|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 232 recent candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-2000-0048 CVE-2000-0048 CAN-2000-0080 CVE-2000-0080 CAN-2000-0111 CVE-2000-0111 CAN-2000-0252 CVE-2000-0252 CAN-2000-0253 CVE-2000-0253 CAN-2000-0254 CVE-2000-0254 CAN-2000-0255 CVE-2000-0255 CAN-2000-0276 CVE-2000-0276 CAN-2000-0278 CVE-2000-0278 CAN-2000-0283 CVE-2000-0283 CAN-2000-0287 CVE-2000-0287 CAN-2000-0292 CVE-2000-0292 CAN-2000-0296 CVE-2000-0296 CAN-2000-0341 CVE-2000-0341 CAN-2000-0488 CVE-2000-0488 CAN-2000-0498 CVE-2000-0498 CAN-2000-0523 CVE-2000-0523 CAN-2000-0542 CVE-2000-0542 CAN-2000-0565 CVE-2000-0565 CAN-2000-0672 CVE-2000-0672 CAN-2000-0679 CVE-2000-0679 CAN-2000-0698 CVE-2000-0698 CAN-2000-0702 CVE-2000-0702 CAN-2000-0716 CVE-2000-0716 CAN-2000-0729 CVE-2000-0729 CAN-2000-0732 CVE-2000-0732 CAN-2000-0738 CVE-2000-0738 CAN-2000-0749 CVE-2000-0749 CAN-2000-0762 CVE-2000-0762 CAN-2000-0764 CVE-2000-0764 CAN-2000-0766 CVE-2000-0766 CAN-2000-0783 CVE-2000-0783 CAN-2000-0804 CVE-2000-0804 CAN-2000-0805 CVE-2000-0805 CAN-2000-0806 CVE-2000-0806 CAN-2000-0807 CVE-2000-0807 CAN-2000-0808 CVE-2000-0808 CAN-2000-0809 CVE-2000-0809 CAN-2000-0810 CVE-2000-0810 CAN-2000-0811 CVE-2000-0811 CAN-2000-0813 CVE-2000-0813 CAN-2000-0824 CVE-2000-0824 CAN-2000-0834 CVE-2000-0834 CAN-2000-0837 CVE-2000-0837 CAN-2000-0844 CVE-2000-0844 CAN-2000-0846 CVE-2000-0846 CAN-2000-0847 CVE-2000-0847 CAN-2000-0848 CVE-2000-0848 CAN-2000-0849 CVE-2000-0849 CAN-2000-0850 CVE-2000-0850 CAN-2000-0851 CVE-2000-0851 CAN-2000-0852 CVE-2000-0852 CAN-2000-0853 CVE-2000-0853 CAN-2000-0858 CVE-2000-0858 CAN-2000-0860 CVE-2000-0860 CAN-2000-0861 CVE-2000-0861 CAN-2000-0862 CVE-2000-0862 CAN-2000-0863 CVE-2000-0863 CAN-2000-0864 CVE-2000-0864 CAN-2000-0865 CVE-2000-0865 CAN-2000-0867 CVE-2000-0867 CAN-2000-0868 CVE-2000-0868 CAN-2000-0869 CVE-2000-0869 CAN-2000-0870 CVE-2000-0870 CAN-2000-0871 CVE-2000-0871 CAN-2000-0873 CVE-2000-0873 CAN-2000-0878 CVE-2000-0878 CAN-2000-0883 CVE-2000-0883 CAN-2000-0884 CVE-2000-0884 CAN-2000-0886 CVE-2000-0886 CAN-2000-0887 CVE-2000-0887 CAN-2000-0888 CVE-2000-0888 CAN-2000-0900 CVE-2000-0900 CAN-2000-0901 CVE-2000-0901 CAN-2000-0908 CVE-2000-0908 CAN-2000-0909 CVE-2000-0909 CAN-2000-0910 CVE-2000-0910 CAN-2000-0911 CVE-2000-0911 CAN-2000-0912 CVE-2000-0912 CAN-2000-0913 CVE-2000-0913 CAN-2000-0914 CVE-2000-0914 CAN-2000-0915 CVE-2000-0915 CAN-2000-0917 CVE-2000-0917 CAN-2000-0919 CVE-2000-0919 CAN-2000-0920 CVE-2000-0920 CAN-2000-0921 CVE-2000-0921 CAN-2000-0922 CVE-2000-0922 CAN-2000-0923 CVE-2000-0923 CAN-2000-0924 CVE-2000-0924 CAN-2000-0925 CVE-2000-0925 CAN-2000-0926 CVE-2000-0926 CAN-2000-0928 CVE-2000-0928 CAN-2000-0929 CVE-2000-0929 CAN-2000-0930 CVE-2000-0930 CAN-2000-0932 CVE-2000-0932 CAN-2000-0933 CVE-2000-0933 CAN-2000-0934 CVE-2000-0934 CAN-2000-0935 CVE-2000-0935 CAN-2000-0936 CVE-2000-0936 CAN-2000-0937 CVE-2000-0937 CAN-2000-0938 CVE-2000-0938 CAN-2000-0941 CVE-2000-0941 CAN-2000-0942 CVE-2000-0942 CAN-2000-0943 CVE-2000-0943 CAN-2000-0944 CVE-2000-0944 CAN-2000-0946 CVE-2000-0946 CAN-2000-0947 CVE-2000-0947 CAN-2000-0948 CVE-2000-0948 CAN-2000-0949 CVE-2000-0949 CAN-2000-0951 CVE-2000-0951 CAN-2000-0952 CVE-2000-0952 CAN-2000-0953 CVE-2000-0953 CAN-2000-0956 CVE-2000-0956 CAN-2000-0957 CVE-2000-0957 CAN-2000-0958 CVE-2000-0958 CAN-2000-0959 CVE-2000-0959 CAN-2000-0960 CVE-2000-0960 CAN-2000-0961 CVE-2000-0961 CAN-2000-0962 CVE-2000-0962 CAN-2000-0965 CVE-2000-0965 CAN-2000-0966 CVE-2000-0966 CAN-2000-0967 CVE-2000-0967 CAN-2000-0968 CVE-2000-0968 CAN-2000-0969 CVE-2000-0969 CAN-2000-0970 CVE-2000-0970 CAN-2000-0972 CVE-2000-0972 CAN-2000-0973 CVE-2000-0973 CAN-2000-0974 CVE-2000-0974 CAN-2000-0975 CVE-2000-0975 CAN-2000-0977 CVE-2000-0977 CAN-2000-0978 CVE-2000-0978 CAN-2000-0979 CVE-2000-0979 CAN-2000-0980 CVE-2000-0980 CAN-2000-0981 CVE-2000-0981 CAN-2000-0982 CVE-2000-0982 CAN-2000-0983 CVE-2000-0983 CAN-2000-0984 CVE-2000-0984 CAN-2000-0989 CVE-2000-0989 CAN-2000-0990 CVE-2000-0990 CAN-2000-0991 CVE-2000-0991 CAN-2000-0992 CVE-2000-0992 CAN-2000-0993 CVE-2000-0993 CAN-2000-0994 CVE-2000-0994 CAN-2000-0995 CVE-2000-0995 CAN-2000-0996 CVE-2000-0996 CAN-2000-1000 CVE-2000-1000 CAN-2000-1001 CVE-2000-1001 CAN-2000-1002 CVE-2000-1002 CAN-2000-1003 CVE-2000-1003 CAN-2000-1004 CVE-2000-1004 CAN-2000-1005 CVE-2000-1005 CAN-2000-1006 CVE-2000-1006 CAN-2000-1007 CVE-2000-1007 CAN-2000-1010 CVE-2000-1010 CAN-2000-1011 CVE-2000-1011 CAN-2000-1014 CVE-2000-1014 CAN-2000-1016 CVE-2000-1016 CAN-2000-1018 CVE-2000-1018 CAN-2000-1019 CVE-2000-1019 CAN-2000-1022 CVE-2000-1022 CAN-2000-1024 CVE-2000-1024 CAN-2000-1026 CVE-2000-1026 CAN-2000-1027 CVE-2000-1027 CAN-2000-1031 CVE-2000-1031 CAN-2000-1032 CVE-2000-1032 CAN-2000-1034 CVE-2000-1034 CAN-2000-1036 CVE-2000-1036 CAN-2000-1038 CVE-2000-1038 CAN-2000-1040 CVE-2000-1040 CAN-2000-1041 CVE-2000-1041 CAN-2000-1042 CVE-2000-1042 CAN-2000-1043 CVE-2000-1043 CAN-2000-1044 CVE-2000-1044 CAN-2000-1045 CVE-2000-1045 CAN-2000-1049 CVE-2000-1049 CAN-2000-1050 CVE-2000-1050 CAN-2000-1051 CVE-2000-1051 CAN-2000-1054 CVE-2000-1054 CAN-2000-1055 CVE-2000-1055 CAN-2000-1056 CVE-2000-1056 CAN-2000-1057 CVE-2000-1057 CAN-2000-1058 CVE-2000-1058 CAN-2000-1059 CVE-2000-1059 CAN-2000-1060 CVE-2000-1060 CAN-2000-1061 CVE-2000-1061 CAN-2000-1068 CVE-2000-1068 CAN-2000-1069 CVE-2000-1069 CAN-2000-1070 CVE-2000-1070 CAN-2000-1071 CVE-2000-1071 CAN-2000-1072 CVE-2000-1072 CAN-2000-1073 CVE-2000-1073 CAN-2000-1074 CVE-2000-1074 CAN-2000-1077 CVE-2000-1077 CAN-2000-1080 CVE-2000-1080 CAN-2000-1089 CVE-2000-1089 CAN-2000-1094 CVE-2000-1094 CAN-2000-1095 CVE-2000-1095 CAN-2000-1096 CVE-2000-1096 CAN-2000-1097 CVE-2000-1097 CAN-2000-1099 CVE-2000-1099 CAN-2000-1106 CVE-2000-1106 CAN-2000-1107 CVE-2000-1107 CAN-2000-1112 CVE-2000-1112 CAN-2000-1113 CVE-2000-1113 CAN-2000-1115 CVE-2000-1115 CAN-2000-1120 CVE-2000-1120 CAN-2000-1131 CVE-2000-1131 CAN-2000-1132 CVE-2000-1132 CAN-2000-1135 CVE-2000-1135 CAN-2000-1136 CVE-2000-1136 CAN-2000-1137 CVE-2000-1137 CAN-2000-1139 CVE-2000-1139 CAN-2000-1140 CVE-2000-1140 CAN-2000-1141 CVE-2000-1141 CAN-2000-1142 CVE-2000-1142 CAN-2000-1143 CVE-2000-1143 CAN-2000-1144 CVE-2000-1144 CAN-2000-1145 CVE-2000-1145 CAN-2000-1146 CVE-2000-1146 CAN-2000-1148 CVE-2000-1148 CAN-2000-1149 CVE-2000-1149 CAN-2000-1162 CVE-2000-1162 CAN-2000-1163 CVE-2000-1163 CAN-2000-1167 CVE-2000-1167 CAN-2000-1169 CVE-2000-1169 CAN-2000-1178 CVE-2000-1178 CAN-2000-1179 CVE-2000-1179 CAN-2000-1181 CVE-2000-1181 CAN-2000-1182 CVE-2000-1182 CAN-2000-1184 CVE-2000-1184 CAN-2000-1187 CVE-2000-1187 CAN-2000-1189 CVE-2000-1189 ====================================================== Candidate: CAN-2000-0048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0048 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-02 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit) Reference: BID:928 Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=928 Reference: XF:linux-corel-update get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. Modifications: ADDREF XF:linux-corel-update ADDREF CONFIRM:http://linux.corel.com/support/clos_patch1.htm INFERRED ACTION: CAN-2000-0048 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> ADDREF XF:linux-corel-update Christey> CONFIRM:http://linux.corel.com/support/clos_patch1.htm ====================================================== Candidate: CAN-2000-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0080 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2 Reference: BID:931 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=931 Reference: XF:aix-techlibss-symbolic-link AIX techlibss allows local users to overwrite files via a symlink attack. Modifications: ADDREF XF:aix-techlibss-symbolic-link INFERRED ACTION: CAN-2000-0080 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Bollinger MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:aix-techlibss-symbolic-link Christey> The poster claims that some fileset "techlib.service.rte.1.0.0.4" fixes the problem, but I can't find it in the AIX database, so this problem is not vendor-confirmed. ====================================================== Candidate: CAN-2000-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0111 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2 Reference: BID:953 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=953 Reference: XF:avt-rightfax-predict-session The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. Modifications: ADDREF XF:avt-rightfax-predict-session INFERRED ACTION: CAN-2000-0111 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:avt-rightfax-predict-session CHANGE> [Cole changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0252 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-shell-metacharacters Reference: URL:http://xforce.iss.net/static/4975.php The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. Modifications: ADDREF XF:dansie-shell-metacharacters(4975) INFERRED ACTION: CAN-2000-0252 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:dansie-shell-metacharacters(4975) ====================================================== Candidate: CAN-2000-0253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0253 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:shopping-cart-form-tampering Reference: URL:http://xforce.iss.net/static/4621.php The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. Modifications: ADDREF XF:shopping-cart-form-tampering(4621) INFERRED ACTION: CAN-2000-0253 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:shopping-cart-form-tampering(4621) ====================================================== Candidate: CAN-2000-0254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0254 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-form-variables Reference: URL:http://xforce.iss.net/static/4954.php The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. Modifications: ADDREF XF:dansie-form-variables(4954) INFERRED ACTION: CAN-2000-0254 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:dansie-form-variables(4954) ====================================================== Candidate: CAN-2000-0255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0255 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html Reference: BID:1091 Reference: URL:http://www.securityfocus.com/bid/1091 Reference: XF:nbase-xyplex-router The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. Modifications: ADDREF XF:nbase-xyplex-router INFERRED ACTION: CAN-2000-0255 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:nbase-xyplex-router ====================================================== Candidate: CAN-2000-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0276 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000410 BeOS syscall bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com Reference: BID:1098 Reference: URL:http://www.securityfocus.com/bid/1098 Reference: XF:beos-syscall-dos BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. Modifications: ADDREF XF:beos-syscall-dos INFERRED ACTION: CAN-2000-0276 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:beos-syscall-dos ====================================================== Candidate: CAN-2000-0278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0278 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html Reference: BID:1089 Reference: URL:http://www.securityfocus.com/bid/1089 Reference: XF:eviewer-admin-request-dos The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. Modifications: ADDREF XF:eviewer-admin-request-dos INFERRED ACTION: CAN-2000-0278 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:eviewer-admin-request-dos ====================================================== Candidate: CAN-2000-0283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0283 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: CF Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: BID:1106 Reference: URL:http://www.securityfocus.com/bid/1106 Reference: XF:irix-pmcd-info The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Modifications: ADDREF XF:irix-pmcd-info INFERRED ACTION: CAN-2000-0283 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:irix-pmcd-info ====================================================== Candidate: CAN-2000-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0287 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html Reference: BID:1104 Reference: URL:http://www.securityfocus.com/bid/1104 Reference: XF:http-cgi-bizdb The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. Modifications: ADDREF XF:http-cgi-bizdb INFERRED ACTION: CAN-2000-0287 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:http-cgi-bizdb ====================================================== Candidate: CAN-2000-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0292 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000418 Adtran DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain Reference: BID:1129 Reference: URL:http://www.securityfocus.com/bid/1129 Reference: XF:adtran-ping-dos The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. Modifications: ADDREF XF:adtran-ping-dos INFERRED ACTION: CAN-2000-0292 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> ADDREF XF:adtran-ping-dos Frech> XF:adtran-ping-dos ====================================================== Candidate: CAN-2000-0296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0296 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system() Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html Reference: BID:1086 Reference: URL:http://www.securityfocus.com/bid/1086 Reference: XF:fcheck-shell fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. Modifications: ADDREF XF:fcheck-shell INFERRED ACTION: CAN-2000-0296 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:fcheck-shell Christey> There is no apparent vendor acknowledgement; however, I reviewed the source code, and the vulnerable system() call is now being called in the safe fashion (i.e. splitting command-line arguments out as separate parameters to the system function itself). This, in conjunction with the code mentioned in the discloser's original post, shows conclusively that the code was modified. The version of source code that I reviewed was 2.7.51. Christey> http://sites.netscape.net/fcheck/FCheck_2.07.51.tar.gz Line 385 of 2.07.51 seems to be fixed. While the filename isn't being cleansed, system() is being called with multiple arguments, so the metacharacters aren't being executed in a shell context. ====================================================== Candidate: CAN-2000-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0341 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 Reference: XF:nntpserver-cassandra-bo ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. Modifications: ADDREF XF:nntpserver-cassandra-bo INFERRED ACTION: CAN-2000-0341 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(4) Wall, Ozancin, Cole, Armstrong Voter Comments: Frech> XF:nntpserver-cassandra-bo ====================================================== Candidate: CAN-2000-0488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0488 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html Reference: BID:1285 Reference: URL:http://www.securityfocus.com/bid/1285 Reference: XF:ithouse-rcpt-overflow(4580) Reference: URL:http://xforce.iss.net/static/4580.php Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. Modifications: ADDREF XF:ithouse-rcpt-overflow(4580) INFERRED ACTION: CAN-2000-0488 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:ithouse-rcpt-overflow(4580) ====================================================== Candidate: CAN-2000-0498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0498 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:ewave-servletexec-jsp-source-read(4649) Reference: URL:http://xforce.iss.net/static/4649.php Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Modifications: ADDREF XF:ewave-servletexec-jsp-source-read(4649) INFERRED ACTION: CAN-2000-0498 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:ewave-servletexec-jsp-source-read(4649) ====================================================== Candidate: CAN-2000-0523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0523 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html Reference: BID:1315 Reference: URL:http://www.securityfocus.com/bid/1315 Reference: XF:eserv-logging-overflow Reference: URL:http://xforce.iss.net/static/4614.php Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. Modifications: ADDREF XF:eserv-logging-overflow(4614) INFERRED ACTION: CAN-2000-0523 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:eserv-logging-overflow(4614) ====================================================== Candidate: CAN-2000-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0542 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html Reference: BID:1345 Reference: URL:http://www.securityfocus.com/bid/1345 Reference: XF:tigris-radius-login-failure Reference: URL:http://xforce.iss.net/static/4705.php Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. Modifications: ADDREF XF:tigris-radius-login-failure(4705) INFERRED ACTION: CAN-2000-0542 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole Voter Comments: Christey> XF:tigris-radius-login-failure Frech> XF:tigris-radius-login-failure(4705) ====================================================== Candidate: CAN-2000-0565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0565 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html Reference: BID:1344 Reference: URL:http://www.securityfocus.com/bid/1344 Reference: XF:smartftp-directory-traversal Reference: URL:http://xforce.iss.net/static/4706.php SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. Modifications: ADDREF XF:smartftp-directory-traversal(4706) INFERRED ACTION: CAN-2000-0565 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole Voter Comments: Christey> XF:smartftp-directory-traversal Frech> XF:smartftp-directory-traversal(4706) ====================================================== Candidate: CAN-2000-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0672 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html Reference: BID:1548 Reference: URL:http://www.securityfocus.com/bid/1548 Reference: XF:jakarta-tomcat-admin Reference: URL:http://xforce.iss.net/static/5160.php The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. Modifications: ADDREF XF:jakarta-tomcat-admin(5160) ADDREF ADDREF BID:1548 INFERRED ACTION: CAN-2000-0672 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:jakarta-tomcat-admin(5160) Christey> ADDREF BID:1548 Christey> ADDREF BID:1548 URL:http://www.securityfocus.com/bid/1548 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0679 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 cvs security problem Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org Reference: BID:1523 Reference: URL:http://www.securityfocus.com/bid/1523 Reference: XF:cvs-client-creates-file The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. Modifications: XF:cvs-client-creates-file INFERRED ACTION: CAN-2000-0679 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: Frech> XF:cvs-client-creates-file ====================================================== Candidate: CAN-2000-0698 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0698 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability Reference: URL:http://www.securityfocus.com/archive/1/77361 Reference: BID:1599 Reference: URL:http://www.securityfocus.com/bid/1599 Reference: XF:minicom-capture-groupown Reference: URL:http://xforce.iss.net/static/5151.php Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. Modifications: ADDREF XF:minicom-capture-groupown DESC mention only uucp-owned files that are affected. INFERRED ACTION: CAN-2000-0698 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> XF:minicom-capture-groupown Christey> Change phrasing to indicate that it's only uucp-owned files that can be affected. ADDREF XF:minicom-capture-groupown http://xforce.iss.net/static/5151.php Frech> XF:minicom-capture-groupown(5151) ====================================================== Candidate: CAN-2000-0702 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0702 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html Reference: BID:1602 Reference: URL:http://www.securityfocus.com/bid/1602 Reference: XF:hp-netinit-symlink Reference: URL:http://xforce.iss.net/static/5131.php The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. Modifications: ADDREF XF:hp-netinit-symlink(5131) INFERRED ACTION: CAN-2000-0702 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:hp-netinit-symlink Christey> XF:hp-netinit-symlink http://xforce.iss.net/static/5131.php Frech> XF:hp-netinit-symlink(5131) ====================================================== Candidate: CAN-2000-0716 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0716 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459 Reference: BID:1553 Reference: URL:http://www.securityfocus.com/bid/1553 Reference: XF:mdaemon-session-id-hijack Reference: URL:http://xforce.iss.net/static/5070.php WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email. Modifications: ADDREF XF:mdaemon-session-id-hijack(5070) INFERRED ACTION: CAN-2000-0716 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:mdaemon-session-id-hijack http://xforce.iss.net/static/5070.php Frech> XF:mdaemon-session-id-hijack(5070) ====================================================== Candidate: CAN-2000-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0729 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:41 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html Reference: BID:1625 Reference: URL:http://www.securityfocus.com/bid/1625 Reference: XF:freebsd-elf-dos(5967) FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. Modifications: ADDREF XF:freebsd-elf-dos(5967) INFERRED ACTION: CAN-2000-0729 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:freebsd-elf-dos(5967) ====================================================== Candidate: CAN-2000-0732 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0732 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Reference: XF:wormhttp-filename-dos Reference: URL:http://xforce.iss.net/static/5149.php Worm HTTP server allows remote attackers to cause a denial of service via a long URL. Modifications: ADDREF XF:wormhttp-filename-dos(5149) INFERRED ACTION: CAN-2000-0732 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Levy, Frech NOOP(2) Christey, Wall Voter Comments: Christey> XF:wormhttp-filename-dos http://xforce.iss.net/static/5149.php ====================================================== Candidate: CAN-2000-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0738 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html Reference: BID:1589 Reference: URL:http://www.securityfocus.com/bid/1589 Reference: XF:webshield-smtp-dos Reference: URL:http://xforce.iss.net/static/5100.php WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. Modifications: ADDREF XF:webshield-smtp-dos(5100) INFERRED ACTION: CAN-2000-0738 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:webshield-smtp-dos http://xforce.iss.net/static/5100.php Frech> XF:webshield-smtp-dos(5100) ====================================================== Candidate: CAN-2000-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0749 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:42 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html Reference: BID:1628 Reference: URL:http://www.securityfocus.com/bid/1628 Reference: XF:freebsd-linux-module-bo(5968) Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. Modifications: DESC fix typo: "compatibility" ADDREF XF:freebsd-linux-module-bo(5968) INFERRED ACTION: CAN-2000-0749 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> fix typo: "compatibility" Frech> XF:freebsd-linux-module-bo(5968) ====================================================== Candidate: CAN-2000-0762 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0762 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: CF Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html Reference: BID:1583 Reference: URL:http://www.securityfocus.com/bid/1583 Reference: XF:etrust-access-control-default Reference: URL:http://xforce.iss.net/static/5076.php The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. Modifications: ADDREF XF:etrust-access-control-default(5076) INFERRED ACTION: CAN-2000-0762 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:etrust-access-control-default http://xforce.iss.net/static/5076.php Frech> XF:etrust-access-control-default(5076) ====================================================== Candidate: CAN-2000-0764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0764 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html Reference: BID:1609 Reference: URL:http://www.securityfocus.com/bid/1609 Reference: XF:intel-express-switch-dos Reference: URL:http://xforce.iss.net/static/5154.php Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. Modifications: ADDREF XF:intel-express-switch-dos(5154) INFERRED ACTION: CAN-2000-0764 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Levy, Frech NOOP(2) Christey, Wall Voter Comments: Christey> XF:intel-express-switch-dos(5154) ====================================================== Candidate: CAN-2000-0766 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0766 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com Reference: BID:1610 Reference: URL:http://www.securityfocus.com/bid/1610 Reference: XF:vqserver-get-dos Reference: URL:http://xforce.iss.net/static/5152.php Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. Modifications: ADDREF XF:vqserver-get-dos(5152) INFERRED ACTION: CAN-2000-0766 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:vqserver-get-dos http://xforce.iss.net/static/5152.php Frech> XF:vqserver-get-dos(5152) ====================================================== Candidate: CAN-2000-0783 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0783 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 200116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html Reference: BID:1573 Reference: URL:http://www.securityfocus.com/bid/1573 Reference: XF:firebox-url-dos Reference: URL:http://xforce.iss.net/static/5098.php Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100. Modifications: ADDREF XF:firebox-url-dos(5098) INFERRED ACTION: CAN-2000-0783 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:firebox-url-dos http://xforce.iss.net/static/5098.php Frech> XF:firebox-url-dos(5098) ====================================================== Candidate: CAN-2000-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0804 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection Reference: XF:fw1-remote-bypass Reference: URL:http://xforce.iss.net/static/5468.php Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." Modifications: ADDREF XF:fw1-remote-bypass(5468) INFERRED ACTION: CAN-2000-0804 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-remote-bypass(5468) ====================================================== Candidate: CAN-2000-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0805 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of Reference: XF:fw1-client-spoof Reference: URL:http://xforce.iss.net/static/5469.php Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." Modifications: ADDREF XF:fw1-client-spoof(5469) INFERRED ACTION: CAN-2000-0805 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-client-spoof(5469) ====================================================== Candidate: CAN-2000-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0806 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications Reference: XF:fw1-fwa1-auth-replay Reference: URL:http://xforce.iss.net/static/5162.php The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." Modifications: ADDREF XF:fw1-fwa1-auth-replay(5162) INFERRED ACTION: CAN-2000-0806 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-fwa1-auth-replay(5162) ====================================================== Candidate: CAN-2000-0807 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0807 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication Reference: XF:fw1-opsec-auth-spoof Reference: URL:http://xforce.iss.net/static/5471.php The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." Modifications: ADDREF XF:fw1-opsec-auth-spoof(5471) INFERRED ACTION: CAN-2000-0807 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-opsec-auth-spoof(5471) ====================================================== Candidate: CAN-2000-0808 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0808 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password Reference: XF:fw1-localhost-auth Reference: URL:http://xforce.iss.net/static/5137.php The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." Modifications: ADDREF XF:fw1-localhost-auth(5137) DESC Correct typo: "mecahnism" INFERRED ACTION: CAN-2000-0808 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-localhost-auth(5137) Christey> Correct typo: "mecahnism" ====================================================== Candidate: CAN-2000-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0809 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer Reference: XF:fw1-getkey-bo Reference: URL:http://xforce.iss.net/static/5139.php Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. Modifications: ADDREF XF:fw1-getkey-bo(5139) INFERRED ACTION: CAN-2000-0809 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-getkey-bo(5139) ====================================================== Candidate: CAN-2000-0810 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1782 Reference: XF:auction-weaver-delete-files Reference: URL:http://xforce.iss.net/static/5371.php Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. Modifications: ADDREF XF:auction-weaver-delete-files(5371) INFERRED ACTION: CAN-2000-0810 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Mell Voter Comments: Frech> XF:auction-weaver-username-bidfile(5372) Christey> Actually, the reference is XF:auction-weaver-delete-files(5371) ====================================================== Candidate: CAN-2000-0811 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1783 Reference: XF:auction-weaver-username-bidfile Reference: URL:http://xforce.iss.net/static/5372.php Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. Modifications: ADDREF XF:auction-weaver-username-bidfile(5372) INFERRED ACTION: CAN-2000-0811 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Mell Voter Comments: Frech> XF:auction-weaver-username-bidfile(5372) ====================================================== Candidate: CAN-2000-0813 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0813 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000926 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection Reference: XF:fw1-ftp-redirect Reference: URL:http://xforce.iss.net/static/5474.php Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." Modifications: ADDREF XF:fw1-ftp-redirect(5474) INFERRED ACTION: CAN-2000-0813 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:fw1-ftp-redirect(5474) ====================================================== Candidate: CAN-2000-0824 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0824 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/0992.html Reference: BUGTRAQ:20000831 glibc unsetenv bug Reference: URL:http://www.securityfocus.com/archive/1/79537 Reference: CALDERA:CSSA-2000-028.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: MANDRAKE:MDKSA-2000:040 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3 Reference: MANDRAKE:MDKSA-2000:045 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3 Reference: REDHAT:RHSA-2000:057-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-04.html Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: SUSE:20000924 glibc locale security problem Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html Reference: BID:648 Reference: URL:http://www.securityfocus.com/bid/648 Reference: BID:1639 Reference: URL:http://www.securityfocus.com/bid/1639 Reference: XF:glibc-ld-unsetenv Reference: URL:http://xforce.iss.net/static/5173.php The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. Modifications: ADDREF XF:glibc-ld-unsetenv(5173) INFERRED ACTION: CAN-2000-0824 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:glibc-ld-unsetenv(5173) ====================================================== Candidate: CAN-2000-0834 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001015 Category: CF Reference: ATSTAKE:A091400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt Reference: MS:MS00-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp Reference: BID:1683 Reference: URL:http://www.securityfocus.com/bid/1683 Reference: XF:win2k-telnet-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5242.php The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. INFERRED ACTION: CAN-2000-0834 FINAL (Final Decision 20010122) Current Votes: ACCEPT(5) Frech, Baker, Magdych, Cole, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0837 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability. Reference: URL:http://www.securityfocus.com/archive/1/73843 Reference: BID:1543 Reference: URL:http://www.securityfocus.com/bid/1543 Reference: XF:servu-null-character-dos Reference: URL:http://xforce.iss.net/static/5029.php FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. INFERRED ACTION: CAN-2000-0837 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:servu-null-character-dos(5029) ====================================================== Candidate: CAN-2000-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0844 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: CALDERA:CSSA-2000-030.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt Reference: REDHAT:RHSA-2000-057-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-02.html Reference: SUSE:20000906 glibc locale security problem Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: AIXAPAR:IY13753 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html Reference: COMPAQ:SSRT0689U Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html Reference: SGI:20000901-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://www.securityfocus.com/archive/1/79960 Reference: BID:1634 Reference: URL:http://www.securityfocus.com/bid/1634 Reference: XF:unix-locale-format-string(5176) Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. Modifications: ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc ADDREF DEBIAN:20000902 glibc: local root exploit ADDREF CALDERA:CSSA-2000-030.0 ADDREF REDHAT:RHSA-2000-057-02 ADDREF SUSE:20000906 glibc locale security problem ADDREF TURBO:TLSA2000020-1 ADDREF AIXAPAR:IY13753 ADDREF COMPAQ:SSRT0689U ADDREF SGI:20000901-01-P ADDREF XF:unix-locale-format-string(5176) INFERRED ACTION: CAN-2000-0844 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Bollinger MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Christey> ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc http://www.securityfocus.com/archive/1/79960 DEBIAN:20000902 glibc: local root exploit http://www.debian.org/security/2000/20000902 CALDERA:CSSA-2000-030.0 http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt REDHAT:RHSA-2000-057-02 http://www.redhat.com/support/errata/RHSA-2000-057-02.html SUSE:20000906 glibc locale security problem http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt TURBO:TLSA2000020-1 http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Christey> ADDREF AIXAPAR:IY13753 http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html Christey> ADDREF COMPAQ:SSRT0689U URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html ADDREF SGI:20000901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P Frech> XF:unix-locale-format-string(5176) ====================================================== Candidate: CAN-2000-0846 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0846 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html Reference: BID:1598 Reference: URL:http://www.securityfocus.com/bid/1598 Reference: XF:darxite-login-bo Reference: URL:http://xforce.iss.net/static/5134.php Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. INFERRED ACTION: CAN-2000-0846 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:darxite-login-bo(5143) ====================================================== Candidate: CAN-2000-0847 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0847 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000901 UW c-client library vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html Reference: BUGTRAQ:20000901 More about UW c-client library Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html Reference: FREEBSD:FreeBSD-SA-00:47.pine Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html Reference: BID:1646 Reference: URL:http://www.securityfocus.com/bid/1646 Reference: BID:1687 Reference: URL:http://www.securityfocus.com/bid/1687 Reference: XF:c-client-dos(5223) Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. Modifications: ADDREF XF:c-client-dos(5223) INFERRED ACTION: CAN-2000-0847 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:c-client-dos(5223) ====================================================== Candidate: CAN-2000-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security Reference: BID:1691 Reference: URL:http://www.securityfocus.com/bid/1691 Reference: XF:websphere-header-dos Reference: URL:http://xforce.iss.net/static/5252.php Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. INFERRED ACTION: CAN-2000-0848 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0849 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0849 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: MS:MS00-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp Reference: BID:1655 Reference: URL:http://www.securityfocus.com/bid/1655 Reference: XF:unicast-service-dos(5193) Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. Modifications: ADDREF XF:unicast-service-dos(5193) INFERRED ACTION: CAN-2000-0849 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Wall MODIFY(1) Frech Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:unicast-service-dos(5193) ====================================================== Candidate: CAN-2000-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: ATSTAKE:A091100-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt Reference: BID:1681 Reference: URL:http://www.securityfocus.com/bid/1681 Reference: XF:siteminder-bypass-authentication Reference: URL:http://xforce.iss.net/static/5230.php Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. INFERRED ACTION: CAN-2000-0850 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0851 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: ATSTAKE:A090700-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt Reference: MS:MS00-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp Reference: BID:1651 Reference: URL:http://www.securityfocus.com/bid/1651 Reference: XF:w2k-still-image-service Reference: URL:http://xforce.iss.net/static/5203.php Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. INFERRED ACTION: CAN-2000-0851 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:49 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html Reference: BID:1686 Reference: URL:http://www.securityfocus.com/bid/1686 Reference: XF:freebsd-eject-port Reference: URL:http://xforce.iss.net/static/5248.php Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. INFERRED ACTION: CAN-2000-0852 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Magdych, Cole NOOP(1) Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html Reference: BID:1668 Reference: URL:http://www.securityfocus.com/bid/1668 Reference: XF:yabb-file-access Reference: URL:http://xforce.iss.net/static/5254.php YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0853 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0858 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0858 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS Reference: URL:http://www.securityfocus.com/archive/1/80413 Reference: MS:MS00-063 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html Reference: BID:1642 Reference: URL:http://www.securityfocus.com/bid/1642 Reference: XF:iis-invald-url-dos Reference: URL:http://xforce.iss.net/static/5202.php Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. INFERRED ACTION: CAN-2000-0858 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> We may be changing this to iis-invalid-url-dos (to correct the misspelling in the tagname), but the URL will remain constant. I'll let MITRE know if/when this happens, but I didn't want to hold up the voting. ====================================================== Candidate: CAN-2000-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0860 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u Reference: MANDRAKE:MDKSA-2000:048 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html Reference: BID:1649 Reference: URL:http://www.securityfocus.com/bid/1649 Reference: XF:php-file-upload Reference: URL:http://xforce.iss.net/static/5190.php The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. INFERRED ACTION: CAN-2000-0860 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0861 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0861 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html Reference: FREEBSD:FreeBSD-SA-00:51 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html Reference: BID:1667 Reference: URL:http://www.securityfocus.com/bid/1667 Reference: XF:mailman-execute-external-commands(5493) Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. Modifications: ADDREF XF:mailman-execute-external-commands(5493) INFERRED ACTION: CAN-2000-0861 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> Mention the external archiving mechanism? Frech> XF:mailman-execute-external-commands(5493) ====================================================== Candidate: CAN-2000-0862 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0862 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: ALLAIRE:ASB00-23 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html Reference: XF:allaire-spectra-admin-access Reference: URL:http://xforce.iss.net/static/5466.php Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. Modifications: ADDREF XF:allaire-spectra-admin-access(5466) INFERRED ACTION: CAN-2000-0862 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:allaire-spectra-admin-access(5466) ====================================================== Candidate: CAN-2000-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:50 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html Reference: XF:listmanager-port-bo Reference: URL:http://xforce.iss.net/static/5503.php Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. Modifications: ADDREF XF:listmanager-port-bo(5503) INFERRED ACTION: CAN-2000-0863 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Magdych, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR Frech> XF:listmanager-port-bo(5503) ====================================================== Candidate: CAN-2000-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0864 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: FREEBSD:FreeBSD-SA-00:45 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html Reference: BUGTRAQ:20000911 Patch for esound-0.2.19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html Reference: MANDRAKE:MDKSA-2000:051 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm Reference: REDHAT:RHSA-2000:077-03 Reference: DEBIAN:20001008 esound: race condition Reference: URL:http://www.debian.org/security/2000/20001008 Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html Reference: SUSE:20001012 esound daemon race condition Reference: URL:http://www.suse.de/de/support/security//esound_daemon_race_condition.txt Reference: BID:1659 Reference: URL:http://www.securityfocus.com/bid/1659 Reference: XF:gnome-esound-symlink Reference: URL:http://xforce.iss.net/static/5213.php Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. Modifications: ADDREF XF:gnome-esound-symlink(5213) ADDREF DEBIAN:20001008 esound: race condition ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound ADDREF SUSE:20001012 esound daemon race condition INFERRED ACTION: CAN-2000-0864 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:gnome-esound-symlink(5213) Christey> ADDREF DEBIAN:20001008 esound: race condition http://www.debian.org/security/2000/20001008 ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html ADDREF SUSE:20001012 esound daemon race condition http://www.suse.de/de/support/security//esound_daemon_race_condition.txt ====================================================== Candidate: CAN-2000-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html Reference: BID:1697 Reference: URL:http://www.securityfocus.com/bid/1697 Reference: XF:doublevision-dvtermtype-bo Reference: URL:http://xforce.iss.net/static/5261.php Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. Modifications: ADDREF XF:doublevision-dvtermtype-bo(5261) INFERRED ACTION: CAN-2000-0865 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Magdych, Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> ADDREF XF:doublevision-dvtermtype-bo URL:http://xforce.iss.net/static/5261.php Frech> XF:doublevision-dvtermtype-bo(5261) ====================================================== Candidate: CAN-2000-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000917 klogd format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html Reference: REDHAT:RHSA-2000:061-02 Reference: DEBIAN:20000919 Reference: MANDRAKE:MDKSA-2000:050 Reference: CALDERA:CSSA-2000-032.0 Reference: TURBO:TLSA2000022-2 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html Reference: SUSE:20000920 syslogd + klogd format string parsing error Reference: URL:http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2 Reference: XF:klogd-format-string Reference: URL:http://xforce.iss.net/static/5259.php Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. Modifications: ADDREF TURBO:TLSA2000022-2 ADDREF SUSE:20000920 syslogd + klogd format string parsing error ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd INFERRED ACTION: CAN-2000-0867 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Magdych, Cole NOOP(2) Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR Christey> ADDREF TURBO:TLSA2000022-2 http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html ADDREF SUSE:20000920 syslogd + klogd format string parsing error http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt Christey> ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd ====================================================== Candidate: CAN-2000-0868 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0868 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: ATSTAKE:A090700-2 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1658 Reference: URL:http://www.securityfocus.com/bid/1658 Reference: XF:suse-apache-cgi-source-code Reference: URL:http://xforce.iss.net/static/5197.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. INFERRED ACTION: CAN-2000-0868 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0869 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: ATSTAKE:A090700-3 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1656 Reference: URL:http://www.securityfocus.com/bid/1656 Reference: XF:apache-webdav-directory-listings Reference: URL:http://xforce.iss.net/static/5204.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. INFERRED ACTION: CAN-2000-0869 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0870 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1675 Reference: URL:http://www.securityfocus.com/bid/1675 Reference: XF:eftp-bo Reference: URL:http://xforce.iss.net/static/5219.php Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. INFERRED ACTION: CAN-2000-0870 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1677 Reference: URL:http://www.securityfocus.com/bid/1677 Reference: XF:eftp-newline-dos Reference: URL:http://xforce.iss.net/static/5220.php Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. INFERRED ACTION: CAN-2000-0871 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0873 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000903 aix allows clearing the interface stats Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html Reference: BID:1660 Reference: URL:http://www.securityfocus.com/bid/1660 Reference: XF:aix-clear-netstat Reference: URL:http://xforce.iss.net/static/5214.php netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. Modifications: DESC Change "hiding" to "hide" INFERRED ACTION: CAN-2000-0873 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Bollinger NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> Consider changing "possibly hiding evidence" to "possibly hide evidence" (parallelism with "clear") ====================================================== Candidate: CAN-2000-0878 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html Reference: BID:1669 Reference: URL:http://www.securityfocus.com/bid/1669 Reference: XF:mailto-piped-address Reference: URL:http://xforce.iss.net/static/5241.php The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. Modifications: ADDREF XF:mailto-piped-address(5241) DESC Fix typo: "metacharactwers" INFERRED ACTION: CAN-2000-0878 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Magdych, Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> Correct Barbara Walters-style spelling of "metacharactwers" Christey> ADDREF XF:mailto-piped-address Frech> XF:mailto-piped-address(5241) ====================================================== Candidate: CAN-2000-0883 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: CF Reference: MANDRAKE:MDKSA-2000:046 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html Reference: BID:1678 Reference: URL:http://www.securityfocus.com/bid/1678 Reference: XF:linux-mod-perl Reference: URL:http://xforce.iss.net/static/5257.php The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. INFERRED ACTION: CAN-2000-0883 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Magdych NOOP(2) Cole, Wall Voter Comments: Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001019 Category: SF Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution Reference: MS:MS00-078 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp Reference: BID:1806 Reference: XF:iis-unicode-translation Reference: URL:http://xforce.iss.net/static/5377.php IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. Modifications: ADDREF XF:iis-unicode-translation(5377) INFERRED ACTION: CAN-2000-0884 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:iis-unicode-translation(5377) ====================================================== Candidate: CAN-2000-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001102 Category: SF Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&; Reference: MS:MS00-086 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Reference: BID:1912 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912 Reference: XF:iis-invalid-filename-passing(5470) IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. Modifications: ADDREF XF:iis-invalid-filename-passing(5470) INFERRED ACTION: CAN-2000-0886 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:iis-invalid-filename-passing(5470) Frech> XF:iis-invalid-filename-passing(5470) ====================================================== Candidate: CAN-2000-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001129 Assigned: 20001114 Category: SF Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS Reference: URL:http://www.securityfocus.com/archive/1/143843 Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: BID:1923 Reference: URL:http://www.securityfocus.com/bid/1923 Reference: XF:bind-zxfr-dos(5540) named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." Modifications: ADDREF DEBIAN:20001112 bind: remote Denial of Service ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) ADDREF SUSE:SuSE-SA:2000:45 ADDREF IBM:ERS-SVA-E01-2000:005.1 ADDREF XF:bind-zxfr-dos(5540) INFERRED ACTION: CAN-2000-0887 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Mell, TempVoter4 MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service http://www.debian.org/security/2000/20001112 ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html SUSE:SuSE-SA:2000:45 http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html ADDREF IBM:ERS-SVA-E01-2000:005.1 Frech> XF:bind-zxfr-dos(5540) Frech> XF:bind-zxfr-dos(5540) ====================================================== Candidate: CAN-2000-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001129 Assigned: 20001114 Category: SF Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: XF:bind-srv-dos(5814) named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." Modifications: ADDREF DEBIAN:20001112 bind: remote Denial of Service ADDREF IBM:ERS-SVA-E01-2000:005.1 ADDREF SUSE:SuSE-SA:2000:45 ADDREF XF:bind-srv-dos(5814) INFERRED ACTION: CAN-2000-0888 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service http://www.debian.org/security/2000/20001112 ADDREF IBM:ERS-SVA-E01-2000:005.1 SUSE:SuSE-SA:2000:45 http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Frech> XF:bind-srv-dos(5814) ====================================================== Candidate: CAN-2000-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0900 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Reference: FREEBSD:FreeBSD-SA-00:73 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc Reference: XF:acme-thttpd-ssi Reference: URL:http://xforce.iss.net/static/5313.php Reference: BID:1737 Reference: URL:http://www.securityfocus.com/bid/1737 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:73 INFERRED ACTION: CAN-2000-0900 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:73 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc ====================================================== Candidate: CAN-2000-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0901 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability Reference: URL:http://www.securityfocus.com/archive/1/80178 Reference: DEBIAN:20000902 screen: local exploit Reference: URL:http://www.debian.org/security/2000/20000902a Reference: MANDRAKE:MDKSA-2000:044 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3 Reference: SUSE:20000906 screen format string parsing security problem Reference: URL:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt Reference: REDHAT:RHSA-2000:058-03 Reference: URL:http://www.redhat.com Reference: FREEBSD:FreeBSD-SA-00:46 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc Reference: BID:1641 Reference: URL:http://www.securityfocus.com/bid/1641 Reference: XF:screen-format-string Reference: URL:http://xforce.iss.net/static/5188.php Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. INFERRED ACTION: CAN-2000-0901 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0908 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0908 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2 Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest Reference: XF:browsegate-http-dos Reference: URL:http://xforce.iss.net/static/5270.php Reference: BID:1702 Reference: URL:http://www.securityfocus.com/bid/1702 BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. INFERRED ACTION: CAN-2000-0908 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0909 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000922 [ no subject ] Reference: URL:http://www.securityfocus.com/archive/1/84901 Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html Reference: FREEBSD:FreeBSD-SA-00:59 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc Reference: REDHAT:RHSA-2000-102-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html Reference: MANDRAKE:MDKSA-2000:073 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3 Reference: BID:1709 Reference: URL:http://www.securityfocus.com/bid/1709 Reference: XF:pine-check-mail-bo Reference: URL:http://xforce.iss.net/static/5283.php Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. Modifications: ADDREF MANDRAKE:MDKSA-2000:073 INFERRED ACTION: CAN-2000-0909 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2000:073 http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3 ====================================================== Candidate: CAN-2000-0910 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name | ||||