAN-2001-0939 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(1) Wall Voter Comments: Frech> XF:lotus-domino-nhttp-dos(7631) CHANGE> [Frech changed vote from MODIFY to ACCEPT] ====================================================== Candidate: CAN-2001-0940 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0940 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698954308436&w=2 Reference: BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094268017271&w=2 Reference: BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html Reference: CHECKPOINT:20010919 GUI Buffer Overflow Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html Reference: BID:3336 Reference: URL:http://www.securityfocus.com/bid/3336 Reference: XF:fw1-log-viewer-bo(7145) Reference: URL:http://xforce.iss.net/static/7145.php Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. Modifications: ADDREF BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) ADDREF BID:3336 ADDREF XF:fw1-log-viewer-bo(7145) ADDREF BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow INFERRED ACTION: CAN-2001-0940 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094268017271&w=2 BID:3336 URL:http://www.securityfocus.com/bid/3336 XF:fw1-log-viewer-bo(7145) URL:http://xforce.iss.net/static/7145.php BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html Frech> XF:fw1-log-viewer-bo(7145) ====================================================== Candidate: CAN-2001-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0946 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100743394701962&w=2 Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389 Reference: XF:apmd-apmscript-symlink(8268) apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. Modifications: ADDREF XF:apmd-apmscript-symlink(8268) INFERRED ACTION: CAN-2001-0946 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Wall, Baker, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:apmd-apmscript-symlink(8268) ====================================================== Candidate: CAN-2001-0961 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0961 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-076 Reference: URL:http://www.debian.org/security/2001/dsa-076 Reference: XF:most-file-create-bo(7149) Reference: URL:http://xforce.iss.net/static/7149.php Reference: BID:3347 Reference: URL:http://www.securityfocus.com/bid/3347 Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. INFERRED ACTION: CAN-2001-0961 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0962 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p Reference: XF:ibm-websphere-seq-predict(7153) Reference: URL:http://xforce.iss.net/static/7153.php IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. INFERRED ACTION: CAN-2001-0962 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Wall, Foat, Cole ====================================================== Candidate: CAN-2001-0977 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0977 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#935800 Reference: URL:http://www.kb.cert.org/vuls/id/935800 Reference: DEBIAN:DSA-068 Reference: URL:http://www.debian.org/security/2001/dsa-068 Reference: REDHAT:RHSA-2001:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-098.html Reference: CONECTIVA:CLA-2001:417 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417 Reference: MANDRAKE:MDKSA-2001:069 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3 Reference: BID:3049 Reference: URL:http://www.securityfocus.com/bid/3049 Reference: XF:openldap-ldap-protos-dos(6904) Reference: URL:http://xforce.iss.net/static/6904.php slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. INFERRED ACTION: CAN-2001-0977 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0981 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HP:HPSBUX0108-164 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html Reference: XF:hp-cifs-change-passwords(7051) HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. Modifications: ADDREF XF:hp-cifs-change-passwords(7051) INFERRED ACTION: CAN-2001-0981 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:hp-cifs-change-passwords(7051) ====================================================== Candidate: CAN-2001-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1002 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99892644616749&w=2 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: BID:3241 Reference: URL:http://www.securityfocus.com/bid/3241 Reference: XF:tetex-lprng-tmp-race(6785) The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. Modifications: ADDREF XF:tetex-lprng-tmp-race(6785) INFERRED ACTION: CAN-2001-1002 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:tetex-lprng-tmp-race(6785) Similar to CAN-2001-0906? Christey> Similar in the sense that lprng/lpd uses Tetex, or something like that. ====================================================== Candidate: CAN-2001-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1022 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0 Reference: URL:http://www.securityfocus.com/archive/1/199706 Reference: DEBIAN:DSA-072 Reference: URL:http://www.debian.org/security/2001/dsa-072 Reference: CONECTIVA:CLA-2001:428 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 Reference: XF:linux-groff-format-string(6918) Reference: URL:http://xforce.iss.net/static/6918.php Reference: BID:3103 Reference: URL:http://www.securityfocus.com/bid/3103 Format string vulnerability in pic utility in groff 1.16.1 and other versions allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. INFERRED ACTION: CAN-2001-1022 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1027 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog Reference: DEBIAN:DSA-074 Reference: URL:http://www.debian.org/security/2001/dsa-074 Reference: CONECTIVA:CLA-2001:411 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411 Reference: SUSE:SuSE-SA:2001:032 Reference: URL:http://www.suse.de/de/support/security/2001_032_wmaker_txt.txt Reference: MANDRAKE:MDKSA-2001:074 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3 Reference: BID:3177 Reference: URL:http://www.securityfocus.com/bid/3177 Reference: XF:windowmaker-title-bo(6969) Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. Modifications: ADDREF XF:windowmaker-title-bo(6969) INFERRED ACTION: CAN-2001-1027 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:windowmaker-title-bo(6969) ====================================================== Candidate: CAN-2001-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1030 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning Reference: URL:http://www.securityfocus.com/archive/1/197727 Reference: BUGTRAQ:20010719 TSLSA-2001-0013 - Squid Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html Reference: IMMUNIX:IMNX-2001-70-031-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 Reference: CALDERA:CSSA-2001-029.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt Reference: MANDRAKE:MDKSA-2001:066 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 Reference: REDHAT:RHSA-2001:097 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-097.html Reference: XF:squid-http-accelerator-portscanning(6862) Reference: URL:http://xforce.iss.net/static/6862.php Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. INFERRED ACTION: CAN-2001-1030 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1032 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 Reference: XF:php-nuke-admin-file-overwrite(7170) Reference: URL:http://xforce.iss.net/static/7170.php Reference: BID:3361 Reference: URL:http://www.securityfocus.com/bid/3361 admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. Modifications: ADDREF CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 ADDREF BID:3361 INFERRED ACTION: CAN-2001-1032 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Christey> CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 BID:3361 URL:http://www.securityfocus.com/bid/3361 ====================================================== Candidate: CAN-2001-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1043 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194445 Reference: BID:2961 Reference: URL:http://www.securityfocus.com/bid/2961 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://xforce.iss.net/static/6760.php ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. INFERRED ACTION: CAN-2001-1043 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Armstrong, Christey Voter Comments: CHANGE> [Green changed vote from REVIEWING to ACCEPT] Christey> Acknowledged by the vendor in an email to Dave Baker, May 9. ====================================================== Candidate: CAN-2001-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1046 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Reference: URL:http://www.securityfocus.com/archive/1/188267 Reference: VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=98777649031406&w=2 Reference: CALDERA:CSSA-2001-SCO.8 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html Reference: BID:2811 Reference: URL:http://www.securityfocus.com/bid/2811 Reference: XF:qpopper-username-bo(6647) Reference: URL:http://xforce.iss.net/static/6647.php Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers gain privileges via a long username. INFERRED ACTION: CAN-2001-1046 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1053 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html Reference: CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17 Reference: XF:adcycle-insert-sql-command(6837) Reference: URL:http://xforce.iss.net/static/6837.php Reference: BID:3032 Reference: URL:http://www.securityfocus.com/bid/3032 AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. Modifications: DELREF XF:php-includedir-code-execution(7215) INFERRED ACTION: CAN-2001-1053 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> DELREF XF:php-includedir-code-execution(7215) ====================================================== Candidate: CAN-2001-1062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1062 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.12 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt Reference: XF:openserver-mana-bo(7034) Reference: URL:http://www.iss.net/security_center/static/7034.php Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. Modifications: ADDREF XF:openserver-mana-bo(7034) INFERRED ACTION: CAN-2001-1062 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:openserver-mana-bo(7034) ====================================================== Candidate: CAN-2001-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1071 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011009 Cisco CDP attacks Reference: URL:http://www.securityfocus.com/archive/1/219257 Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP Reference: URL:http://www.securityfocus.com/archive/1/219305 Reference: BID:3412 Reference: URL:http://www.securityfocus.com/bid/3412 Reference: XF:cisco-ios-cdp-dos(7242) Reference: URL:http://xforce.iss.net/static/7242.php Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. INFERRED ACTION: CAN-2001-1071 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1072 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect? Reference: URL:http://www.securityfocus.com/archive/1/203955 Reference: CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Reference: BID:3176 Reference: URL:http://www.securityfocus.com/bid/3176 Reference: XF:apache-rewrite-bypass-directives(8633) Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail Modifications: ADDREF CONFIRM:http://www.apacheweek.com/issues/02-02-01#security ADDREF XF:apache-rewrite-bypass-directives(8633) INFERRED ACTION: CAN-2001-1072 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> ADDREF CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Christey> CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Frech> Not apache-rewrite-view-files(5310). CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:apache-rewrite-bypass-directives(8633) ====================================================== Candidate: CAN-2001-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1074 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html Reference: CALDERA:CSSA-2001-019.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt Reference: MANDRAKE:MDKSA-2001:059 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 Reference: XF:webmin-gain-information(6627) Reference: URL:http://xforce.iss.net/static/6627.php Reference: BID:2795 Reference: URL:http://www.securityfocus.com/bid/2795 Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. INFERRED ACTION: CAN-2001-1074 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1079 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: CF Reference: AIXAPAR:IY19069 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0000.html Reference: XF:aix-keyfile-world-writable(8923) create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. Modifications: DESC Remove 3.2.0 from AIX version number ADDREF XF:aix-keyfile-world-writable(8923) INFERRED ACTION: CAN-2001-1079 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(2) Bollinger, Frech NOOP(2) Wall, Foat Voter Comments: Bollinger> incorrect. The "REL: 320" in the aixserv email refers to the PSSP version, not the AIX version. Frech> XF: aix-keyfile-world-writable(8923) ====================================================== Candidate: CAN-2001-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-02 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010626 Advisory Reference: URL:http://www.securityfocus.com/archive/1/193516 Reference: MISC:http://www.icecast.org/index.html Reference: CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz Reference: DEBIAN:DSA-089 Reference: URL:http://www.debian.org/security/2001/dsa-089 Reference: CALDERA:CSSA-2002-020.0 Reference: BID:2933 Reference: URL:http://www.securityfocus.com/bid/2933 Reference: XF:icecast-http-remote-dos(6751) Reference: URL:http://xforce.iss.net/static/6751.php Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). Modifications: ADDREF CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz DESC update versions. ADDREF DEBIAN:DSA-089 ADDREF CALDERA:CSSA-2002-020.0 INFERRED ACTION: CAN-2001-1083 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(5) Wall, Foat, Cole, Armstrong, Christey Voter Comments: CHANGE> [Green changed vote from REVIEWING to ACCEPT] Christey> CALDERA:CSSA-2002-020.0 ====================================================== Candidate: CAN-2001-1084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1084 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: ALLAIRE:MPSB01-06 Reference: URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://www.iss.net/security_center/static/6793.php Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. INFERRED ACTION: CAN-2001-1084 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1085 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010705 lmail local root exploit Reference: URL:http://www.securityfocus.com/archive/1/195022 Reference: XF:lmail-tmpfile-symlink(6809) Reference: URL:http://xforce.iss.net/static/6809.php Reference: BID:2984 Reference: URL:http://www.securityfocus.com/bid/2984 Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. INFERRED ACTION: CAN-2001-1085 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Green ====================================================== Candidate: CAN-2001-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1088 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing Reference: URL:http://www.securityfocus.com/archive/1/188752 Reference: CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241 Reference: XF:outlook-address-book-spoofing(6655) Reference: URL:http://xforce.iss.net/static/6655.php Reference: BID:2823 Reference: URL:http://www.securityfocus.com/bid/2823 Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. INFERRED ACTION: CAN-2001-1088 FINAL (Final Decision 20020625) Current Votes: ACCEPT(8) Wall, Baker, Foat, Cole, Armstrong, Frech, Ziese, Green ====================================================== Candidate: CAN-2001-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1089 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01 Reference: URL:http://www.securityfocus.com/archive/1/213331 Reference: BID:3314 Reference: URL:http://www.securityfocus.com/bid/3314 Reference: XF:postgresql-nss-authentication-modules(7111) Reference: URL:http://xforce.iss.net/static/7111.php libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. INFERRED ACTION: CAN-2001-1089 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1095 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23401 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflow in uuq in AIX 4 could alllow local users to execute arbitrary code via a long -r parameter. INFERRED ACTION: CAN-2001-1095 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Bollinger, Cole, Armstrong, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1096 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23402 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. INFERRED ACTION: CAN-2001-1096 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Bollinger, Cole, Armstrong, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1099 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/212724 Reference: BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/213762 Reference: XF:nav-exchange-reveal-information(7093) Reference: URL:http://xforce.iss.net/static/7093.php Reference: BID:3305 Reference: URL:http://www.securityfocus.com/bid/3305 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. INFERRED ACTION: CAN-2001-1099 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1100 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011007 Bug found at W3Mail Webmail Reference: URL:http://www.securityfocus.com/archive/1/218921 Reference: CONFIRM:http://www.w3mail.org/ChangeLog Reference: BID:3673 Reference: URL:http://www.securityfocus.com/bid/3673 Reference: XF:w3mail-metacharacters-command-execution(7230) Reference: URL:http://xforce.iss.net/static/7230.php sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. INFERRED ACTION: CAN-2001-1100 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1108 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html Reference: XF:snapstream-dot-directory-traversal(6917) Reference: URL:http://xforce.iss.net/static/6917.php Reference: BID:3100 Reference: URL:http://www.securityfocus.com/bid/3100 Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL. INFERRED ACTION: CAN-2001-1108 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1113 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26 Reference: URL:http://www.securityfocus.com/archive/1/203874 Reference: CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Reference: XF:trollftpd-long-path-bo(6974) Reference: URL:http://xforce.iss.net/static/6974.php Reference: BID:3174 Reference: URL:http://www.securityfocus.com/bid/3174 Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. INFERRED ACTION: CAN-2001-1113 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1116 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020320-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NTBUGTRAQ:20010802 Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71 Reference: NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724 Reference: XF:identix-biologon-auth-bypass(6948) Reference: URL:http://xforce.iss.net/static/6948.php Reference: BID:3140 Reference: URL:http://www.securityfocus.com/bid/3140 Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. Modifications: CHANGEREF XF [fix typo in tagname] INFERRED ACTION: CAN-2001-1116 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Foat, Cole, Frech, Ziese, Green NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1117 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010810 Linksys router security fix Reference: URL:http://www.securityfocus.com/archive/1/203302 Reference: BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port Reference: URL:http://www.securityfocus.com/archive/1/201390 Reference: CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip Reference: XF:linksys-etherfast-reveal-passwords(6949) Reference: URL:http://xforce.iss.net/static/6949.php Reference: BID:3141 Reference: URL:http://www.securityfocus.com/bid/3141 LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. INFERRED ACTION: CAN-2001-1117 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Foat, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Wall ====================================================== Candidate: CAN-2001-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1118 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable Reference: URL:http://www.securityfocus.com/archive/1/201476 Reference: BUGTRAQ:20010802 FW: Security alert: Remote user can access any file Reference: URL:http://www.securityfocus.com/archive/1/201499 Reference: CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html Reference: BID:3145 Reference: URL:http://www.securityfocus.com/bid/3145 Reference: XF:roxen-urlrectifier-retrieve-files(6937) Reference: URL:http://xforce.iss.net/static/6937.php A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL. INFERRED ACTION: CAN-2001-1118 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1119 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#105347 Reference: URL:http://www.kb.cert.org/vuls/id/105347 Reference: SUSE:SuSE-SA:2001:025 Reference: URL:http://www.suse.de/de/support/security/2001_025_xmcd_txt.html Reference: BID:3148 Reference: URL:http://www.securityfocus.com/bid/3148 Reference: XF:xmcd-cda-symlink(6941) Reference: URL:http://xforce.iss.net/static/6941.php cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. INFERRED ACTION: CAN-2001-1119 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1121 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://xforce.iss.net/static/6793.php Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows remote attackers to execute JavaScript on other clients via a web page URL that references a non-existent JSP file or Servlet, which causes the script to be returned in an error message. INFERRED ACTION: CAN-2001-1121 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1130 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability Reference: URL:http://www.securityfocus.com/archive/1/201216 Reference: SUSE:SuSE-SA:2001:027 Reference: URL:http://www.suse.de/de/support/security/2001_027_sdb_txt.txt Reference: XF:sdbsearch-cgi-command-execution(7003) Reference: URL:http://xforce.iss.net/static/7003.php Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file. INFERRED ACTION: CAN-2001-1130 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2 | ||||