|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MISC-2001-005 - 39 candidates
I am proposing cluster MISC-2001-005 for review and voting by the Editorial Board. Name: MISC-2001-005 Description: Misc. candidates announced between 1998/05/02 and 2001/10/30 Size: 39 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1570 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1570 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020611 Category: SF Reference: VULN-DEV:20020509 Sar -o exploitation process info. Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102098949103708&w=2 Reference: BUGTRAQ:19990909 19 SCO 5.0.5+Skunware98 buffer overflows Reference: URL:http://online.securityfocus.com/archive/1/27074 Reference: CALDERA:CSSA-2002-SCO.17 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.17/CSSA-2002-SCO.17.txt Reference: BID:4089 Reference: URL:http://www.securityfocus.com/bid/4089 Reference: XF:openserver-sar-bo(8989) Reference: URL:http://www.iss.net/security_center/static/8989.php Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain root privileges via a long -o parameter. Analysis ---------------- ED_PRI CAN-1999-1570 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1211 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20001222 Zope DTML Role Issue Reference: REDHAT:RHSA-2000:125 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Reference: MANDRAKE:MDKSA-2000:083 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. Analysis ---------------- ED_PRI CAN-2000-1211 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1212 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1212 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: MANDRAKE:MDKSA-2000:086 Reference: CONECTIVA:CLA-2000:365 Reference: DEBIAN:DSA-007 Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Reference: REDHAT:RHSA-2000:135 Reference: XF:zope-image-file(5778) Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. Analysis ---------------- ED_PRI CAN-2000-1212 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1385 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852 Reference: REDHAT:RHSA-2000:136 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html Reference: MANDRAKE:MDKSA-2001:013 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3 Reference: CONECTIVA:CLA-2001:373 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373 Reference: DEBIAN:DSA-020 Reference: URL:http://www.debian.org/security/2001/dsa-020 Reference: BID:2205 Reference: URL:http://online.securityfocus.com/bid/2205 Reference: XF:php-view-source-code(5939) Reference: URL:http://www.iss.net/security_center/static/5939.php The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. Analysis ---------------- ED_PRI CAN-2001-1385 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. Analysis ---------------- ED_PRI CAN-2001-1391 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1406 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1406 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. Analysis ---------------- ED_PRI CAN-2001-1406 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1407 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1407 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. Analysis ---------------- ED_PRI CAN-2001-1407 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-1999-1569 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1569 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010716 Quake client and server denial-of-service Reference: URL:http://www.securityfocus.com/archive/1/197268 Reference: BUGTRAQ:19981101 Quake problem? Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91012172524181&w=2 Reference: BUGTRAQ:19980502 NetQuake Protocol problem resulting in smurf like effect. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925989&w=2 Reference: XF:quake-spoofed-client-dos(6871) Reference: URL:http://xforce.iss.net/static/6871.php Reference: BID:3051 Reference: URL:http://www.securityfocus.com/bid/3051 Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit. Analysis ---------------- ED_PRI CAN-1999-1569 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. Analysis ---------------- ED_PRI CAN-2000-1203 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1204 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1204 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020501 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/00-10-13 Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root. Analysis ---------------- ED_PRI CAN-2000-1204 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1205 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020501 Category: SF Reference: CONFIRM:http://httpd.apache.org/info/css-security/apache_specific.html Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI, which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. Analysis ---------------- ED_PRI CAN-2000-1205 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1206 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1206 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020501 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/00-01-07#status Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. Analysis ---------------- ED_PRI CAN-2000-1206 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1207 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20000930 glibc and userhelper - local root Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97034397026473&w=2 Reference: REDHAT:RHSA-2000:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-075.html Reference: MANDRAKE:MDKSA-2000:059 Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-059.php3 Reference: BUGTRAQ:20001003 SuSE: userhelper/usermode Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97063854808796&w=2 userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). Analysis ---------------- ED_PRI CAN-2000-1207 3 Vendor Acknowledgement: yes Content Decisions: INCLUSION INCLUSION: since this problem deals with an interaction between two separate components, it is regarded as a different type of issue than the glibc format string (CVE-2000-0844), and is provided with a different identifier. This is also demonstrated by the fact that SuSE and Mandrake, which were vulnerable to the glibc issue, are not vulnerable to this one. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1208 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1208 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020731 Category: SF Reference: BUGTRAQ:20000925 Format strings: bug #1: BSD-lpr Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96994604300675&w=2 Reference: REDHAT:RHSA-2000:066 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-066.html Reference: MANDRAKE:MDKSA-2000:054 Reference: CONECTIVA:CLSA-2000:321 Reference: BUGTRAQ:20001004 Immunix OS Security Update for lpr Reference: URL:http://online.securityfocus.com/archive/1/137555 Reference: XF:lpr-checkremote-format-string(5286) Reference: URL:http://www.iss.net/security_center/static/5286.php Reference: BID:1711 Reference: URL:http://online.securityfocus.com/bid/1711 Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. Analysis ---------------- ED_PRI CAN-2000-1208 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION INCLUSION: Followup posts suggest that this problem may only be exploitable by the root user, in which case there would be no additional privileges gained by exploiting this issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1209 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020807 Category: SF Reference: BUGTRAQ:20000710 MSDE / Re: Default Password Database Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96333895000350&w=2 Reference: BUGTRAQ:20000810 Tumbleweed Worldsecure (MMS) BLANK 'sa' account password Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96593218804850&w=2 Reference: BUGTRAQ:20000815 MS-SQL 'sa' user exploit code Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html Reference: BUGTRAQ:20000816 Released Patch: Tumbleweed Worldsecure (MMS) BLANK 'sa' account password Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96644570412692&w=2 Reference: BUGTRAQ:20020522 Opty-Way Enterprise includes MSDE with sa <blank> Reference: URL:http://online.securityfocus.com/archive/1/273639 Reference: MSKB:Q313418 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418 Reference: MSKB:Q321081 Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q321081 Reference: CONFIRM:http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp Reference: ISS:20020521 Microsoft SQL Spida Worm Propagation Reference: CERT-VN:VU#635463 Reference: URL:http://www.kb.cert.org/vuls/id/635463 Reference: COMPAQ:SSRT2195 Reference: BID:4797 Reference: URL:http://online.securityfocus.com/bid/4797 Reference: XF:mssql-no-sapassword(1459) Reference: URL:http://www.iss.net/security_center/static/1459.php The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, are installed with a default "sa" account with a null password, which allows remote attackers to gain privileges, including worms such as Voyager Alpha Force and Spida. Analysis ---------------- ED_PRI CAN-2000-1209 3 Vendor Acknowledgement: yes Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1210 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95371672300045&w=2 Reference: XF:apache-tomcat-file-contents(4205) Reference: URL:http://www.iss.net/security_center/static/4205.php Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. Analysis ---------------- ED_PRI CAN-2000-1210 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1213 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1213 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20001025 Immunix OS Security Update for ping package Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97249980727834&w=2 Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97292944103571&w=2 Reference: REDHAT:RHSA-2000:087 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-087.html ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges. Analysis ---------------- ED_PRI CAN-2000-1213 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1214 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20001025 Immunix OS Security Update for ping package Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97249980727834&w=2 Reference: BUGTRAQ:20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97208562830613&w=2 Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97292944103571&w=2 Reference: REDHAT:RHSA-2000:087 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-087.html Reference: BID:1813 Reference: URL:http://online.securityfocus.com/bid/1813 Reference: XF:ping-buf-bo(5431) Reference: URL:http://www.iss.net/security_center/static/5431.php Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2000-1214 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1384 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1384 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020729 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100343090106914&w=2 Reference: REDHAT:RHSA-2001:129 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-129.html Reference: REDHAT:RHSA-2001:130 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-130.html Reference: SUSE:SuSE-SA:2001:036 Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html Reference: IMMUNIX:IMNX-2001-70-035-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 Reference: CALDERA:CSSA-2001-036.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt Reference: MANDRAKE:MDKSA-2001:079 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php3 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 Reference: ENGARDE:ESA-20011019-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html Reference: HP:HPSBTL0112-003 Reference: URL:http://online.securityfocus.com/advisories/3713 Reference: BUGTRAQ:20011019 TSLSA-2001-0028 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 Reference: BID:3447 Reference: URL:http://online.securityfocus.com/bid/3447 Reference: XF:linux-ptrace-race-condition(7311) Reference: URL:http://www.iss.net/security_center/static/7311.php ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp. Analysis ---------------- ED_PRI CAN-2001-1384 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-CODEBASE ABSTRACTION: AIX was reported to have a similar-sounding issue in CAN-1999-1079. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194442 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://www.iss.net/security_center/static/6760.php Reference: BID:2957 Reference: URL:http://www.securityfocus.com/bid/2957 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. Analysis ---------------- ED_PRI CAN-2001-1386 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1387 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: REDHAT:RHSA-2001:144 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-144.html Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500 iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. Analysis ---------------- ED_PRI CAN-2001-1387 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1388 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: REDHAT:RHSA-2001:144 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-144.html Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325 iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. Analysis ---------------- ED_PRI CAN-2001-1388 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1389 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1389 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010830 xinetd 2.3.0 audit status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99913751525583&w=2 Reference: REDHAT:RHSA-2001:109 Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-109.html Reference: IMMUNIX:IMNX-2001-70-033-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01 Reference: ENGARDE:ESA-20011019-03 Reference: CONECTIVA:CLA-2001:416 Reference: MANDRAKE:MDKSA-2001:076 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3 Reference: BID:3257 Reference: URL:http://online.securityfocus.com/bid/3257 Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. Analysis ---------------- ED_PRI CAN-2001-1389 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: this item is the result of a comprehensive audit that had a large number of discoveries - not all proven exploitable - and some detailed descriptions. However, it is not feasible to list all the variants, and the different vulnerability types are not really covered in the report. Ironically, the detailed audit report does not have the type of information needed for CVE content decisions, and thus it is subject to CD:VAGUE. ACCURACY: the original audit indicates: "There were, however, certain issues with patch merging, and the version of xinetd which finally has all of the fixes (plus some more, by other people) is 2.3.3." Some advisories only patch up to 2.3.1, so it is not clear whether (a) there were additional vulnerabilities discovered between 2.3.1 and 2.3.3, and (b) if there *were* vulnerabilities, which vendors addressed them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1390 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1390 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:18 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. Analysis ---------------- ED_PRI CAN-2001-1390 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1392 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. Analysis ---------------- ED_PRI CAN-2001-1392 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION INCLUSION: while the changelog includes this item in the security notes, it is not clear whether an attacker has any role in causing these drivers to be loaded or unloaded; if not, then perhaps this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1393 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1393 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). Analysis ---------------- ED_PRI CAN-2001-1393 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION, VAGUE INCLUSION: while the changelog includes this item in the security notes, it is not clear whether an attacker has any role in causing the classifier code to hang; if not, then perhaps this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1394 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. Analysis ---------------- ED_PRI CAN-2001-1394 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1395 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. Analysis ---------------- ED_PRI CAN-2001-1395 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1396 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. Analysis ---------------- ED_PRI CAN-2001-1396 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1397 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory. Analysis ---------------- ED_PRI CAN-2001-1397 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, INCLUSION INCLUSION: the vendors state that it is not known whether this issue is exploitable or not. At the least, it might make it easier to conduct an attack on a program that does not properly "zero" memory that it has recently allocated, but such a program might not function properly anyway. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1398 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. Analysis ---------------- ED_PRI CAN-2001-1398 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, INCLUSION INCLUSION: the exploitability of this issue is unknown. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1399 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1399 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." Analysis ---------------- ED_PRI CAN-2001-1399 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1400 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock). Analysis ---------------- ED_PRI CAN-2001-1400 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1401 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1401 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=82781 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39531 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39524 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39533 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39526 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39527 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=70189 Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. Analysis ---------------- ED_PRI CAN-2001-1401 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1402 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38854 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38855 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=87701 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38859 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39536 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=95235 Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. Analysis ---------------- ED_PRI CAN-2001-1402 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1403 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=15980 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. Analysis ---------------- ED_PRI CAN-2001-1403 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1404 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1404 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=74032 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2001-1404 3 Vendor Acknowledgement: yes advisory Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1405 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99912899900567 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=54556 Reference: REDHAT:RHSA-2001:107 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. Analysis ---------------- ED_PRI CAN-2001-1405 3 Vendor Acknowledgement: yes advisory Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1408 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1408 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010705 Cobalt Cube Webmail directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html Reference: BUGTRAQ:20010818 Cobalt update for my Webmail issue. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html Reference: XF:cobalt-qube-directory-traversal(6805) Reference: URL:http://xforce.iss.net/static/6805.php Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. Analysis ---------------- ED_PRI CAN-2001-1408 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
