|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 480 candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0718 CVE-1999-0718 CAN-1999-1189 CVE-1999-1189 CAN-1999-1199 CVE-1999-1199 CAN-1999-1201 CVE-1999-1201 CAN-1999-1217 CVE-1999-1217 CAN-1999-1365 CVE-1999-1365 CAN-1999-1397 CVE-1999-1397 CAN-1999-1486 CVE-1999-1486 CAN-1999-1520 CVE-1999-1520 CAN-1999-1537 CVE-1999-1537 CAN-1999-1556 CVE-1999-1556 CAN-1999-1568 CVE-1999-1568 CAN-2000-0247 CVE-2000-0247 CAN-2000-0747 CVE-2000-0747 CAN-2000-0773 CVE-2000-0773 CAN-2000-0781 CVE-2000-0781 CAN-2000-0797 CVE-2000-0797 CAN-2000-0894 CVE-2000-0894 CAN-2000-0895 CVE-2000-0895 CAN-2000-1203 CVE-2000-1203 CAN-2001-0042 CVE-2001-0042 CAN-2001-0375 CVE-2001-0375 CAN-2001-0423 CVE-2001-0423 CAN-2001-0485 CVE-2001-0485 CAN-2001-0548 CVE-2001-0548 CAN-2001-0612 CVE-2001-0612 CAN-2001-0643 CVE-2001-0643 CAN-2001-0741 CVE-2001-0741 CAN-2001-0749 CVE-2001-0749 CAN-2001-0792 CVE-2001-0792 CAN-2001-0825 CVE-2001-0825 CAN-2001-0837 CVE-2001-0837 CAN-2001-0902 CVE-2001-0902 CAN-2001-0907 CVE-2001-0907 CAN-2001-0909 CVE-2001-0909 CAN-2001-0914 CVE-2001-0914 CAN-2001-0951 CVE-2001-0951 CAN-2001-1029 CVE-2001-1029 CAN-2001-1055 CVE-2001-1055 CAN-2001-1066 CVE-2001-1066 CAN-2001-1069 CVE-2001-1069 CAN-2001-1081 CVE-2001-1081 CAN-2001-1098 CVE-2001-1098 CAN-2001-1103 CVE-2001-1103 CAN-2001-1186 CVE-2001-1186 CAN-2001-1200 CVE-2001-1200 CAN-2001-1267 CVE-2001-1267 CAN-2001-1279 CVE-2001-1279 CAN-2001-1302 CVE-2001-1302 CAN-2001-1328 CVE-2001-1328 CAN-2001-1347 CVE-2001-1347 CAN-2001-1350 CVE-2001-1350 CAN-2001-1351 CVE-2001-1351 CAN-2001-1352 CVE-2001-1352 CAN-2001-1367 CVE-2001-1367 CAN-2001-1386 CVE-2001-1386 CAN-2001-1391 CVE-2001-1391 CAN-2002-0036 CVE-2002-0036 CAN-2002-0090 CVE-2002-0090 CAN-2002-0158 CVE-2002-0158 CAN-2002-0188 CVE-2002-0188 CAN-2002-0193 CVE-2002-0193 CAN-2002-0275 CVE-2002-0275 CAN-2002-0313 CVE-2002-0313 CAN-2002-0357 CVE-2002-0357 CAN-2002-0362 CVE-2002-0362 CAN-2002-0376 CVE-2002-0376 CAN-2002-0380 CVE-2002-0380 CAN-2002-0384 CVE-2002-0384 CAN-2002-0387 CVE-2002-0387 CAN-2002-0395 CVE-2002-0395 CAN-2002-0396 CVE-2002-0396 CAN-2002-0397 CVE-2002-0397 CAN-2002-0398 CVE-2002-0398 CAN-2002-0400 CVE-2002-0400 CAN-2002-0443 CVE-2002-0443 CAN-2002-0444 CVE-2002-0444 CAN-2002-0445 CVE-2002-0445 CAN-2002-0546 CVE-2002-0546 CAN-2002-0615 CVE-2002-0615 CAN-2002-0627 CVE-2002-0627 CAN-2002-0630 CVE-2002-0630 CAN-2002-0651 CVE-2002-0651 CAN-2002-0662 CVE-2002-0662 CAN-2002-0668 CVE-2002-0668 CAN-2002-0672 CVE-2002-0672 CAN-2002-0673 CVE-2002-0673 CAN-2002-0674 CVE-2002-0674 CAN-2002-0682 CVE-2002-0682 CAN-2002-0692 CVE-2002-0692 CAN-2002-0694 CVE-2002-0694 CAN-2002-0696 CVE-2002-0696 CAN-2002-0729 CVE-2002-0729 CAN-2002-0835 CVE-2002-0835 CAN-2002-0836 CVE-2002-0836 CAN-2002-0840 CVE-2002-0840 CAN-2002-0842 CVE-2002-0842 CAN-2002-0844 CVE-2002-0844 CAN-2002-0850 CVE-2002-0850 CAN-2002-0864 CVE-2002-0864 CAN-2002-0865 CVE-2002-0865 CAN-2002-0866 CVE-2002-0866 CAN-2002-0867 CVE-2002-0867 CAN-2002-0895 CVE-2002-0895 CAN-2002-0969 CVE-2002-0969 CAN-2002-0970 CVE-2002-0970 CAN-2002-0974 CVE-2002-0974 CAN-2002-0985 CVE-2002-0985 CAN-2002-0986 CVE-2002-0986 CAN-2002-0990 CVE-2002-0990 CAN-2002-1091 CVE-2002-1091 CAN-2002-1092 CVE-2002-1092 CAN-2002-1093 CVE-2002-1093 CAN-2002-1095 CVE-2002-1095 CAN-2002-1096 CVE-2002-1096 CAN-2002-1097 CVE-2002-1097 CAN-2002-1098 CVE-2002-1098 CAN-2002-1099 CVE-2002-1099 CAN-2002-1102 CVE-2002-1102 CAN-2002-1104 CVE-2002-1104 CAN-2002-1105 CVE-2002-1105 CAN-2002-1106 CVE-2002-1106 CAN-2002-1107 CVE-2002-1107 CAN-2002-1108 CVE-2002-1108 CAN-2002-1109 CVE-2002-1109 CAN-2002-1111 CVE-2002-1111 CAN-2002-1112 CVE-2002-1112 CAN-2002-1113 CVE-2002-1113 CAN-2002-1116 CVE-2002-1116 CAN-2002-1117 CVE-2002-1117 CAN-2002-1118 CVE-2002-1118 CAN-2002-1119 CVE-2002-1119 CAN-2002-1122 CVE-2002-1122 CAN-2002-1123 CVE-2002-1123 CAN-2002-1126 CVE-2002-1126 CAN-2002-1132 CVE-2002-1132 CAN-2002-1135 CVE-2002-1135 CAN-2002-1137 CVE-2002-1137 CAN-2002-1138 CVE-2002-1138 CAN-2002-1139 CVE-2002-1139 CAN-2002-1140 CVE-2002-1140 CAN-2002-1141 CVE-2002-1141 CAN-2002-1142 CVE-2002-1142 CAN-2002-1146 CVE-2002-1146 CAN-2002-1147 CVE-2002-1147 CAN-2002-1148 CVE-2002-1148 CAN-2002-1151 CVE-2002-1151 CAN-2002-1152 CVE-2002-1152 CAN-2002-1153 CVE-2002-1153 CAN-2002-1154 CVE-2002-1154 CAN-2002-1156 CVE-2002-1156 CAN-2002-1157 CVE-2002-1157 CAN-2002-1158 CVE-2002-1158 CAN-2002-1159 CVE-2002-1159 CAN-2002-1160 CVE-2002-1160 CAN-2002-1169 CVE-2002-1169 CAN-2002-1170 CVE-2002-1170 CAN-2002-1178 CVE-2002-1178 CAN-2002-1179 CVE-2002-1179 CAN-2002-1180 CVE-2002-1180 CAN-2002-1182 CVE-2002-1182 CAN-2002-1183 CVE-2002-1183 CAN-2002-1184 CVE-2002-1184 CAN-2002-1185 CVE-2002-1185 CAN-2002-1186 CVE-2002-1186 CAN-2002-1187 CVE-2002-1187 CAN-2002-1188 CVE-2002-1188 CAN-2002-1189 CVE-2002-1189 CAN-2002-1193 CVE-2002-1193 CAN-2002-1195 CVE-2002-1195 CAN-2002-1196 CVE-2002-1196 CAN-2002-1197 CVE-2002-1197 CAN-2002-1198 CVE-2002-1198 CAN-2002-1199 CVE-2002-1199 CAN-2002-1200 CVE-2002-1200 CAN-2002-1211 CVE-2002-1211 CAN-2002-1214 CVE-2002-1214 CAN-2002-1219 CVE-2002-1219 CAN-2002-1220 CVE-2002-1220 CAN-2002-1221 CVE-2002-1221 CAN-2002-1222 CVE-2002-1222 CAN-2002-1223 CVE-2002-1223 CAN-2002-1224 CVE-2002-1224 CAN-2002-1227 CVE-2002-1227 CAN-2002-1230 CVE-2002-1230 CAN-2002-1231 CVE-2002-1231 CAN-2002-1232 CVE-2002-1232 CAN-2002-1236 CVE-2002-1236 CAN-2002-1239 CVE-2002-1239 CAN-2002-1242 CVE-2002-1242 CAN-2002-1244 CVE-2002-1244 CAN-2002-1245 CVE-2002-1245 CAN-2002-1248 CVE-2002-1248 CAN-2002-1250 CVE-2002-1250 CAN-2002-1251 CVE-2002-1251 CAN-2002-1252 CVE-2002-1252 CAN-2002-1253 CVE-2002-1253 CAN-2002-1255 CVE-2002-1255 CAN-2002-1256 CVE-2002-1256 CAN-2002-1257 CVE-2002-1257 CAN-2002-1260 CVE-2002-1260 CAN-2002-1264 CVE-2002-1264 CAN-2002-1265 CVE-2002-1265 CAN-2002-1266 CVE-2002-1266 CAN-2002-1267 CVE-2002-1267 CAN-2002-1268 CVE-2002-1268 CAN-2002-1270 CVE-2002-1270 CAN-2002-1271 CVE-2002-1271 CAN-2002-1272 CVE-2002-1272 CAN-2002-1277 CVE-2002-1277 CAN-2002-1278 CVE-2002-1278 CAN-2002-1284 CVE-2002-1284 CAN-2002-1296 CVE-2002-1296 CAN-2002-1307 CVE-2002-1307 CAN-2002-1308 CVE-2002-1308 CAN-2002-1311 CVE-2002-1311 CAN-2002-1313 CVE-2002-1313 CAN-2002-1317 CVE-2002-1317 CAN-2002-1318 CVE-2002-1318 CAN-2002-1319 CVE-2002-1319 CAN-2002-1320 CVE-2002-1320 CAN-2002-1323 CVE-2002-1323 CAN-2002-1325 CVE-2002-1325 CAN-2002-1327 CVE-2002-1327 CAN-2002-1336 CVE-2002-1336 CAN-2002-1337 CVE-2002-1337 CAN-2002-1348 CVE-2002-1348 CAN-2002-1349 CVE-2002-1349 CAN-2002-1350 CVE-2002-1350 CAN-2002-1361 CVE-2002-1361 CAN-2002-1362 CVE-2002-1362 CAN-2002-1363 CVE-2002-1363 CAN-2002-1364 CVE-2002-1364 CAN-2002-1365 CVE-2002-1365 CAN-2002-1366 CVE-2002-1366 CAN-2002-1367 CVE-2002-1367 CAN-2002-1369 CVE-2002-1369 CAN-2002-1371 CVE-2002-1371 CAN-2002-1372 CVE-2002-1372 CAN-2002-1373 CVE-2002-1373 CAN-2002-1374 CVE-2002-1374 CAN-2002-1375 CVE-2002-1375 CAN-2002-1377 CVE-2002-1377 CAN-2002-1380 CVE-2002-1380 CAN-2002-1381 CVE-2002-1381 CAN-2002-1382 CVE-2002-1382 CAN-2002-1384 CVE-2002-1384 CAN-2002-1385 CVE-2002-1385 CAN-2002-1388 CVE-2002-1388 CAN-2002-1389 CVE-2002-1389 CAN-2002-1390 CVE-2002-1390 CAN-2002-1391 CVE-2002-1391 CAN-2002-1392 CVE-2002-1392 CAN-2002-1394 CVE-2002-1394 CAN-2002-1396 CVE-2002-1396 CAN-2002-1403 CVE-2002-1403 CAN-2002-1405 CVE-2002-1405 CAN-2002-1407 CVE-2002-1407 CAN-2002-1412 CVE-2002-1412 CAN-2002-1413 CVE-2002-1413 CAN-2002-1414 CVE-2002-1414 CAN-2002-1417 CVE-2002-1417 CAN-2002-1418 CVE-2002-1418 CAN-2002-1419 CVE-2002-1419 CAN-2002-1420 CVE-2002-1420 CAN-2002-1424 CVE-2002-1424 CAN-2002-1425 CVE-2002-1425 CAN-2002-1430 CVE-2002-1430 CAN-2002-1435 CVE-2002-1435 CAN-2002-1436 CVE-2002-1436 CAN-2002-1437 CVE-2002-1437 CAN-2002-1438 CVE-2002-1438 CAN-2002-1443 CVE-2002-1443 CAN-2002-1446 CVE-2002-1446 CAN-2002-1447 CVE-2002-1447 CAN-2002-1448 CVE-2002-1448 CAN-2002-1463 CVE-2002-1463 CAN-2002-1468 CVE-2002-1468 CAN-2002-1469 CVE-2002-1469 CAN-2002-1471 CVE-2002-1471 CAN-2002-1472 CVE-2002-1472 CAN-2002-1476 CVE-2002-1476 CAN-2002-1477 CVE-2002-1477 CAN-2002-1478 CVE-2002-1478 CAN-2002-1479 CVE-2002-1479 CAN-2002-1490 CVE-2002-1490 CAN-2002-1491 CVE-2002-1491 CAN-2002-1493 CVE-2002-1493 CAN-2002-1494 CVE-2002-1494 CAN-2002-1496 CVE-2002-1496 CAN-2002-1497 CVE-2002-1497 CAN-2002-1501 CVE-2002-1501 CAN-2002-1502 CVE-2002-1502 CAN-2002-1505 CVE-2002-1505 CAN-2002-1509 CVE-2002-1509 CAN-2002-1510 CVE-2002-1510 CAN-2002-1511 CVE-2002-1511 CAN-2002-1513 CVE-2002-1513 CAN-2002-1514 CVE-2002-1514 CAN-2002-1516 CVE-2002-1516 CAN-2002-1517 CVE-2002-1517 CAN-2002-1518 CVE-2002-1518 CAN-2002-1519 CVE-2002-1519 CAN-2002-1520 CVE-2002-1520 CAN-2002-1521 CVE-2002-1521 CAN-2002-1524 CVE-2002-1524 CAN-2002-1528 CVE-2002-1528 CAN-2002-1529 CVE-2002-1529 CAN-2002-1530 CVE-2002-1530 CAN-2002-1531 CVE-2002-1531 CAN-2002-1532 CVE-2002-1532 CAN-2002-1534 CVE-2002-1534 CAN-2002-1537 CVE-2002-1537 CAN-2002-1538 CVE-2002-1538 CAN-2002-1540 CVE-2002-1540 CAN-2002-1541 CVE-2002-1541 CAN-2002-1543 CVE-2002-1543 CAN-2002-1547 CVE-2002-1547 CAN-2002-1548 CVE-2002-1548 CAN-2002-1549 CVE-2002-1549 CAN-2002-1550 CVE-2002-1550 CAN-2002-1552 CVE-2002-1552 CAN-2002-1560 CVE-2002-1560 CAN-2002-1574 CVE-2002-1574 CAN-2003-0002 CVE-2003-0002 CAN-2003-0003 CVE-2003-0003 CAN-2003-0004 CVE-2003-0004 CAN-2003-0007 CVE-2003-0007 CAN-2003-0009 CVE-2003-0009 CAN-2003-0012 CVE-2003-0012 CAN-2003-0013 CVE-2003-0013 CAN-2003-0015 CVE-2003-0015 CAN-2003-0016 CVE-2003-0016 CAN-2003-0017 CVE-2003-0017 CAN-2003-0018 CVE-2003-0018 CAN-2003-0019 CVE-2003-0019 CAN-2003-0020 CVE-2003-0020 CAN-2003-0021 CVE-2003-0021 CAN-2003-0022 CVE-2003-0022 CAN-2003-0023 CVE-2003-0023 CAN-2003-0024 CVE-2003-0024 CAN-2003-0027 CVE-2003-0027 CAN-2003-0032 CVE-2003-0032 CAN-2003-0033 CVE-2003-0033 CAN-2003-0039 CVE-2003-0039 CAN-2003-0040 CVE-2003-0040 CAN-2003-0043 CVE-2003-0043 CAN-2003-0045 CVE-2003-0045 CAN-2003-0050 CVE-2003-0050 CAN-2003-0051 CVE-2003-0051 CAN-2003-0052 CVE-2003-0052 CAN-2003-0053 CVE-2003-0053 CAN-2003-0054 CVE-2003-0054 CAN-2003-0055 CVE-2003-0055 CAN-2003-0058 CVE-2003-0058 CAN-2003-0059 CVE-2003-0059 CAN-2003-0062 CVE-2003-0062 CAN-2003-0063 CVE-2003-0063 CAN-2003-0064 CVE-2003-0064 CAN-2003-0065 CVE-2003-0065 CAN-2003-0066 CVE-2003-0066 CAN-2003-0067 CVE-2003-0067 CAN-2003-0068 CVE-2003-0068 CAN-2003-0069 CVE-2003-0069 CAN-2003-0070 CVE-2003-0070 CAN-2003-0071 CVE-2003-0071 CAN-2003-0073 CVE-2003-0073 CAN-2003-0075 CVE-2003-0075 CAN-2003-0077 CVE-2003-0077 CAN-2003-0078 CVE-2003-0078 CAN-2003-0079 CVE-2003-0079 CAN-2003-0081 CVE-2003-0081 CAN-2003-0087 CVE-2003-0087 CAN-2003-0088 CVE-2003-0088 CAN-2003-0093 CVE-2003-0093 CAN-2003-0094 CVE-2003-0094 CAN-2003-0095 CVE-2003-0095 CAN-2003-0097 CVE-2003-0097 CAN-2003-0100 CVE-2003-0100 CAN-2003-0102 CVE-2003-0102 CAN-2003-0103 CVE-2003-0103 CAN-2003-0104 CVE-2003-0104 CAN-2003-0107 CVE-2003-0107 CAN-2003-0108 CVE-2003-0108 CAN-2003-0120 CVE-2003-0120 CAN-2003-0122 CVE-2003-0122 CAN-2003-0123 CVE-2003-0123 CAN-2003-0124 CVE-2003-0124 CAN-2003-0125 CVE-2003-0125 CAN-2003-0143 CVE-2003-0143 CAN-2003-0145 CVE-2003-0145 CAN-2003-0825 CVE-2003-0825 CAN-2003-0903 CVE-2003-0903 CAN-2003-0905 CVE-2003-0905 CAN-2003-0924 CVE-2003-0924 CAN-2003-0966 CVE-2003-0966 CAN-2003-0969 CVE-2003-0969 CAN-2003-0985 CVE-2003-0985 CAN-2003-0988 CVE-2003-0988 CAN-2003-0991 CVE-2003-0991 CAN-2003-0993 CVE-2003-0993 CAN-2003-0994 CVE-2003-0994 CAN-2003-1022 CVE-2003-1022 CAN-2003-1326 CVE-2003-1326 CAN-2003-1328 CVE-2003-1328 CAN-2004-0001 CVE-2004-0001 CAN-2004-0004 CVE-2004-0004 CAN-2004-0009 CVE-2004-0009 CAN-2004-0011 CVE-2004-0011 CAN-2004-0013 CVE-2004-0013 CAN-2004-0015 CVE-2004-0015 CAN-2004-0016 CVE-2004-0016 CAN-2004-0028 CVE-2004-0028 CAN-2004-0031 CVE-2004-0031 CAN-2004-0032 CVE-2004-0032 CAN-2004-0033 CVE-2004-0033 CAN-2004-0035 CVE-2004-0035 CAN-2004-0036 CVE-2004-0036 CAN-2004-0040 CVE-2004-0040 CAN-2004-0044 CVE-2004-0044 CAN-2004-0045 CVE-2004-0045 CAN-2004-0049 CVE-2004-0049 CAN-2004-0063 CVE-2004-0063 CAN-2004-0068 CVE-2004-0068 CAN-2004-0070 CVE-2004-0070 CAN-2004-0075 CVE-2004-0075 CAN-2004-0077 CVE-2004-0077 CAN-2004-0078 CVE-2004-0078 CAN-2004-0080 CVE-2004-0080 CAN-2004-0082 CVE-2004-0082 CAN-2004-0089 CVE-2004-0089 CAN-2004-0093 CVE-2004-0093 CAN-2004-0094 CVE-2004-0094 CAN-2004-0095 CVE-2004-0095 CAN-2004-0096 CVE-2004-0096 CAN-2004-0099 CVE-2004-0099 CAN-2004-0108 CVE-2004-0108 CAN-2004-0111 CVE-2004-0111 CAN-2004-0113 CVE-2004-0113 CAN-2004-0114 CVE-2004-0114 CAN-2004-0115 CVE-2004-0115 CAN-2004-0121 CVE-2004-0121 CAN-2004-0122 CVE-2004-0122 CAN-2004-0126 CVE-2004-0126 CAN-2004-0128 CVE-2004-0128 CAN-2004-0129 CVE-2004-0129 CAN-2004-0131 CVE-2004-0131 CAN-2004-0148 CVE-2004-0148 CAN-2004-0150 CVE-2004-0150 CAN-2004-0159 CVE-2004-0159 CAN-2004-0160 CVE-2004-0160 CAN-2004-0165 CVE-2004-0165 CAN-2004-0167 CVE-2004-0167 CAN-2004-0169 CVE-2004-0169 CAN-2004-0171 CVE-2004-0171 CAN-2004-0173 CVE-2004-0173 CAN-2004-0185 CVE-2004-0185 CAN-2004-0186 CVE-2004-0186 CAN-2004-0188 CVE-2004-0188 CAN-2004-0189 CVE-2004-0189 CAN-2004-0190 CVE-2004-0190 CAN-2004-0191 CVE-2004-0191 CAN-2004-0193 CVE-2004-0193 CAN-2004-0194 CVE-2004-0194 CAN-2004-0256 CVE-2004-0256 CAN-2004-0257 CVE-2004-0257 CAN-2004-0261 CVE-2004-0261 CAN-2004-0263 CVE-2004-0263 CAN-2004-0270 CVE-2004-0270 CAN-2004-0273 CVE-2004-0273 CAN-2004-0274 CVE-2004-0274 CAN-2004-0276 CVE-2004-0276 CAN-2004-0297 CVE-2004-0297 CAN-2004-0306 CVE-2004-0306 CAN-2004-0307 CVE-2004-0307 CAN-2004-0309 CVE-2004-0309 CAN-2004-0320 CVE-2004-0320 CAN-2004-0336 CVE-2004-0336 CAN-2004-0347 CVE-2004-0347 CAN-2004-0356 CVE-2004-0356 ====================================================== Candidate: CAN-1999-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0718 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010214 Assigned: 19991125 Category: unknown Reference: NTBUGTRAQ:19990823 IBM Gina security warning Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534 Reference: BID:608 Reference: URL:http://www.securityfocus.com/bid/608 Reference: XF:ibm-gina-group-add Reference: URL:http://xforce.iss.net/static/3166.php IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. INFERRED ACTION: CAN-1999-0718 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Frech, Cole Voter Comments: Frech> XF:ibm-gina-group-add ====================================================== Candidate: CAN-1999-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1189 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36306 Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows Reference: URL:http://www.securityfocus.com/archive/1/36608 Reference: BID:822 Reference: URL:http://www.securityfocus.com/bid/822 Reference: XF:netscape-long-argument-bo(7884) Reference: URL:http://xforce.iss.net/xforce/xfdb/7884 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. Modifications: 20040723 ADDREF XF:netscape-long-argument-bo(7884) INFERRED ACTION: CAN-1999-1189 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:netscape-long-argument-bo(7884) ====================================================== Candidate: CAN-1999-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1199 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19980807 YA Apache DoS attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2 Reference: BUGTRAQ:19980808 Debian Apache Security Update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2 Reference: BUGTRAQ:19980810 Apache DoS Attack Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2 Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2 Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability. Modifications: 20040723 ADDREF CONFIRM INFERRED ACTION: CAN-1999-1199 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cox, Cole NOOP(3) Christey, Wall, Foat Voter Comments: Christey> CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache ====================================================== Candidate: CAN-1999-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1201 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2 Reference: BID:225 Reference: URL:http://www.securityfocus.com/bid/225 Reference: XF:win-multiple-ip-dos(7542) Reference: URL:http://xforce.iss.net/xforce/xfdb/7542 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing. Modifications: 20040723 ADDREF XF:win-multiple-ip-dos(7542) INFERRED ACTION: CAN-1999-1201 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:win-multiple-ip-dos(7542) ====================================================== Candidate: CAN-1999-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1217 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19970725 Re: NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2 Reference: NTBUGTRAQ:19970723 NT security - why bother? Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2 Reference: XF:nt-path(526) Reference: URL:http://xforce.iss.net/static/526.php The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. INFERRED ACTION: CAN-1999-1217 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Foat, Cole Voter Comments: CHANGE> [Foat changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-1999-1365 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1365 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2 Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc... Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2 Reference: XF:nt-login-default-folder(2336) Reference: URL:http://xforce.iss.net/xforce/xfdb/2336 Reference: BID:0515 Reference: URL:http://www.securityfocus.com/bid/0515 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. Modifications: 20040723 ADDREF XF:nt-login-default-folder(2336) INFERRED ACTION: CAN-1999-1365 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-login-default-folder(2336) CHANGE> [Foat changed vote from NOOP to ACCEPT] Frech> XF:nt-login-default-folder(2336) ====================================================== Candidate: CAN-1999-1397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1397 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2 Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2 Reference: BID:476 Reference: URL:http://www.securityfocus.com/bid/476 Reference: XF:iis-indexserver-reveal-path(7559) Reference: URL:http://www.iss.net/security_center/static/7559.php Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. Modifications: ADDREF XF:iis-indexserver-reveal-path(7559) INFERRED ACTION: CAN-1999-1397 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:iis-indexserver-reveal-path(7559) ====================================================== Candidate: CAN-1999-1486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1486 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info Reference: AIXAPAR:IX75554 Reference: AIXAPAR:IX76853 Reference: AIXAPAR:IX76330 Reference: BID:408 Reference: URL:http://www.securityfocus.com/bid/408 Reference: XF:aix-sadc-timex(7675) Reference: URL:http://xforce.iss.net/xforce/xfdb/7675 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040723 fix desc. to show linkage with timex 20040723 ADDREF CONFIRM INFERRED ACTION: CAN-1999-1486 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Bollinger, Foat, Cole, Stracener NOOP(1) Christey Voter Comments: Christey> The description needs to be modified to mention the role of timex. The one-line description for the IX75554 APAR mentions timex instead of sadc, but the BID mentions sadc and not timex. This apparent discrepancy is resolved by a README file for the fileset that is used by IX75554: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info This clearly shows the relationship between timex and sadc. Bollinger> The one line abstract is somewhat misleading. The timex command calls sadc with a filename and it's the sadc command that can be tricked into modifying files owned by the adm group. Since sadc is only executable by group adm, a local attacker would need to use timex to exploit this. (timex is setgid adm.) So the vulnerability is really in sadc and that's where the fix was made. ====================================================== Candidate: CAN-1999-1520 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1520 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: CF Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2 Reference: BID:256 Reference: URL:http://www.securityfocus.com/bid/256 Reference: XF:siteserver-site-csc(2270) Reference: URL:http://xforce.iss.net/static/2270.php A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. Modifications: 20040723 update desc style INFERRED ACTION: CAN-1999-1520 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1537 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19990707 SSL and IIS. Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2 Reference: BID:521 Reference: URL:http://www.securityfocus.com/bid/521 Reference: XF:ssl-iis-dos(2352) Reference: URL:http://xforce.iss.net/static/2352.php IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. INFERRED ACTION: CAN-1999-1537 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Wall, Cole NOOP(1) Foat ====================================================== Candidate: CAN-1999-1556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1556 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222453431645&w=2 Reference: BID:109 Reference: URL:http://www.securityfocus.com/bid/109 Reference: XF:mssql-sqlexecutivecmdexec-password(7354) Reference: URL:http://xforce.iss.net/xforce/xfdb/7354 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. Modifications: 20040723 ADDREF XF:mssql-sqlexecutivecmdexec-password(7354) 20040723 desc: fix typo "andd" INFERRED ACTION: CAN-1999-1556 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Wall, Cole MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:mssql-sqlexecutivecmdexec-password(7354) Christey> Need to consult MS on this issue. ====================================================== Candidate: CAN-1999-1568 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1568 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2 Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise" Reference: URL:http://www.securityfocus.com/archive/1/12699 Reference: XF:ncftpd-port-bo(1833) Reference: URL:http://xforce.iss.net/static/1833.php Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. INFERRED ACTION: CAN-1999-1568 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Frech, Foat, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0247 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt Reference: FREEBSD:FreeBSD-SA-00:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc Reference: BID:1842 Reference: URL:http://www.securityfocus.com/bid/1842 Reference: XF:generic-nqs-local-root(4306) Reference: URL:http://xforce.iss.net/xforce/xfdb/4306 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges. Modifications: 20040723 desc: add "unknown" 20040723 ADDREF BID:1842 20040723 ADDREF XF:generic-nqs-local-root(4306) 20040723 ADDREF FREEBSD:FreeBSD-SA-00:13 INFERRED ACTION: CAN-2000-0247 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(2) Frech, Christey NOOP(2) Magdych, Cole REVIEWING(1) Levy Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:13 ADDREF ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A13-generic-nqs.asc CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:generic-nqs-local-root CHANGE> [Magdych changed vote from REVIEWING to NOOP] CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> BID:1842 XF:generic-nqs-local-root(4306) ====================================================== Candidate: CAN-2000-0747 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0747 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html Reference: XF:openldap-logrotate-script-dos(5036) Reference: URL:http://xforce.iss.net/xforce/xfdb/5036 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it. Modifications: 20040723 ADDREF XF:openldap-logrotate-script-dos(5036) INFERRED ACTION: CAN-2000-0747 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole NOOP(1) Wall REVIEWING(1) Levy ====================================================== Candidate: CAN-2000-0773 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0773 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html Reference: BID:1522 Reference: URL:http://www.securityfocus.com/bid/1522 Reference: XF:bajie-view-arbitrary-files(5021) Reference: URL:http://xforce.iss.net/xforce/xfdb/5021 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. Modifications: 20040723 XF:bajie-view-arbitrary-files(5021) INFERRED ACTION: CAN-2000-0773 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Levy, Williams MODIFY(1) Christey NOOP(2) Wall, Cole Voter Comments: Baker> Apparently the vendor fixed this issue, as it doesn't appear in later versions of the software. Christey> XF:bajie-view-arbitrary-files(5021) ====================================================== Candidate: CAN-2000-0781 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0781 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html Reference: BID:1519 Reference: URL:http://www.securityfocus.com/bid/1519 Reference: XF:arcserveit-clientagent-temp-file(5023) Reference: URL:http://xforce.iss.net/xforce/xfdb/5023 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved. Modifications: 20040723 desc fix "the the" 20040723 XF:arcserveit-clientagent-temp-file(5023) INFERRED ACTION: CAN-2000-0781 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Levy, Williams MODIFY(2) Baker, Christey NOOP(2) Wall, Cole Voter Comments: Christey> fix typo: "the the" Baker> Can't really access the CA website to get info on this. CHANGE> [Christey changed vote from NOOP to MODIFY] Christey> XF:arcserveit-clientagent-temp-file(5023) ====================================================== Candidate: CAN-2000-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0797 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl Reference: SGI:20040104-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc Reference: BID:1526 Reference: URL:http://www.securityfocus.com/bid/1526 Reference: XF:irix-grosview-bo(5062) Reference: URL:http://xforce.iss.net/xforce/xfdb/5062 Reference: OSVDB:3815 Reference: URL:http://www.osvdb.org/3815 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option. Modifications: 20040723 ADDREF XF:irix-grosview-bo(5062) 20040723 ADDREF SGI:20040104-01-P 20040818 ADDREF OSVDB:3815 INFERRED ACTION: CAN-2000-0797 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Levy NOOP(4) Williams, Wall, Cole, Christey Voter Comments: Christey> XF:irix-grosview-bo http://xforce.iss.net/static/5062.php Christey> SGI:20040104-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc ====================================================== Candidate: CAN-2000-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0894 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-web-auth(5554) Reference: URL:http://xforce.iss.net/xforce/xfdb/5554 Reference: BID:2119 Reference: URL:http://www.securityfocus.com/bid/2119 Reference: OSVDB:4404 Reference: URL:http://www.osvdb.org/4404 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities. Modifications: 20040818 ADDREF OSVDB:4404 INFERRED ACTION: CAN-2000-0894 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-auth(5554) Christey> Consider adding BID:2119 ====================================================== Candidate: CAN-2000-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0895 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: BID:2114 Reference: URL:http://www.securityfocus.com/bid/2114 Reference: XF:watchguard-soho-web-dos(5218) Reference: URL:http://xforce.iss.net/xforce/xfdb/5218 Reference: OSVDB:4403 Reference: URL:http://www.osvdb.org/4403 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request. Modifications: 20040723 ADDREF XF:watchguard-soho-web-dos(5218) 20040723 desc normalize to "arbitrary code" 20040818 ADDREF OSVDB:4403 INFERRED ACTION: CAN-2000-0895 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall REVIEWING(1) Ziese Voter Comments: Frech> XF:watchguard-soho-web-dos(5218) ====================================================== Candidate: CAN-2000-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1203 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030325-01 Proposed: 20020830 Assigned: 20020131 Category: SF Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=95886062521327&w=2 Reference: BUGTRAQ:20010820 Lotus Domino DoS Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1 Reference: BUGTRAQ:20010823 Lotus Domino DoS solution Reference: URL:http://www.securityfocus.com/archive/1/209754 Reference: BID:3212 Reference: URL:http://www.securityfocus.com/bid/3212 Reference: XF:lotus-domino-bounced-message-dos(7012) Reference: URL:http://xforce.iss.net/xforce/xfdb/7012 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop. Modifications: ADDREF XF:lotus-domino-bounced-message-dos(7012) INFERRED ACTION: CAN-2000-1203 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Armstrong, Green MODIFY(1) Frech NOOP(5) Cox, Wall, Foat, Cole, Christey Voter Comments: Green> Since a work around involving configuration settings exists the presenting problem should also exist. Frech> XF:lotus-domino-bounced-message-dos(7012) CONFIRM: http://www-1.ibm.com/support/docview.wss?rs=0&org=sims&doc=DA18AA221C3 B982085256B84000033EB Christey> The CONFIRM URL provided by Andre is broken ====================================================== Candidate: CAN-2001-0042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0042 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010202 Assigned: 20010201 Category: SF Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011) Reference: URL:http://www.securityfocus.com/archive/1/149210 Reference: BID:2060 Reference: URL:http://www.securityfocus.com/bid/2060 Reference: XF:apache-php-disclose-files Reference: URL:http://xforce.iss.net/static/5659.php PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. Modifications: 20040723 desc normalize, add "%5c" detail INFERRED ACTION: CAN-2001-0042 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Baker, Frech NOOP(1) Wall REVIEWING(1) Ziese ====================================================== Candidate: CAN-2001-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0375 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2 Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml Reference: XF:cisco-pix-tacacs-dos(6353) Reference: URL:http://xforce.iss.net/xforce/xfdb/6353 Reference: BID:2551 Reference: URL:http://www.securityfocus.com/bid/2551 Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. Modifications: 20040723 desc normalize 20040723 XF:cisco-pix-tacacs-dos(6353) 20040723 CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability INFERRED ACTION: CAN-2001-0375 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, Christey REVIEWING(1) Ziese Voter Comments: Frech> XF:cisco-pix-tacacs-dos(6353) Christey> CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml ====================================================== Candidate: CAN-2001-0423 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0423 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html Reference: BID:2581 Reference: URL:http://www.securityfocus.com/bid/2581 Reference: XF:solaris-ipcs-bo(6369) Reference: URL:http://xforce.iss.net/xforce/xfdb/6369 Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. Modifications: 20040723 desc add "different from CAN-2002-0093" 20040723 ADDREF XF:solaris-ipcs-bo(6369) INFERRED ACTION: CAN-2001-0423 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Dik MODIFY(1) Frech NOOP(3) Wall, Cole, Christey REVIEWING(2) Ziese, Williams Voter Comments: Frech> XF:solaris-ipcs-bo(6369) Dik> sun bug: 4448598 Christey> This might be a duplicate of CAN-2002-0093, which is for Compaq IPCS. Christey> An authoritative source confirmed that this issue is in fact different from CAN-2002-0093. ====================================================== Candidate: CAN-2001-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0485 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010524 Assigned: 20010524 Category: SF Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html Reference: SGI:20010701-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P Reference: BID:2656 Reference: URL:http://www.securityfocus.com/bid/2656 Reference: XF:irix-netprint-shared-library(6473) Reference: URL:http://xforce.iss.net/xforce/xfdb/6473 Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. Modifications: 20040723 ADDREF SGI:20010701-01-P 20040723 ADDREF BID:2656 20040723 ADDREF XF:irix-netprint-shared-library(6473) INFERRED ACTION: CAN-2001-0485 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(5) Wall, Cole, Christey, Ziese, Renaud REVIEWING(1) Williams Voter Comments: Williams> Apply the following patch: 2022? See advisory 19961203-01-PX for more information? Frech> XF:irix-netprint-shared-library(6473) Christey> SGI:20010701-01-P Baker> SGI Patch 20010701-01-P Christey> ADDREF BID:2656 ====================================================== Candidate: CAN-2001-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020223-01 Proposed: 20010727 Assigned: 20010717 Category: SF Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2 Reference: XF:solaris-dtmail-bo(6879) Reference: URL:http://xforce.iss.net/static/6879.php Reference: BID:3081 Reference: URL:http://www.securityfocus.com/bid/3081 Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. Modifications: ADDREF XF:solaris-dtmail-bo(6879) DESC remove "possibly other OSes" INFERRED ACTION: CAN-2001-0548 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Armstrong, Stracener MODIFY(2) Frech, Balinsky NOOP(4) Wall, Cole, Christey, Ziese Voter Comments: Frech> XF:solaris-dtmail-bo(6879) Balinsky> Delete "and possibly other operating systems" because that is not verifiable, and add the following references from Sun, which acknowledge the problem: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105338 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/105339 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107200 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches/107201 Christey> BID:3081 URL:http://www.securityfocus.com/bid/3081 Christey> It is not clear from the patch list whether these *particular* dtmail overflows have been addressed. ====================================================== Candidate: CAN-2001-0612 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20010727 Assigned: 20010727 Category: SF Reference: BUGTRAQ:20010516 Remote Desktop DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html Reference: XF:remote-desktop-dos(6547) Reference: URL:http://xforce.iss.net/static/6547.php Reference: BID:2726 Reference: URL:http://www.securityfocus.com/bid/2726 Reference: OSVDB:6288 Reference: URL:http://www.osvdb.org/6288 McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. Modifications: 20040723 desc normalize 20040818 ADDREF OSVDB:6288 INFERRED ACTION: CAN-2001-0612 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Frech, Ziese NOOP(3) Wall, Foat, Bishop Voter Comments: CHANGE> [Bishop changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2001-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0643 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20010829 Assigned: 20010806 Category: SF Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous Reference: URL:http://www.securityfocus.com/archive/1/176909 Reference: MISC:http://www.guninski.com/clsidext.html Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048 Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html Reference: XF:ie-clsid-execute-files(6426) Reference: URL:http://xforce.iss.net/static/6426.php Reference: BID:2612 Reference: URL:http://www.securityfocus.com/bid/2612 A type-check flaw in Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. Modifications: 20040723 ADDREF MISC:http://www.guninski.com/clsidext.html 20040723 ADDREF BID:2612 INFERRED ACTION: CAN-2001-0643 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Wall, Foat, Cole, Baker, Frech NOOP(2) Stracener, Ziese Voter Comments: CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-0741 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0741 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20011012 Assigned: 20011012 Category: CF Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf Reference: XF:cisco-hsrp-dos(6497) Reference: URL:http://xforce.iss.net/static/6497.php Reference: BID:2684 Reference: URL:http://www.securityfocus.com/bid/2684 Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets. INFERRED ACTION: CAN-2001-0741 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2001-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010524 IPC@Chip Security Reference: URL:http://www.securityfocus.com/archive/1/186418 Reference: BID:2775 Reference: URL:http://www.securityfocus.com/bid/2775 Reference: XF:ipcchip-web-root-system(8922) Reference: URL:http://xforce.iss.net/xforce/xfdb/8922 Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attacker to retrieve arbitrary files via webserver root directory set to system root. Modifications: 20040723 ADDREF XF:ipcchip-web-root-system(8922) INFERRED ACTION: CAN-2001-0749 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Armstrong Voter Comments: Frech> XF:ipcchip-web-root-system(8922) ====================================================== Candidate: CAN-2001-0792 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0792 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020226-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html Reference: XF:xchat-nickname-format-string(7416) Reference: URL:http://xforce.iss.net/static/7416.php Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. Modifications: ADDREF XF:xchat-nickname-format-string(7416) INFERRED ACTION: CAN-2001-0792 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Armstrong MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:xchat-nickname-format-string(7416) Christey> Inquiry sent to xchat developer on 2/25/2002. Christey> Received a reply 2/26/2002: "I don't know... It doesn't seem to effect [sic] any recent versions though." This vulnerability was reported for a *MUCH* older version. ====================================================== Candidate: CAN-2001-0825 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0825 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020821-02 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Jun/0002.html Reference: CONECTIVA:CLA-2001:406 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406 Reference: REDHAT:RHSA-2001:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html Reference: IMMUNIX:IMNX-2001-70-029-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01 Reference: BID:2971 Reference: URL:http://www.securityfocus.com/bid/2971 Reference: XF:xinetd-zero-length-bo(6804) Reference: URL:http://xforce.iss.net/static/6804.php Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. Modifications: ADDREF XF:xinetd-zero-length-bo(6804) ADDREF IMMUNIX:IMNX-2001-70-024-01 DELREF IMMUNIX:IMNX-2001-70-024-01 DELREF BUGTRAQ:20010629 xinetd update [normalize to IMMUNIX] DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 INFERRED ACTION: CAN-2001-0825 FINAL (Final Decision 20040901) Current Votes: ACCEPT(6) Wall, Foat, Cole, Armstrong, Baker, Bishop MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:xinetd-zero-length-bo(6804) Christey> Need to sift through the references to make sure they're correct and appropriately distinguish from CAN-2001-0763. Christey> DELREF IMMUNIX:IMNX-2001-70-024-01 - it does not explicitly mention this issue. DELREF BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1 That's for CAN-2001-0763. Change affected version to 2.1.8, I have no idea where 2.3.1 came from. ====================================================== Candidate: CAN-2001-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0837 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20011122 Assigned: 20011122 Category: SF Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100403691432052&w=2 Reference: XF:pc2phone-temp-account-readable(7393) Reference: URL:http://xforce.iss.net/xforce/xfdb/7393 Reference: BID:3475 Reference: URL:http://www.securityfocus.com/bid/3475 DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. Modifications: 20040723 ADDREF XF:pc2phone-temp-account-readable(7393) INFERRED ACTION: CAN-2001-0837 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Armstrong, Baker MODIFY(1) Frech NOOP(4) Wall, Foat, Cole, Bishop Voter Comments: Frech> XF:pc2phone-temp-account-readable(7393) Armstrong> http://www.securiteam.com/windowsntfocus/6V00P202UC.html ====================================================== Candidate: CAN-2001-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2 Reference: NTBUGTRAQ:20011120 IIS logging issue Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2 Reference: XF:iis-fake-log-entry(7613) Reference: URL:http://xforce.iss.net/xforce/xfdb/7613 Reference: BID:6795 Reference: URL:http://www.securityfocus.com/bid/6795 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. Modifications: 20040723 ADDREF XF:iis-fake-log-entry(7613) INFERRED ACTION: CAN-2001-0902 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Foat, Cole MODIFY(1) Frech NOOP(1) Armstrong REVIEWING(1) Wall Voter Comments: Frech> XF:iis-fake-log-entry(7613) ====================================================== Candidate: CAN-2001-0907 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20020817-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337 Reference: MANDRAKE:MDKSA-2001:082 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3 Reference: SUSE:SuSE-SA:2001:036 Reference: URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html Reference: IMMUNIX:IMNX-2001-70-035-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 Reference: CALDERA:CSSA-2001-036.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt Reference: MANDRAKE:MDKSA-2001:079 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php Reference: ENGARDE:ESA-20011019-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html Reference: BUGTRAQ:20011019 TSLSA-2001-0028 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 Reference: XF:linux-multiple-symlink-dos(7312) Reference: URL:http://www.iss.net/security_center/static/7312.php Reference: BID:3444 Reference: URL:http://www.securityfocus.com/bid/3444 Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. Modifications: ADDREF SUSE:SuSE-SA:2001:036 ADDREF IMMUNIX:IMNX-2001-70-035-01 ADDREF CALDERA:CSSA-2001-036.0 ADDREF MANDRAKE:MDKSA-2001:079 ADDREF ENGARDE:ESA-20011019-02 ADDREF BUGTRAQ:20011019 TSLSA-2001-0028 ADDREF XF:linux-multiple-symlink-dos(7312) ADDREF BID:3444 INFERRED ACTION: CAN-2001-0907 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Baker MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Frech> XF:linux-multiple-symlink-dos(7312) Christey> SUSE:SuSE-SA:2001:036 URL:http://www.suse.de/de/support/security/2001_036_kernel_txt.html IMMUNIX:IMNX-2001-70-035-01 URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01 CALDERA:CSSA-2001-036.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt MANDRAKE:MDKSA-2001:079 ENGARDE:ESA-20011019-02 URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html BUGTRAQ:20011019 TSLSA-2001-0028 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100350685431610&w=2 ====================================================== Candidate: CAN-2001-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2 Reference: XF:winxp-helpctr-bo(7605) Reference: URL:http://xforce.iss.net/static/7605.php Reference: BID:6802 Reference: URL:http://www.securityfocus.com/bid/6802 Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. Modifications: 20040723 BID:6802 INFERRED ACTION: CAN-2001-0909 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Cole, Frech NOOP(1) Armstrong REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2 Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2 Reference: XF:linux-vmlinux-dos(7591) Reference: URL:http://xforce.iss.net/xforce/xfdb/7591 Reference: BID:3570 Reference: URL:http://www.securityfocus.com/bid/3570 Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. Modifications: 20040723 ADDREF XF:linux-vmlinux-dos(7591) 20040723 ADDREF BID:3570 INFERRED ACTION: CAN-2001-0914 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Armstrong, Baker MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-vmlinux-dos(7591) ====================================================== Candidate: CAN-2001-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2 Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2 Reference: XF:win2k-ike-dos(7667) Reference: URL:http://xforce.iss.net/static/7667.php Reference: BID:3652 Reference: URL:http://www.securityfocus.com/bid/3652 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. Modifications: 20040723 desc normalize DoS term INFERRED ACTION: CAN-2001-0951 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(1) Cole REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1029 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html Reference: XF:bsd-libutil-privilege-dropping(8697) Reference: URL:http://xforce.iss.net/xforce/xfdb/8697 Reference: OSVDB:6073 Reference: URL:http://www.osvdb.org/6073 libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. Modifications: 20040723 ADDREF XF:bsd-libutil-privilege-dropping(8697) 20040818 ADDREF OSVDB:6073 INFERRED ACTION: CAN-2001-1029 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Foat, Green MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:bsd-libutil-privilege-dropping(8697) ====================================================== Candidate: CAN-2001-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040723 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet Reference: URL:http://www.securityfocus.com/archive/1/200323 Reference: BID:3113 Reference: URL:http://www.securityfocus.com/bid/3113 Reference: XF:win-arp-packet-flooding-dos(6924) Reference: URL:http://xforce.iss.net/xforce/xfdb/6924 The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. Modifications: 20040723 ADDREF XF:win-arp-packet-flooding-dos(6924) 20040723 desc - add ARPNuke INFERRED ACTION: CAN-2001-1055 FINAL (Final Decision 20040901) Current Votes: ACCEPT(1) Foat MODIFY(2) Green, Frech NOOP(3) Wall, Cole, Armstrong Voter Comments: Green> TOO VAGUE TO REACH ANY CONCLUSION Frech> XF:win-arp-packet-flooding-dos(6924) ====================================================== Candidate: CAN-2001-1066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2 Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6. Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Reference: SUNBUG:4633888 Reference: BID:3243 Reference: URL:http://www.securityfocus.com/bid/3243 Reference: XF:netscape-install-tmpfile-symlink(7042) Reference: URL:http://xforce.iss.net/static/7042.php ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. Modifications: 20040725 ADDREF SUNBUG:4633888 20040725 ADDREF BID:3243 20040725 ADDREF XF:netscape-install-tmpfile-symlink(7042) 20040725 ADDREF VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. INFERRED ACTION: CAN-2001-1066 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Dik, Green MODIFY(1) Frech NOOP(4) Foat, Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Dik> Verified by code inspection of ns6install from netscape 6.2.1 beta Sun bug: 4633888 (just filed) Christey> BID:3243 URL:http://www.securityfocus.com/bid/3243 XF:netscape-install-tmpfile-symlink(7042) URL:http://xforce.iss.net/static/7042.php Christey> VULNWATCH:20010827 [VulnWatch] Dangerous temp file creation during installation of Netscape 6. URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html Frech> XF:netscape-install-tmpfile-symlink(7042) ====================================================== Candidate: CAN-2001-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2 Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html Reference: BID:3225 Reference: URL:http://www.securityfocus.com/bid/3225 Reference: XF:adobe-acrobat-insecure-permissions(7024) Reference: URL:http://xforce.iss.net/static/7024.php libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. INFERRED ACTION: CAN-2001-1069 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Cole, Armstrong, Christey REVIEWING(1) Wall Voter Comments: Christey> SGI:20020806-01-I points to this candidate, but I'm not so sure that's correct; the SGI advisory discusses symlink attacks, but this CAN is related to permissions. ====================================================== Candidate: CAN-2001-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://freshmeat.net/releases/52020/ Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: BID:2994 Reference: URL:http://www.securityfocus.com/bid/2994 Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. Modifications: 20040725 VULNWATCH:20010719 Changelog maddness (14 various broken apps) 20040725 MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001 INFERRED ACTION: CAN-2001-1081 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Armstrong, Green, Baker MODIFY(2) Christey, Frech NOOP(2) Wall, Foat Voter Comments: Frech> ISS: ISS Security Advisory: Remote Buffer Overflow in Multiple RADIUS Implementations XF:lucent-radius-authentication-bo(6794) CONFIRM reference is no longer available. Christey> VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html Christey> XF:lucent-radius-authentication-bo(6794) does not seem appropriate, as it deals with buffer overflows; however, this is a format string issue. XF:lucent-radius-authentication-bo(6794) is really about CAN-2001-0534. ====================================================== Candidate: CAN-2001-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1098 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html Reference: CERT-VN:VU#639507 Reference: URL:http://www.kb.cert.org/vuls/id/639507 Reference: XF:cisco-pfm-plaintext-password(7265) Reference: URL:http://xforce.iss.net/static/7265.php Reference: BID:3419 Reference: URL:http://www.securityfocus.com/bid/3419 Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. Modifications: 20040725 ADDREF BID:3419 20040725 ADDREF CERT-VN:VU#639507 INFERRED ACTION: CAN-2001-1098 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(3) Wall, Cole, Armstrong REVIEWING(1) Ziese Voter Comments: CHANGE> [Armstrong changed vote from REVIEWING to NOOP] Frech> HAS-INDEPENDENT-CONFIRMATION:http://www.kb.cert.org/vuls/id/6 39507 ====================================================== Candidate: CAN-2001-1103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1103 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#320944 Reference: URL:http://www.kb.cert.org/vuls/id/320944 Reference: XF:ftp-voyager-embedded-script-execution(7119) Reference: URL:http://xforce.iss.net/static/7119.php FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2001-1103 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Green, Baker, Frech, Ziese NOOP(3) Foat, Cole, Armstrong REVIEWING(1) Wall Voter Comments: Green> Vendor appears to have acknowledged with a new release of the product, although there is no explicit citing of the vulnerability on the vendor's website ====================================================== Candidate: CAN-2001-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1186 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug. Reference: URL:http://www.securityfocus.com/archive/1/244892 Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack Reference: URL:http://online.securityfocus.com/archive/1/244931 Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved) Reference: URL:http://online.securityfocus.com/archive/1/245100 Reference: BID:3667 Reference: URL:http://www.securityfocus.com/bid/3667 Reference: XF:iis-false-content-length-dos(7691) Reference: URL:http://www.iss.net/security_center/static/7691.php Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. INFERRED ACTION: CAN-2001-1186 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Frech NOOP(2) Foat, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1200 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP Reference: URL:http://www.securityfocus.com/archive/1/246014 Reference: BID:3703 Reference: URL:http://www.securityfocus.com/bid/3703 Reference: XF:winxp-hotkey-execute-programs(7713) Reference: URL:http://www.iss.net/security_center/static/7713.php Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. INFERRED ACTION: CAN-2001-1200 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Foat, Green, Frech NOOP(2) Cole, Ziese REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1267 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers Reference: URL:http://online.securityfocus.com/archive/1/196445 Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz Reference: MANDRAKE:MDKSA-2002:066 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 Reference: REDHAT:RHSA-2002:096 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Reference: REDHAT:RHSA-2002:138 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html Reference: REDHAT:RHSA-2003:218 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html Reference: CONECTIVA:CLA-2002:538 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 Reference: HP:HPSBTL0209-068 Reference: URL:http://online.securityfocus.com/advisories/4514 Reference: XF:archive-extraction-directory-traversal(10224) Reference: URL:http://www.iss.net/security_center/static/10224.php Reference: BID:3024 Reference: URL:http://www.securityfocus.com/bid/3024 Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). Modifications: ADDREF MANDRAKE:MDKSA-2002:066 ADDREF REDHAT:RHSA-2002:096 ADDREF CONECTIVA:CLA-2002:538 ADDREF HP:HPSBTL0209-068 ADDREF XF:archive-extraction-directory-traversal(10224) 20040725 BID:3024 20040818 ADDREF REDHAT:RHSA-2002:138 20040818 ADDREF REDHAT:RHSA-2003:218 INFERRED ACTION: CAN-2001-1267 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(2) Frech, Cox NOOP(3) Wall, Foat, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2002:066 CHANGE> [Cox changed vote from REVIEWING to MODIFY] Cox> ADDREF: RHSA-2002:096 Frech> XF:archive-extraction-directory-traversal(10224) Christey> MANDRAKE:MDKSA-2002:066 URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066 CONECTIVA:CLA-2002:538 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HP:HPSBTL0209-068 URL:http://online.securityfocus.com/advisories/4514 REDHAT:RHSA-2002:096 URL:http://www.redhat.com/support/errata/RHSA-2002-096.html Christey> There are a couple directory traversal variants for GNU tar out there. Can we be sure the references line up correctly? ====================================================== Candidate: CAN-2001-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1279 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20030318-02 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Reference: FREEBSD:FreeBSD-SA-01:48 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc Reference: CONECTIVA:CLA-2002:480 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Reference: MANDRAKE:MDKSA-2002:032 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php Reference: CALDERA:CSSA-2002-025.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt Reference: XF:tcpdump-afs-rpc-bo(7006) Reference: URL:http://www.iss.net/security_center/static/7006.php Reference: BID:3065 Reference: URL:http://online.securityfocus.com/bid/3065 Reference: CERT-VN:VU#797201 Reference: URL:http://www.kb.cert.org/vuls/id/797201 Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. Modifications: ADDREF CONECTIVA:CLA-2002:480 ADDREF MANDRAKE:MDKSA-2002:032 ADDREF CALDERA:CSSA-2002-025.0 ADDREF XF:tcpdump-afs-rpc-bo(7006) ADDREF CERT-VN:VU#797201 INFERRED ACTION: CAN-2001-1279 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Cole, Green, Cox MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2002:480 The Conectiva advisory references the FreeBSD advisory used in this CAN, along with other issues that are addressed. Christey> CONECTIVA:CLA-2002:480 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480 Christey> MANDRAKE:MDKSA-2002:032 CONECTIVA:CLA-2002:480 CALDERA:CSSA-2002-025.0 Frech> XF:tcpdump-afs-rpc-bo(7006) Christey> Consider whether SUSE:SuSE-SA:2002:020 addresses this issue or not. ====================================================== Candidate: CAN-2001-1302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1302 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911 Reference: BID:3063 Reference: URL:http://www.securityfocus.com/bid/3063 Reference: XF:win2k-change-network-passwords(6876) Reference: URL:http://xforce.iss.net/static/6876.php The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. INFERRED ACTION: CAN-2001-1302 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1328 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: Reference: CIAC:L-103 Reference: AUSCERT:AA-2001.03 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03 Reference: SUN:00203 Reference: XF:solaris-ypbind-bo(6828) Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. INFERRED ACTION: CAN-2001-1328 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Foat, Cole, Cox REVIEWING(1) Wall Voter Comments: Green> Sun Security bulletin 00203 ====================================================== Candidate: CAN-2001-1347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1347 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html Reference: XF:win2k-debug-elevate-privileges(6590) Reference: URL:http://www.iss.net/security_center/static/6590.php Reference: BID:2764 Reference: URL:http://www.securityfocus.com/bid/2764 Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. INFERRED ACTION: CAN-2001-1347 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Foat, Cole, Green, Frech NOOP(1) Cox REVIEWING(1) Wall ====================================================== Candidate: CAN-2001-1350 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1350 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. Modifications: 20040725 XF:linux-namazu-css(7875) INFERRED ACTION: CAN-2001-1350 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Wall, Cole, Green, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-namazu-bo(7876) Christey> This is not a buffer overflow as suggested by the XF reference, it's a CSS/XSS issue (XF:linux-namazu-css(7875)) ====================================================== Candidate: CAN-2001-1351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1351 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:162 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=namazu&q=b Reference: XF:linux-namazu-css(7875) Reference: URL:http://www.iss.net/security_center/static/7875.php Reference: OSVDB:5690 Reference: URL:http://www.osvdb.org/5690 Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. Modifications: ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5690 INFERRED ACTION: CAN-2001-1351 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1352 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1352 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20020611 Assigned: 20020602 Category: SF Reference: REDHAT:RHSA-2001:179 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060476404565&w=2 Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100947261916155&w=2 Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101068116016472&w=2 Reference: XF:linux-namazu-css(7875) Reference: URL:http://xforce.iss.net/xforce/xfdb/7875 Reference: OSVDB:5691 Reference: URL:http://www.osvdb.org/5691 Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. Modifications: 20040725 ADDREF XF:linux-namazu-css(7875) 20040818 ADDREF OSVDB:5691 INFERRED ACTION: CAN-2001-1352 FINAL (Final Decision 20040901) Current Votes: ACCEPT(5) Wall, Cole, Alderson, Green, Cox MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:linux-namazu-css(7875) ====================================================== Candidate: CAN-2001-1367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1367 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020611 Assigned: 20020607 Category: SF Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&; Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html Reference: XF:phpslice-checkaccess-function-privileges(9649) Reference: URL:http://xforce.iss.net/xforce/xfdb/9649 The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. Modifications: 20040725 ADDREF XF:phpslice-checkaccess-function-privileges(9649) INFERRED ACTION: CAN-2001-1367 FINAL (Final Decision 20040901) Current Votes: ACCEPT(2) Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Cox REVIEWING(1) Alderson Voter Comments: Alderson> Is there a candidate already in existence for the problem as it relates to 0.1.4? If so, since this problem was not fixed, perhaps that one needs to be modified to include 0.1.7. Frech> XF:phpslice-checkaccess-function-privileges(9649) ====================================================== Candidate: CAN-2001-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1386 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194442 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://www.iss.net/security_center/static/6760.php Reference: BID:2957 Reference: URL:http://www.securityfocus.com/bid/2957 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. INFERRED ACTION: CAN-2001-1386 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Green, Baker, Frech MODIFY(1) Foat NOOP(3) Cole, Armstrong, Cox REVIEWING(1) Wall Voter Comments: Foat> If a windows shortcut file (*.lnk) linked to a directory is uploaded, an ftp user would be3 able to have access to the directory link points by typing 'cd <file>.lnk'. If an ftp user uploads a *.lnk file to a known file for which the user does not have access and then does a 'GET' on the link, the file will be downloaded. ====================================================== Candidate: CAN-2001-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1391 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040725 Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653252326445&w=2 Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684172109474&w=2 Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html Reference: IMMUNIX:IMNX-2001-70-010-01 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98575345009963&w=2 Reference: CALDERA:CSSA-2001-012.0 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98637996127004&w=2 Reference: MANDRAKE:MDKSA-2001:037 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98759029811377&w=2 Reference: DEBIAN:DSA-047 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98741381506142&w=2 Reference: SUSE:SuSE-SA:2001:018 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99013830726309&w=2 Reference: CONECTIVA:CLA-2001:394 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98775114228203&w=2 Reference: REDHAT:RHSA-2001:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html Reference: XF:linux-cpia-memory-overwrite(11162) Reference: URL:http://xforce.iss.net/xforce/xfdb/11162 Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. Modifications: 20040725 desc fix small typo 20040725 XF:linux-cpia-memory-overwrite(11162) INFERRED ACTION: CAN-2001-1391 FINAL (Final Decision 20040901) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Green, Baker, Cox MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-ptrace-modify-process(6080) Christey> fix typo: "off-by-one" should be "Off-by-one" Christey> XF:linux-cpia-memory-overwrite(11162) is clearly the correct reference here. ====================================================== Candidate: CAN-2002-0036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040818 Proposed: 20030317 Assigned: 20020116 Category: SF Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt Reference: CERT-VN:VU#587579 Reference: URL:http://www.kb.cert.org/vuls/id/587579 Reference: CONECTIVA:CLA-2003:639 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639 Reference: MANDRAKE:MDKSA-2003:043 Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043 Reference: REDHAT:RHSA-2003:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html Reference: REDHAT:RHSA-2003:052 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html Reference: REDHAT:RHSA-2003:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html Reference: XF:kerberos-kdc-neglength-bo(11190) Reference: URL:http://xforce.iss.net/xforce/xfdb/11190 Reference: BID:6713 Reference: URL:http://www.securityfocus.com/bid/6713 Reference: OSVDB:4896 Reference: URL:http://www.osvdb.org/4896 Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. Modifications: 20040725 ADDREF REDHAT:RHSA-2003:051 20040725 ADDREF REDHAT:RHSA-2003:052 20040725 ADDREF MANDRAKE:MDKSA-2003:043 20040725 ADDREF CONECTIVA:CLA-2003:639 20040725 ADDREF XF:kerberos-kdc-neglength-bo(11190) 20040725 ADDREF BID:6713 20040818 ADDREF REDHAT:RHSA-2003:168 20040818 ADDREF OSVDB:4896 INFERRED ACTION: CAN-2002-0036 FINAL (Final Decision 20040901) Current Votes: ACCEPT(3) Baker, Wall, Cole MODIFY(2) Frech, Cox NOOP(1) Christey Voter Comments: Cox> This is fixed in krb5 version 1.2.5 Cox> Addref RHSA-2003:051 Cox> Addref REDHAT:RHSA-2003:052 Christey> MANDRAKE:MDKSA-2003:043 (as suggested by Vincent Danen of Mandrake) Frech> XF:kerberos-kdc-neglength-bo(11190) ====================================================== Candidate: CAN-2002-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020315 Assigned: 20020306 Category: SF Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270149 Reference: SUNALERT:44842 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842 Reference: CERT-VN:VU#188507 Reference: URL:http://www.kb.cert.org/vuls/id/188507 Reference: BID:4633 Reference: URL:http://www.securityfocus.com/bid/4633 Reference: XF:solaris-lbxproxy-display-bo(8958) Reference: URL:http://www.iss.net/security_center/static/8958.php Reference: OVAL:OVAL179 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL179.html Reference: OVAL:OVAL86 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL86.html Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Modifications: ADDREF VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability ADDREF BID:4633 ADDREF CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842&zone_32=category%3Asecurity%20lbxproxy ADDREF XF:solaris-lbxproxy-display-bo(8958) ADDREF CERT-VN:VU#188507 DESC expanded "lbx" term 20040725 Normalize SUNALERT reference 20040824 ADDREF OVAL:OVAL179 20040824 ADDREF OVAL:OVAL86 INFERRED ACTION: CAN-2002-0090 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Balinsky, Wall, Cole, Green NOOP(3) Ziese, Foat, Christey Voter Comments: Balinsky> Patch at http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 resolves an lbxproxy buffer overflow. Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability URL:http://online.securityfocus.com/archive/1/270149 BID:4633 URL:http://www.securityfocus.com/bid/4633 ====================================================== Candidate: CAN-2002-0158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158 Final-Decision: 20040901 Interim-Decision: 20040825 Modified: 20040824 Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2 Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 Reference: OVAL:OVAL14 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL14.html Reference: OVAL:OVAL33 Reference: URL:http://oval.mitre.org/oval/definitions/pseudo/OVAL33.html Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Modifications: ADDREF CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 20040824 ADDREF OVAL:OVAL14 20040824 ADDREF OVAL:OVAL33 INFERRED ACTION: CAN-2002-0158 FINAL (Final Decision 20040901) Current Votes: ACCEPT(4) Baker, Foat, Armstrong, Green MODIFY(1) Frech NOOP(3) Christey, Cox, Cole REVIEWING(1) Wall Voter Comments: Green> The documentation of this vulnerability is compelling Christey> CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652 the description for patch 108652-52, bug 4661987, explicitly references CAN-2002-0158. Green> The documentation of this vulnerability is compelling Frech> XF:solaris-xsun-co-bo(8703) Christey> I received an email on Oct 10, 2003, that suggested that other non-Sun operating systems may be affected. Christey> XSco is also affected: BUGTRAQ:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102380830430665&w=2 VULN-DEV:20020611 SCO Openserver Xsco heap overflow. URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102381771109722&w=2 CALDERA:CSSA-2003-SCO.26 ====================================================== Candidate: CAN-2002-0188 URL: | ||||