Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > CVE Updates> 2002-q1

 
From: cvemitre.org

*********************************************************************
CVE Data Update - February 10, 2002
*********************************************************************
Web site: http://cve.mitre.org

---------------------------------------------------------------------
In this issue
---------------------------------------------------------------------

1. NIST Releases Draft Recommendation for Usage of CVE-Compatible
   Products and Services
2. New Tool Monitors Changes to the CVE and Candidate Lists
3. 234 New Candidates Available on CVE Web Site
4. Subscribing and unsubscribing to CVE-DATA-UPDATE-LIST
5. More information

Other news can be found on the CVE web site at
http://cve.mitre.org/news/.

---------------------------------------------------------------------
1. NIST Releases Draft Recommendation for Usage of CVE-Compatible
   Products and Services
---------------------------------------------------------------------

On January 15, 2002 the USA National Institute of Standards and
Technology (NIST) released a draft recommendation for the usage of
CVE-compatible products and services. The document is available for
comment on the Draft Publications page of the NIST Computer Security
Resource Center (CSRC) Web site. All comments must be submitted by
February 18, 2002.

The draft recommendation "Use of the CVE Vulnerability Naming Scheme
Within its Acquired Products and Information Technology Security
Procedures" advises USA agencies about CVE and recommends that
agencies give substantial consideration to buying products and
services compatible with the CVE naming scheme. The recommendation
also advises agencies to periodically monitor their systems for
vulnerabilities listed in CVE. Agencies are also advised to use the
CVE naming scheme in their communications and descriptions of
vulnerabilities.

Comments should be submitted to both Peter Mell and Timothy Grance at
peter.mellnist.govnist.gov. NIST is a member of
the CVE Editorial Board, and the NIST ICAT metabase is listed on the
CVE-Compatible Products/Services page.

Links:

Draft Recommendation PDF-
http://csrc.nist.gov/publications/drafts/Use_of_the_CVE.PDF

National Institute of Standards and Technology (NIST) Web site -
http://www.nist.gov/

CVE-Compatible Products/Services - http://cve.mitre.org/compatible/

CVE Editorial Board - http://cve.mitre.org/board/

---------------------------------------------------------------------
2. New Tool Monitors Changes to the CVE and Candidate Lists
---------------------------------------------------------------------

CERIAS/Purdue University has added a new tool to its Cassandra service
that monitors changes to the CVE List and the CVE candidates list.
This "CVE Change Logs" feature, which is available from the Cassandra
Web site, allows you to obtain daily or monthly changes to both lists.
The Cassandra incident response database service is listed on the
CVE-Compatible Products/Services page, and CERIAS/Purdue University is
a member of the CVE Editorial Board.

See the CVE Change Logs at:

  https://cassandra.cerias.purdue.edu/CVE_changes/

---------------------------------------------------------------------
3. 234 New Candidates Available on CVE Web Site
---------------------------------------------------------------------

The following candidates were recently proposed to the CVE Editorial
Board and published on the CVE web site. The Editorial Board is
reviewing and voting on these candidates to determine if they should
become entries on the official CVE list.

======================================================
Candidate: CAN-2001-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0542
Phase: Proposed (20020131)
Category: SF
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BUGTRAQ:20011221 stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp
Reference: XF:mssql-text-message-bo(7724)
Reference: URL:http://xforce.iss.net/static/7724.php
Reference: BID:3733
Reference: URL:http://www.securityfocus.com/bid/3733

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers
with access to SQL Server to execute arbitrary code through the
functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE:
the C runtime format string vulnerability reported in MS01-060 is
identified by CAN-2001-0879.

======================================================
Candidate: CAN-2001-0550
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550
Phase: Proposed (20020131)
Category: SF
Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{
Reference: URL:http://www.securityfocus.com/archive/82/180823
Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100700363414799&w=2
Reference: CERT:CA-2001-33
Reference: URL:http://www.cert.org/advisories/CA-2001-33.html
Reference: CERT-VN:VU#886083
Reference: URL:http://www.kb.cert.org/vuls/id/886083
Reference: REDHAT:RHSA-2001-157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html
Reference: CALDERA:CSSA-2001-041.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt
Reference: MANDRAKE:MDKSA-2001:090
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
Reference: HP:HPSBUX0107-162
Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability
Reference: BID:3581
Reference: URL:http://www.securityfocus.com/bid/3581

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands
via a "~{" argument to commands such as CWD, which is not properly
handled by the glob function (ftpglob).

======================================================
Candidate: CAN-2001-0551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0551
Phase: Proposed (20020131)
Category: SF
Reference: CERT-VN:VU#860296
Reference: URL:http://www.kb.cert.org/vuls/id/860296
Reference: AIXAPAR:IY21539
Reference: AIXAPAR:IY20917
Reference: HP:HPSBUX0105-151
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0044.html

Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users
to execute arbitrary code by copying text from the clipboard into the
Help window.

======================================================
Candidate: CAN-2001-0723
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0723
Phase: Proposed (20020131)
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp

Internet Explorer 5.5 and 6.0 allows remote attackers to read and
modify user cookies via Javascript, aka the "Second Cookie Handling
Vulnerability."

======================================================
Candidate: CAN-2001-0724
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0724
Phase: Proposed (20020131)
Category: SF
Reference: MS:MS01-055
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-055.asp

Internet Explorer 5.5 allows remote attackers to bypass security
restrictions via malformed URLs that contain dotless IP addresses,
which causes Internet Explorer to process the page in the Intranet
Zone, which may have fewer security restrictions, aka the "Zone
Spoofing Vulnerability variant" of CAN-2001-0664.

======================================================
Candidate: CAN-2001-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0726
Phase: Proposed (20020131)
Category: SF
Reference: MS:MS01-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-057.asp

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used
with Internet Explorer, does not properly detect certain inline
script, which can allow remote attackers to perform arbitrary actions
on a user's Exchange mailbox via an HTML e-mail message.

======================================================
Candidate: CAN-2001-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0727
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100835204509262&w=2
Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100861273114437&w=2
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: CERT:CA-2001-36
Reference: URL:http://www.cert.org/advisories/CA-2001-36.html

Internet Explorer 6.0 allows remote attackers to execute arbitrary
code by modifying the Content-Disposition and Content-Type header
fields in a way that causes Internet Explorer to believe that the file
is safe to open without prompting the user, aka the "File Execution
Vulnerability."

======================================================
Candidate: CAN-2001-0749
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0749
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010524 IPCChip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: BID:2775
Reference: URL:http://www.securityfocus.com/bid/2775

Beck IPC GmbH IPCCHIP Embedded-Webserver allows remote attacker to
retrieve arbitrary files via webserver root directory set to system root.

======================================================
Candidate: CAN-2001-0797
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0797
Phase: Proposed (20020131)
Category: SF
Reference: ISS:20011212 Buffer Overflow in /bin/login
Reference: URL:http://xforce.iss.net/alerts/advise105.php
Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow
Reference: URL:http://www.securityfocus.com/archive/1/246487
Reference: CERT:CA-2001-34
Reference: URL:http://www.cert.org/advisories/CA-2001-34.html
Reference: CERT-VN:VU#569272
Reference: URL:http://www.kb.cert.org/vuls/id/569272
Reference: CALDERA:CSSA-2001-SCO.40
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
Reference: SUN:00213
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
Reference: AIXAPAR:IY26221
Reference: SGI:20011201-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
Reference: XF:telnet-tab-bo(7284)
Reference: URL:http://xforce.iss.net/static/7284.php
Reference: BID:3681
Reference: URL:http://www.securityfocus.com/bid/3681

Buffer overflow in login in various System V based operating systems
allows remote attackers to execute arbitrary commands via a large
number of arguments through services such as telnet and rlogin.

======================================================
Candidate: CAN-2001-0868
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0868
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011123 Redhat Stronghold Secure Server File System Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654958131854&w=2
Reference: XF:stronghold-webserver-obtain-information(7582)
Reference: URL:http://xforce.iss.net/static/7582.php

Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve
system information via an HTTP GET request to (1) stronghold-info or
(2) stronghold-status.

======================================================
Candidate: CAN-2001-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0869
Phase: Proposed (20020131)
Category: SF
Reference: SUSE:SuSE-SA:2001:042
Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3
Reference: CALDERA:CSSA-2001-040.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt
Reference: REDHAT:RHSA-2001-150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html
Reference: REDHAT:RHSA-2001-151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html
Reference: XF:cyrus-sasl-format-string(7443)
Reference: URL:http://xforce.iss.net/static/7443.php

Format string vulnerability in the default logging callback function
in Cyrus SASL library (cyrus-sasl) may allow remote attackers to
execute arbitrary commands.

======================================================
Candidate: CAN-2001-0870
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0870
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715758109838&w=2
Reference: BID:3598
Reference: URL:http://www.securityfocus.com/bid/3598
Reference: XF:alchemy-http-view-log(7630)
Reference: URL:http://xforce.iss.net/static/7630.php

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through
2.6.18 is enabled without authentication by default, which allows
remote attackers to obtain network monitoring logs with potentially
sensitive information by directly requesting the eye.ini file.

======================================================
Candidate: CAN-2001-0871
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0871
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714173510535&w=2
Reference: BID:3599
Reference: URL:http://www.securityfocus.com/bid/3599
Reference: XF:alchemy-http-dot-variant(7626)
Reference: URL:http://xforce.iss.net/static/7626.php

Directory traversal vulnerability in HTTP server for Alchemy Eye and
Alchemy Network Monitor allows remote attackers to execute arbitrary
commands via an HTTP request containing (1) a .. in versions 2.0
through 2.6.18, or (2) a DOS device name followed by a .. in versions
2.6.19 through 3.0.10.

======================================================
Candidate: CAN-2001-0872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2
Reference: REDHAT:RHSA-2001:161
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html
Reference: SUSE:SuSE-SA:2001:045
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
Reference: XF:openssh-uselogin-execute-code(7647)
Reference: URL:http://xforce.iss.net/static/7647.php

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly
cleanse critical environment variables such as LD_PRELOAD, which
allows local users to gain root privileges.

======================================================
Candidate: CAN-2001-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0873
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems.
Reference: URL:http://www.securityfocus.com/archive/1/212892
Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715446131820
Reference: CALDERA:CSSA-2001-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
Reference: CONECTIVA:CLA-2001:425
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
Reference: SUSE:SuSE-SA:2001:38
Reference: URL:http://www.suse.de/de/support/security/2001_038_uucp_txt.txt
Reference: BID:3312
Reference: URL:http://www.securityfocus.com/bid/3312
Reference: XF:uucp-argument-gain-privileges(7099)
Reference: URL:http://xforce.iss.net/static/7099.php

uuxqt in Taylor UUCP package does not properly remove dangerous long
options, which allows local users to gain privileges by calling uux
and specifying an alternate configuration file with the --config
option.

======================================================
Candidate: CAN-2001-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0874
Phase: Proposed (20020131)
Category: SF
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-frame-verification-variant2(7702)
Reference: URL:http://xforce.iss.net/static/7702.php
Reference: BID:3693
Reference: URL:http://www.securityfocus.com/bid/3693

Internet Explorer 5.5 and 6.0 allow remote attackers to read certain
files via HTML that passes information from a frame in the client's
domain to a frame in the web site's domain, a variant of the "Frame
Domain Verification" vulnerability.

======================================================
Candidate: CAN-2001-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0875
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog
Reference: URL:http://www.securityfocus.com/archive/1/245594
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-file-download-ext-spoof(7636)
Reference: URL:http://xforce.iss.net/static/7636.php
Reference: BID:3597
Reference: URL:http://www.securityfocus.com/bid/3597

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the
File Download dialogue box to misrepresent the name of the file in the
dialogue in a way that could fool users into thinking that the file
type is safe to download.

======================================================
Candidate: CAN-2001-0876
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0876
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#951555
Reference: URL:http://www.kb.cert.org/vuls/id/951555
Reference: XF:win-upnp-notify-bo(7721)
Reference: URL:http://xforce.iss.net/static/7721.php
Reference: BID:3723
Reference: URL:http://www.securityfocus.com/bid/3723

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98E,
ME, and XP allows remote attackers to execute arbitrary code via a
NOTIFY directive with a long Location URL.

======================================================
Candidate: CAN-2001-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0877
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: BUGTRAQ:20020109 UPNP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/249238
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#411059
Reference: URL:http://www.kb.cert.org/vuls/id/411059
Reference: XF:win-upnp-udp-dos(7722)
Reference: URL:http://xforce.iss.net/static/7722.php

Universal Plug and Play (UPnP) on Windows 98, 98E, ME, and XP allows
remote attackers to cause a denial of service via (1) a spoofed SSDP
advertisement that causes the client to connect to a service on
another machine that generates a large amount of traffic (e.g.,
chargen), or (2) via a spoofed SSDP announcement to broadcast or
multicast addresses, which could cause all UPnP clients to send
traffic to a single target system.

======================================================
Candidate: CAN-2001-0879
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0879
Phase: Proposed (20020131)
Category: SF
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BUGTRAQ:20011221 stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp
Reference: XF:mssql-c-runtime-format-string(7725)
Reference: URL:http://xforce.iss.net/static/7725.php
Reference: BID:3732
Reference: URL:http://www.securityfocus.com/bid/3732

Format string vulnerability in the C runtime functions in SQL Server
7.0 and 2000 allows attackers to cause a denial of service.

======================================================
Candidate: CAN-2001-0884
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0884
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/242839
Reference: CONECTIVA:CLA-2001:445
Reference: URL:http://www.securityfocus.com/advisories/3721
Reference: REDHAT:RHSA-2001:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html
Reference: REDHAT:RHSA-2001:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html
Reference: XF:mailman-java-css(7617)
Reference: URL:http://xforce.iss.net/static/7617.php
Reference: BID:3602
Reference: URL:http://www.securityfocus.com/bid/3602

Cross-site scripting vulnerability in Mailman email archiver before
2.08 allows attackers to obtain sensitive information or
authentication credentials via a malicious link that is accessed by
other web users.

======================================================
Candidate: CAN-2001-0886
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886
Phase: Proposed (20020131)
Category: SF
Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues.
Reference: URL:http://www.securityfocus.com/archive/1/245956
Reference: REDHAT:RHSA-2001-160
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html
Reference: MANDRAKE:MDKSA-2001:095
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
Reference: ENGARDE:ESA-20011217-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html
Reference: XF:glibc-glob-bo(7705)
Reference: URL:http://xforce.iss.net/static/7705.php
Reference: BID:3707
Reference: URL:http://www.securityfocus.com/bid/3707

Buffer overflow in glob function of glibc allows attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
glob pattern that ends in a brace "{" character.

======================================================
Candidate: CAN-2001-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0887
Phase: Proposed (20020131)
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:68
Reference: URL:http://www.securityfocus.com/advisories/3734
Reference: BID:3700
Reference: URL:http://www.securityfocus.com/bid/3700
Reference: XF:xsane-temp-symlink(7714)
Reference: URL:http://xforce.iss.net/static/7714.php

xSANE 0.81 and earlier allows local users to modify files of other
xSANE users via a symlink attack on temporary files.

======================================================
Candidate: CAN-2001-0888
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0888
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100895903202798&w=2
Reference: XF:atmel-snmp-community-dos(7734)
Reference: URL:http://xforce.iss.net/static/7734.php
Reference: BID:3734
Reference: URL:http://www.securityfocus.com/bid/3734

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers
to cause a denial of service via a SNMP request with (1) a community
string other than "public" or (2) an unknown OID, which causes the WAP
to deny subsequent SNMP requests.

======================================================
Candidate: CAN-2001-0889
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0889
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011219 [ph10cus.cam.ac.uk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2
Reference: REDHAT:RHSA-2001:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html

Exim 3.22 and earlier, in some configurations, does not properly
verify the local part of an address when redirecting the address to a
pipe, which could allow remote attackers to execute arbitrary commands
via shell metacharacters.

======================================================
Candidate: CAN-2001-0891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0891
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100695627423924&w=2
Reference: SGI:20020101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16
for CRAY UNICOS allows a local user to gain root privileges by using
qsub to submit a batch job whose name contains formatting characters.

======================================================
Candidate: CAN-2001-0892
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0892
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100568999726036&w=2
Reference: CONFIRM:http://www.acme.com/software/thttpd/

Acme Thttpd Secure Webserver before 2.22, with the chroot option
enabled, allows remote attackers to view sensitive files under the
document root (such as .htpasswd) via a GET request with a trailing /.

======================================================
Candidate: CAN-2001-0893
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0893
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
Reference: URL:http://marc.theaimsgroup.com/?t=100568954600004&w=2&r=1
Reference: CONFIRM:http://www.acme.com/software/mini_httpd/

Acme mini_httpd before 1.16 allows remote attackers to view sensitive
files under the document root (such as .htpasswd) via a GET request
with a trailing /.

======================================================
Candidate: CAN-2001-0894
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0894
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100584160110303&w=2
Reference: MANDRAKE:MDKSA-2001:089
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-089.php3?dis=8.1
Reference: DEBIAN:DSA-093
Reference: URL:http://www.debian.org/security/2001/dsa-093
Reference: BID:3544
Reference: URL:http://www.securityfocus.com/bid/3544
Reference: XF:postfix-smtp-log-dos(7568)
Reference: URL:http://xforce.iss.net/static/7568.php

Vulnerability in Postfix SMTP server before 20010228-pl07, when
configured to email the postmaster when SMTP errors cause the session
to terminate, allows remote attackers to cause a denial of service
(memory exhaustion) by generating a large number of SMTP errors, which
forces the SMTP session log to grow too large.

======================================================
Candidate: CAN-2001-0895
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0895
Phase: Proposed (20020131)
Category: SF
Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml

Multiple Cisco networking products allow remote attackers to cause a
denial of service on the local network via a series of ARP packets
sent to the router's interface that contains a different MAC address
for the router, which eventually causes the router to overwrite the
MAC address in its ARP table.

======================================================
Candidate: CAN-2001-0896
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0896
Phase: Proposed (20020131)
Category: SF
Reference: CALDERA:CSSA-2001-SCO.33
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt

Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of
service (crash) via a port scan, e.g. with nmap -PO.

======================================================
Candidate: CAN-2001-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0897
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011115 UBB vulnerablietis + about: using example
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586033530341&w=2
Reference: BUGTRAQ:20011115 Re: UBB vulnerablietis + about: using example
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586541317940&w=2

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board
(UBB) before 5.47e allows remote attackers to steal user cookies via
an [IMG] tag that references an about: URL with an onerror field.

======================================================
Candidate: CAN-2001-0898
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0898
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011115 Several javascript vulnerabilities in Opera
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100586079932284&w=2
Reference: BUGTRAQ:20011116 Re: Several javascript vulnerabilities in Opera
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100588139312696&w=2

Opera 6.0 and earlier allows remote attackers to access sensitive
information such as cookies and links for other domains via
Javascript.

======================================================
Candidate: CAN-2001-0899
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0899
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100593523104176&w=2
Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute
commands on the server via shell metacharacters in the $hostinput
variable.

======================================================
Candidate: CAN-2001-0900
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0900
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2
Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=

Directory traversal vulnerability in modules.php in Gallery before
1.2.3 allows remote attackers to read arbitrary files via a .. (dot
dot) in the include parameter.

======================================================
Candidate: CAN-2001-0901
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0901
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626603407639&w=2
Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz

Hypermail allows remote attackers to execute arbitrary commands on a
server supporting SSI via an attachment with a .shtml extension, which
is archived on the server and can then be executed by requesting the
URL for the attachment.

======================================================
Candidate: CAN-2001-0902
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0902
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626531103946&w=2
Reference: NTBUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100627497122247&w=2

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via
an HTTP request that includes hex-encoded newline or form-feed
characters.

======================================================
Candidate: CAN-2001-0903
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0903
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011120 A Cryptanalysis of the High-bandwidth Digital Content Protection System
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626641009560&w=2
Reference: MISC:http://nunce.org/hdcp/hdcp111901.htm

Linear key exchange process in High-bandwidth Digital Content
Protection (HDCP) System allows remote attackers to access data as
plaintext, avoid device blacklists, clone devices, and create new
device keyvectors by computing and using alternate key combinations
for authentication.

======================================================
Candidate: CAN-2001-0904
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0904
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011120 MSIE 5.5/6 Q312461 patch disclose patch information
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619268115798&w=2

Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies
the HTTP_USER_AGENT (UserAgent) information that indicates that the
patch has been installed, which could allow remote malicious web sites
to more easily identify and exploit vulnerable clients.

======================================================
Candidate: CAN-2001-0905
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0905
Phase: Proposed (20020131)
Category: SF
Reference: DEBIAN:DSA-083
Reference: URL:http://www.debian.org/security/2001/dsa-083
Reference: REDHAT:RHSA-2001:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-093.html
Reference: MANDRAKE:MDKSA-2001:085
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3
Reference: FREEBSD:FreeBSD-SA-01:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc
Reference: BID:3071
Reference: URL:http://www.securityfocus.com/bid/3071

Race condition in signal handling of procmail 3.20 and earlier, when
running setuid, allows local users to cause a denial of service or
gain root privileges by sending a signal while a signal handling
routine is already running.

======================================================
Candidate: CAN-2001-0906
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0906
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit
Reference: URL:http://www.securityfocus.com/archive/1/192647
Reference: REDHAT:RHSA-2001:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html
Reference: MANDRAKE:MDKSA-2001:086
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3
Reference: IMMUNIX:IMNX-2001-70-030-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01
Reference: BID:2974
Reference: URL:http://www.securityfocus.com/bid/2974
Reference: XF:tetex-lprng-tmp-race(6785)
Reference: URL:http://xforce.iss.net/static/6785.php

teTeX filter before 1.0.7 allows local users to gain privileges via a
symlink attack on temporary files that are produced when printing .dvi
files using lpr.

======================================================
Candidate: CAN-2001-0907
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0907
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082-1.php3

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows
local users to cause a denial of service via a series of deeply nested
symlinks, which causes the kernel to spend extra time when trying to
access the link.

======================================================
Candidate: CAN-2001-0908
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0908
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638693315933&w=2
Reference: BID:3566
Reference: URL:http://www.securityfocus.com/bid/3566
Reference: XF:win-terminal-spoof-address(7538)
Reference: URL:http://xforce.iss.net/static/7538.php

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is
provided by the client instead of obtaining it from the packet
headers, which allows clients to spoof their public IP address, e.g.
through Network Address Translation (NAT).

======================================================
Candidate: CAN-2001-0909
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0909
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe"
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638955422011&w=2
Reference: XF:winxp-helpctr-bo(7605)
Reference: URL:http://xforce.iss.net/static/7605.php

Buffer overflow in helpctr.exe program in Microsoft Help Center for
Windows XP allows remote attackers to execute arbitrary code via a
long hcp: URL.

======================================================
Candidate: CAN-2001-0910
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0910
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 Legato Networker vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638782917917&w=2
Reference: XF:networker-reverse-dns-bypass-auth(7601)
Reference: URL:http://xforce.iss.net/static/7601.php
Reference: BID:3564
Reference: URL:http://www.securityfocus.com/bid/3564

Legato Networker before 6.1 allows remote attackers to bypass access
restrictions and gain privileges on the Networker interface by
spoofing the admin server name and IP address and connecting to
Networker from an IP address whose hostname can not be determined by a
DNS reverse lookup.

======================================================
Candidate: CAN-2001-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0911
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 PhpNuke Admin password can be stolen !
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638850219503&w=2
Reference: BID:3567
Reference: URL:http://www.securityfocus.com/bid/3567
Reference: XF:phpnuke-postnuke-insecure-passwords(7596)
Reference: URL:http://xforce.iss.net/static/7596.php

PHP-Nuke 5.1 stores user and administrator passwords in a base-64
encoded cookie, which could allow remote attackers to gain privileges
by stealing or sniffing the cookie and decoding it.

======================================================
Candidate: CAN-2001-0912
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0912
Phase: Proposed (20020131)
Category: CF
Reference: MANDRAKE:MDKSA-2001:087
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1
Reference: XF:linux-expect-unauth-root(7604)
Reference: URL:http://xforce.iss.net/static/7604.php

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect
to search for its libraries in the /home/snailtalk directory before
other directories, which could allow a local user to gain root
privileges.

======================================================
Candidate: CAN-2001-0913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0913
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011122 [NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100655265508104&w=2
Reference: CONFIRM:http://lists.research.netsol.com/pipermail/rwhois-announce/2001-November/000023.html

Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and
earlier, when using syslog, allows remote attackers to corrupt memory
and possibly execute arbitrary code via a rwhois request that contains
format specifiers.

======================================================
Candidate: CAN-2001-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0914
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638584813349&w=2
Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654787226869&w=2L:2

Linux kernel before 2.4.11pre3 in multiple Linux distributions allows
local users to cause a denial of service (crash) by starting the core
vmlinux kernel, possibly related to poor error checking during ELF
loading.

======================================================
Candidate: CAN-2001-0915
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0915
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2

Format string vulnerability in Berkeley parallel make (pmake) 2.1.33
and earlier allows a local user to gain root privileges via format
specifiers in the check argument of a shell definition.

======================================================
Candidate: CAN-2001-0916
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0916
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011121 Advisory: Berkeley pmake
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638919720975&w=2

Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier
allows a local user to gain root privileges via a long check argument
of a shell definition.

======================================================
Candidate: CAN-2001-0917
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0917
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011122 Hi
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654722925155&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=100658457507305&w=2

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path
information by requesting a long URL with a .JSP extension.

======================================================
Candidate: CAN-2001-0918
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0918
Phase: Proposed (20020131)
Category: SF
Reference: SUSE:SuSE-SA:2001:041
Reference: URL:http://www.suse.de/de/support/security/2001_041_susehelp_txt.txt
Reference: XF:susehelp-cgi-command-execution(7583)
Reference: URL:http://xforce.iss.net/static/7583.php
Reference: BID:3576
Reference: URL:http://www.securityfocus.com/bid/3576

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow
remote attackers to execute arbitrary commands by not opening files
securely.

======================================================
Candidate: CAN-2001-0919
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0919
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100679857614967&w=2

Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow
cookies to be stored on your machine" enabled does not warn a user
when a cookie is set using Javascript,

======================================================
Candidate: CAN-2001-0920
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0920
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100680319004162&w=2
Reference: CONFIRM:http://and.sourceforge.net/
Reference: XF:and-format-string(7606)
Reference: URL:http://xforce.iss.net/static/7606.php
Reference: BID:3580
Reference: URL:http://www.securityfocus.com/bid/3580

Format string vulnerability in auto nice daemon (AND) 1.0.4 and
earlier allows a local user to possibly execute arbitrary code via a
process name containing a format string.

======================================================
Candidate: CAN-2001-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0921
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011121 Mac Netscape password fields
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100638816318705&w=2
Reference: XF:macos-netscape-print-passwords(7593)
Reference: URL:http://xforce.iss.net/static/7593.php
Reference: BID:3565
Reference: URL:http://www.securityfocus.com/bid/3565

Netscape 4.79 and earlier for MacOS allows an attacker with access to
the browser to obtain passwords from form fields by printing the
document into which the password has been typed, which is printed in
cleartext.

======================================================
Candidate: CAN-2001-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0922
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011126 NMRC Advisory - NetDynamics Session ID is Reusable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100681274915525&w=2

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier
versions, allows remote attackers to steal session IDs and hijack
user sessions by reading the SPIDERSESSION and uniqueValue variables
from the login field, then using those variables after the next user
logs in.

======================================================
Candidate: CAN-2001-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0923
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011025 Advisory: Corrupt RPM Query Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/222542
Reference: CONECTIVA:CLA-2001:440
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440
Reference: BID:3472
Reference: URL:http://www.securityfocus.com/bid/3472
Reference: XF:Linux-rpm-execute-code(7349)
Reference: URL:http://xforce.iss.net/static/7349.php

RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to
execute arbitrary code via corrupted data in the RPM file when the
file is queried.

======================================================
Candidate: CAN-2001-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0924
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011122 double dot vulnerability on a site running Informix database.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654890029878&w=2
Reference: BUGTRAQ:20011127 Re: double dot vulnerability on a site running Informix database.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100688672019635&w=2
Reference: BID:3575
Reference: URL:http://www.securityfocus.com/bid/3575
Reference: XF:informix-web-datablade-directory-traversal(7585)
Reference: URL:http://xforce.iss.net/static/7585.php

Directory traversal vulnerability in ifx CGI program in Informix Web
DataBlade allows remote attackers to read arbitrary files via a
.. (dot dot) in the LO parameter.

======================================================
Candidate: CAN-2001-0925
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0925
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released
Reference: URL:http://www.securityfocus.com/archive/1/168497
Reference: BUGTRAQ:20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
Reference: URL:http://www.securityfocus.com/archive/1/193081
Reference: BUGTRAQ:20010419 OpenBSD 2.8patched Apache vuln!
Reference: URL:http://www.securityfocus.com/archive/1/178066
Reference: BUGTRAQ:20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1
Reference: CONFIRM:http://www.apacheweek.com/features/security-13
Reference: MANDRAKE:MDKSA-2001:077
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3
Reference: DEBIAN:DSA-067
Reference: URL:http://www.debian.org/security/2001/dsa-067
Reference: ENGARDE:ESA-20010620-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1452.html
Reference: BID:2503
Reference: URL:http://www.securityfocus.com/bid/2503
Reference: XF:apache-slash-directory-listing(6921)
Reference: URL:http://xforce.iss.net/static/6921.php

The default installation of Apache before 1.3.19 allows remote
attackers to list directories instead of the multiview index.html file
via an HTTP request for a path that contains many / (slash)
characters, which causes the path to be mishandled by (1)
mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

======================================================
Candidate: CAN-2001-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0926
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 JRun SSI Request Body Parsing
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100697797325013&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
Reference: BID:3589
Reference: URL:http://www.securityfocus.com/bid/3589
Reference: XF:allaire-jrun-view-source(7622)
Reference: URL:http://xforce.iss.net/static/7622.php

SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers
to obtain source code for Java server pages (.jsp) and other files in
the web root via an HTTP request for a non-existent SSI page, in which
the request's body has an #include statement.

======================================================
Candidate: CAN-2001-0927
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0927
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011127 [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689302316077&w=2
Reference: MISC:ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz

Format string vulnerability in the permitted function of GNOME
libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers
to execute arbitrary code via an argument that contains format
specifiers that are passed into the (1) syslog_message and (2)
syslog_io_message functions.

======================================================
Candidate: CAN-2001-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0928
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100699007010203&w=2

Buffer overflow in the permitted function of GNOME libgtop_daemon in
libgtop 1.0.13 and earlier may allow remote attackers to execute
arbitrary code via long authentication data.

======================================================
Candidate: CAN-2001-0929
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0929
Phase: Proposed (20020131)
Category: SF
Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set
Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml

Cisco IOS Firewall Feature set, aka Context Based Access Control
(CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through
12.2T does not properly check the IP protocol type, which could allow
remote attackers to bypass access control lists.

======================================================
Candidate: CAN-2001-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0930
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 Sendpage (Perl CGI) Remote Execution Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100689313216624&w=2

Sendpage.pl allows remote attackers to execute arbitrary commands via
a message containing shell metacharacters.

======================================================
Candidate: CAN-2001-0931
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0931
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2
Reference: XF:powerftp-dot-directory-traversal(7615)
Reference: URL:http://xforce.iss.net/static/7615.php
Reference: BID:3593
Reference: URL:http://www.securityfocus.com/bid/3593

Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03
allows attackers to list or read arbitrary files and directories via a
.. (dot dot) in (1) LS or (2) GET.

======================================================
Candidate: CAN-2001-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0932
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2
Reference: XF:powerftp-long-command-dos(7616)
Reference: URL:http://xforce.iss.net/static/7616.php
Reference: BID:3595
Reference: URL:http://www.securityfocus.com/bid/3595

Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a long command.

======================================================
Candidate: CAN-2001-0933
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0933
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2

Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the
contents of arbitrary drives via a ls (LIST) command that includes the
drive letter as an argument, e.g. "ls C:".

======================================================
Candidate: CAN-2001-0934
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0934
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698397818175&w=2

Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the
physical path of the server root via the pwd command, which lists the
full pathname.

======================================================
Candidate: CAN-2001-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0935
Phase: Proposed (20020131)
Category:
Reference: SUSE:SuSE-SA:2001:043
Reference: URL:http://www.suse.de/de/support/security/2001_043_wuftpd_txt.html

Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which
is unrelated to the ftpglob bug described in CAN-2001-0550.

======================================================
Candidate: CAN-2001-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0936
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100713367307799&w=2
Reference: CONFIRM:http://frox.sourceforge.net/security.txt
Reference: XF:frox-ftp-proxy-bo(7632)
Reference: URL:http://xforce.iss.net/static/7632.php
Reference: BID:3606
Reference: URL:http://www.securityfocus.com/bid/3606

Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with
the local caching method selected, allows remote FTP servers to run
arbitrary code via a long response to an MDTM request.

======================================================
Candidate: CAN-2001-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0937
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011130 Vulnerabilities in PGPMail.pl
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100714269114686&w=2
Reference: VULN-DEV:20011129 PGPMail.pl possible remote command execution
Reference: URL:http://www.securityfocus.com/archive/82/243262

PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands
via shell metacharacters in the (1) recipient or (2) pgpuserid
parameters.

======================================================
Candidate: CAN-2001-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0938
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011130 Aspupload installs exploitable scripts
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715294425985&w=2

Directory traversal vulnerability in AspUpload 2.1, in certain
configurations, allows remote attackers to upload and read arbitrary
files, and list arbitrary directories, via a .. (dot dot) in the
Filename parameter in (1) UploadScript11.asp or (2)
DirectoryListing.asp.

======================================================
Candidate: CAN-2001-0939
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0939
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715316426817&w=2
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88
Reference: BID:3607
Reference: URL:http://www.securityfocus.com/bid/3607

Lotus Domino 5.08 and earlier allows remote attackers to cause a
denial of service (crash) via a SunRPC NULL command to port 443.

======================================================
Candidate: CAN-2001-0940
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0940
Phase: Proposed (20020131)
Category: SF
Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html
Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698954308436&w=2
Reference: CHECKPOINT:20010919 GUI Buffer Overflow
Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html

Buffer overflow in the GUI authentication code of Check Point
VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers
to execute arbitrary code via a long user name.

======================================================
Candidate: CAN-2001-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0941
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100716693806967&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local
users to execute arbitrary code via a long ORACLE_HOME environment
variable.

======================================================
Candidate: CAN-2001-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0942
Phase: Proposed (20020131)
Category: SF
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment
variable to find and execute the dbsnmp program, which allows local
users to execute arbitrary programs by pointing the ORACLE_HOME to an
alternate directory that contains a Trojan Horse version of dbsnmp.

======================================================
Candidate: CAN-2001-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0943
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010801 Oracle 8.1.5 dbnsmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/201020
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
Reference: BID:3129
Reference: URL:http://www.securityfocus.com/bid/3129

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the
PATH environment variable to find and execute the (1) chown or (2)
chgrp commands, which allows local users to execute arbitrary code by
modifying the PATH to point to Trojan Horse programs.

======================================================
Candidate: CAN-2001-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0944
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011202 mIRC bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100734173831990&w=2

DDE in mIRC allows local users to launch applications under another
user's account via a DDE message that executes a command, which may be
executed by the other user's process.

======================================================
Candidate: CAN-2001-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0945
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011203 Buffer over flow on Outlook express for Macintosh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100741295502017&w=2

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh
allows remote attackers to cause a denial of service via an e-mail
message that contains a long line.

======================================================
Candidate: CAN-2001-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0946
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100743394701962&w=2
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create
or change the modification dates of arbitrary files via a symlink
attack on the LOW_POWER temporary file, which could be used to cause a
denial of service, e.g. by creating /etc/nologin and disabling logins.

======================================================
Candidate: CAN-2001-0947
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0947
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-forms-reveal-path(7649)
Reference: URL:http://xforce.iss.net/static/7649.php
Reference: BID:3615
Reference: URL:http://www.securityfocus.com/bid/3615

Forms.exe CGI program in ValiCert Enterprise Validation Authority
(EVA) 3.3 through 4.2.1 allows remote attackers to determine the real
pathname of the server by requesting an invalid extension, which
produces an error page that includes the path.

======================================================
Candidate: CAN-2001-0948
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0948
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-admin-script-injection(7650)
Reference: URL:http://xforce.iss.net/static/7650.php
Reference: BID:3619
Reference: URL:http://www.securityfocus.com/bid/3619

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise
Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers
to execute arbitrary code or display false information by including
HTML or script in the certificate's description, which is executed
when the certificate is viewed.

======================================================
Candidate: CAN-2001-0949
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0949
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-forms-bo(7652)
Reference: URL:http://xforce.iss.net/static/7652.php
Reference: BID:3621
Reference: URL:http://www.securityfocus.com/bid/3621
Reference: BID:3622
Reference: URL:http://www.securityfocus.com/bid/3622
Reference: BID:3624
Reference: URL:http://www.securityfocus.com/bid/3624
Reference: BID:3625
Reference: URL:http://www.securityfocus.com/bid/3625
Reference: BID:3627
Reference: URL:http://www.securityfocus.com/bid/3627
Reference: BID:3628
Reference: URL:http://www.securityfocus.com/bid/3628
Reference: BID:3629
Reference: URL:http://www.securityfocus.com/bid/3629
Reference: BID:3630
Reference: URL:http://www.securityfocus.com/bid/3630
Reference: BID:3631
Reference: URL:http://www.securityfocus.com/bid/3631
Reference: BID:3632
Reference: URL:http://www.securityfocus.com/bid/3632
Reference: BID:3633
Reference: URL:http://www.securityfocus.com/bid/3633
Reference: BID:3634
Reference: URL:http://www.securityfocus.com/bid/3634
Reference: BID:3635
Reference: URL:http://www.securityfocus.com/bid/3635
Reference: BID:3636
Reference: URL:http://www.securityfocus.com/bid/3636

Buffer overflows in forms.exe CGI program in ValiCert Enterprise
Validation Authority (EVA) Administration Server 3.3 through 4.2.1
allows remote attackers to execute arbitrary code via long arguments
to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs,
(4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen,
(8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal,
(12) maxOCSPValidityPeriod, (13) extension, and (14) a particular
combination of parameters associated with private key generation that
form a string of a certain length.

======================================================
Candidate: CAN-2001-0950
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0950
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-insecure-key-generation(7653)
Reference: URL:http://xforce.iss.net/static/7653.php
Reference: XF:eva-insecure-key-storage(7651)
Reference: URL:http://xforce.iss.net/static/7651.php
Reference: BID:3618
Reference: URL:http://www.securityfocus.com/bid/3618
Reference: BID:3620
Reference: URL:http://www.securityfocus.com/bid/3620

ValiCert Enterprise Validation Authority (EVA) Administration Server
3.3 through 4.2.1 uses insufficiently random data to (1) generate
session tokens for HSMs using the C rand function, or (2) generate
certificates or keys using /dev/urandom instead of another source
which blocks when the entropy pool is low, which could make it easier
for local or remote attackers to steal tokens or certificates via
brute force guessing.

======================================================
Candidate: CAN-2001-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2
Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2
Reference: XF:win2k-ike-dos(7667)
Reference: URL:http://xforce.iss.net/static/7667.php
Reference: BID:3652
Reference: URL:http://www.securityfocus.com/bid/3652

Windows 2000 allows remote attackers to cause a denial of service
(high CPU usage) by flooding Internet Key Exchange (IKE) UDP port 500
with packets that contain a large number of dots.

======================================================
Candidate: CAN-2001-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0952
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011207 Red Faction Server/Client DOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774266027774&w=2
Reference: XF:red-faction-udp-dos(7672)
Reference: URL:http://xforce.iss.net/static/7672.php
Reference: BID:3651
Reference: URL:http://www.securityfocus.com/bid/3651

THQ Volition Red Faction Game allows remote attackers to cause a
denial of service (hang) of a client or server via packets to UDP port
7755.

======================================================
Candidate: CAN-2001-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0953
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011208 kebi-Webmail Solution vulnerability (Tested)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780264902037&w=2:1
Reference: XF:kebi-webmail-admin-dir-access(7674)
Reference: URL:http://xforce.iss.net/static/7674.php
Reference: BID:3655
Reference: URL:http://www.securityfocus.com/bid/3655

Kebi WebMail allows remote attackers to access the administrator menu
and gain privileges via the /a/ hidden directory, which is installed
under the web document root.

======================================================
Candidate: CAN-2001-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0954
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780146532131&w=2L:1
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
Reference: XF:lotus-domino-database-dos(7684)
Reference: URL:http://xforce.iss.net/static/7684.php
Reference: BID:3656
Reference: URL:http://www.securityfocus.com/bid/3656

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows
remote attackers to cause a denial of service (block access to
databases that have not been previously accessed) via a URL that
includes the . (dot) directory.

======================================================
Candidate: CAN-2001-0955
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0955
Phase: Proposed (20020131)
Category: SF
Reference: VULN-DEV:20010922 XFree86 DOS / Buffer overflow local and remote.
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=100118958310463&w=2
Reference: BUGTRAQ:20011207 Crashing X
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100776624224549&w=2
Reference: BUGTRAQ:20011208 Re: Crashing X
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100784290015880&w=2
Reference: CONFIRM:http://www.xfree86.org/4.2.0/RELNOTES2.html#2
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: MISC:http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
Reference: BID:3663
Reference: URL:http://www.securityfocus.com/bid/3663
Reference: BID:3657
Reference: URL:http://www.securityfocus.com/bid/3657
Reference: XF:xfree86-konqueror-bo(7673)
Reference: URL:http://xforce.iss.net/static/7673.php
Reference: XF:xfree86-xterm-title-bo(7683)
Reference: URL:http://xforce.iss.net/static/7683.php

Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph
clipping for large origins, allows attackers to cause a denial of
service and possibly gain privileges via a large number of characters,
possibly through the web page search form of KDE Konqueror or from an
xterm command with a long title.

======================================================
Candidate: CAN-2001-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0956
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010911 security alert: speechd from speechio.org
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0089.html
Reference: CONFIRM:http://www.speechio.org/speechd.html
Reference: XF:speechd-execute-commands(7121)
Reference: URL:http://xforce.iss.net/static/7121.php
Reference: BID:3326
Reference: URL:http://www.securityfocus.com/bid/3326

speechd 0.54 and earlier, with the Festival or rsynth speech synthesis
package, allows attackers to execute arbitrary commands via shell
metacharacters.

======================================================
Candidate: CAN-2001-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0958
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010912 [SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0099.html
Reference: MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
Reference: XF:interscan-emanager-bo(7104)
Reference: URL:http://xforce.iss.net/static/7104.php
Reference: BID:3327
Reference: URL:http://www.securityfocus.com/bid/3327

Buffer overflows in eManager plugin for Trend Micro InterScan
VirusWall for NT 3.51 and 3.51J allow remote attackers to execute
arbitrary code via long arguments to the CGI programs (1)
register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4)
register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.

======================================================
Candidate: CAN-2001-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0959
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: BID:3342
Reference: URL:http://www.securityfocus.com/bid/3342

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
creates a hidden share named ARCSERVE$, which allows remote attackers
to obtain sensitive information and overwrite critical files.

======================================================
Candidate: CAN-2001-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0960
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:http://xforce.iss.net/static/7122.php
Reference: BID:3343
Reference: URL:http://www.securityfocus.com/bid/3343

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0
stores the backup agent user name and password in cleartext in the
aremote.dmp file in the ARCSERVE$ hidden share, which allows local and
remote attackers to gain privileges.

======================================================
Candidate: CAN-2001-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0961
Phase: Proposed (20020131)
Category: SF
Reference: DEBIAN:DSA-076
Reference: URL:http://www.debian.org/security/2001/dsa-076
Reference: XF:most-file-create-bo(7149)
Reference: URL:http://xforce.iss.net/static/7149.php
Reference: BID:3347
Reference: URL:http://www.securityfocus.com/bid/3347

Buffer overflow in tab expansion capability of the most program allows
local or remote attackers to execute arbitrary code via a malformed
file that is viewed with most.

======================================================
Candidate: CAN-2001-0962
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0962
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
Reference: XF:ibm-websphere-seq-predict(7153)
Reference: URL:http://xforce.iss.net/static/7153.php

IBM WebSphere Application Server 3.02 through 3.53 uses predictable
session IDs for cookies, which allows remote attackers to gain
privileges of WebSphere users via brute force guessing.

======================================================
Candidate: CAN-2001-0963
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0963
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: XF:spoonftp-dot-directory-traversal(7147)
Reference: URL:http://xforce.iss.net/static/7147.php

Directory traversal vulnerability in SpoonFTP 1.1 allows local and
sometimes remote attackers to access files outside of the FTP root via
a ... (modified dot dot) in the CD (CWD) command.

======================================================
Candidate: CAN-2001-0964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0964
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010920 Advisory: Half-Life remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0178.html
Reference: XF:halflife-connect-bo(7148)
Reference: URL:http://xforce.iss.net/static/7148.php

Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows
malicious remote servers to execute arbitrary code via a long console
command.

======================================================
Candidate: CAN-2001-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0965
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html
Reference: CONFIRM:http://www.glftpd.org/
Reference: BID:3201
Reference: URL:http://www.securityfocus.com/bid/3201

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU
consumption) via a LIST command with an argument that contains a large
number of * (asterisk) characters.

======================================================
Candidate: CAN-2001-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0966
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010818 [Real Security] Advisory for Nudester 1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0232.html
Reference: BID:3202
Reference: URL:http://www.securityfocus.com/bid/3202

Directory traversal vulnerability in Nudester 1.10 and earlier allows
remote attackers to read or write arbitrary files via a .. (dot dot)
in the CD (CWD) command.

======================================================
Candidate: CAN-2001-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0967
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
Reference: BID:3204
Reference: URL:http://www.securityfocus.com/bid/3204

Knox Arkeia server 4.2, and possibly other versions, uses a constant
salt when encrypting passwords using the crypt() function, which makes
it easier for an attacker to conduct brute force password guessing.

======================================================
Candidate: CAN-2001-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0968
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
Reference: BID:3203
Reference: URL:http://www.securityfocus.com/bid/3203

Knox Arkeia server 4.2, and possibly other versions, installs its root
user with a null password by default, which allows local and remote
users to gain privileges.

======================================================
Candidate: CAN-2001-0969
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0969
Phase: Proposed (20020131)
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
Reference: XF:ipfw-me-unauthorized-access(7002)
Reference: URL:http://xforce.iss.net/static/7002.php
Reference: BID:3206
Reference: URL:http://www.securityfocus.com/bid/3206

ipfw in FreeBSD does not properly handle the use of "me" in its rules
when point to point interfaces are used, which causes ipfw to allow
connections from arbitrary remote hosts.

======================================================
Candidate: CAN-2001-0970
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0970
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010820 tdforum 1.2 Messageboard
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99832137410609&w=2
Reference: BID:3207
Reference: URL:http://www.securityfocus.com/bid/3207

Cross-site scripting vulnerability in TDForum 1.2 CGI script
(tdforum12.cgi) allows remote attackers to execute arbitrary script on
other clients via a forum message that contains the script.

======================================================
Candidate: CAN-2001-0971
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0971
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010820 ACI 4D WebServer Directory traversal.
Reference: URL:http://www.securityfocus.com/archive/1/206102
Reference: BID:3209
Reference: URL:http://www.securityfocus.com/bid/3209

Directory traversal vulnerability in ACI 4d webserver allows remote
attackers to read arbitrary files via a .. (dot dot) or drive letter
(e.g., C:) in an HTTP request.

======================================================
Candidate: CAN-2001-0972
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0972
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010820 security problem in surf-net ASP Discussion Forum < 2.30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99834088223352&w=2
Reference: BID:3210
Reference: URL:http://www.securityfocus.com/bid/3210

Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on
the UserID, which allows remote attackers to gain administrative
privileges by calculating the value of the admin cookie (UserID 1),
i.e. "0888888."

======================================================
Candidate: CAN-2001-0973
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0973
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010822 BSCW symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html
Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers
to read or modify arbitrary files by uploading and extracting a tar
file with a symlink into the data-bag space.

======================================================
Candidate: CAN-2001-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0974
Phase: Proposed (20020131)
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CIAC:L-116
Reference: URL:http://www.ciac.org/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#869184
Reference: URL:http://www.kb.cert.org/vuls/id/869184
Reference: BID:3048
Reference: URL:http://www.securityfocus.com/bid/3048
Reference: XF:oracle-ldap-protos-format-string(6903)
Reference: URL:http://xforce.iss.net/static/6903.php

Format string vulnerabilities in Oracle Internet Directory Server
(LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary
code.

======================================================
Candidate: CAN-2001-0975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0975
Phase: Proposed (20020131)
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CIAC:L-116
Reference: URL:http://www.ciac.org/ciac/bulletins/l-116.shtml
Reference: CERT-VN:VU#869184
Reference: URL:http://www.kb.cert.org/vuls/id/869184
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
Reference: XF:oracle-ldap-protos-bo(6902)
Reference: URL:http://xforce.iss.net/static/6902.php
Reference: BID:3047
Reference: URL:http://www.securityfocus.com/bid/3047

Buffer overflow vulnerabilities in Oracle Internet Directory Server
(LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary
code.

======================================================
Candidate: CAN-2001-0976
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0976
Phase: Proposed (20020131)
Category: SF
Reference: HP:HPSBUX0108-165
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and
earlier, as used by HP-UX Workload Manager (WLM), allows local users
to gain root privileges via modified libraries or environment
variables.

======================================================
Candidate: CAN-2001-0977
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0977
Phase: Proposed (20020131)
Category: SF
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#935800
Reference: URL:http://www.kb.cert.org/vuls/id/935800
Reference: DEBIAN:DSA-068
Reference: URL:http://www.debian.org/security/2001/dsa-068
Reference: REDHAT:RHSA-2001:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-098.html
Reference: CONECTIVA:CLA-2001:417
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
Reference: MANDRAKE:MDKSA-2001:069
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3
Reference: BID:3049
Reference: URL:http://www.securityfocus.com/bid/3049
Reference: XF:openldap-ldap-protos-dos(6904)
Reference: URL:http://xforce.iss.net/static/6904.php

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows
remote attackers to cause a denial of service (crash) via an invalid
Basic Encoding Rules (BER) length field.

======================================================
Candidate: CAN-2001-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0978
Phase: Proposed (20020131)
Category: SF
Reference: HPBUG:PHCO_17719
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html
Reference: HPBUG:PHCO_24454
Reference: BID:3289
Reference: URL:http://www.securityfocus.com/bid/3289

login in HP-UX 10.26 does not record failed login attempts in
/var/adm/btmp, which could allow attackers to conduct brute force
password guessing attacks without being detected or observed using the
lastb program.

======================================================
Candidate: CAN-2001-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0979
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010903 hpux warez
Reference: URL:http://www.securityfocus.com/archive/1/211687
Reference: BID:3279
Reference: URL:http://www.securityfocus.com/bid/3279
Reference: XF:hpux-swverify-bo(7078)
Reference: URL:http://xforce.iss.net/static/7078.php

Buffer overflow in swverify in HP-UX 11.0, and possibly other
programs, allows local users to gain privileges via a long command
line argument.

======================================================
Candidate: CAN-2001-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0980
Phase: Proposed (20020131)
Category: SF
Reference: CALDERA:CSSA-2001-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt
Reference: XF:docview-httpd-command-execution(6854)
Reference: URL:http://xforce.iss.net/static/6854.php
Reference: BID:3052
Reference: URL:http://www.securityfocus.com/bid/3052

docview before 1.0-15 allows remote attackers to execute arbitrary
commands via shell metacharacters that are processed when converting a
man page to a web page.

======================================================
Candidate: CAN-2001-0981
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0981
Phase: Proposed (20020131)
Category: SF
Reference: HP:HPSBUX0108-164
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix
password sync" option enabled calls the passwd program without
specifying the username of the user making the request, which could
cause the server to change the password of a different user.

======================================================
Candidate: CAN-2001-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0982
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html
Reference: AIXAPAR:IY18152
Reference: CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README
Reference: XF:tivoli-secureway-dot-directory-traversal(6884)
Reference: URL:http://xforce.iss.net/static/6884.php
Reference: BID:3080
Reference: URL:http://www.securityfocus.com/bid/3080

Directory traversal vulnerability in IBM Tivoli WebSEAL Policy
Director 3.01 through 3.7.1 allows remote attackers to read arbitrary
files or directories via encoded .. (dot dot) sequences containing
"%2e" strings.

======================================================
Candidate: CAN-2001-0983
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0983
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010823 Re: Respondus v1.1.2 stores passwords using weak encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99861651923668&w=2
Reference: MISC:http://www.eve-software.com/security/ueditpw.html

UltraEdit uses weak encryption to record FTP passwords in the
uedit32.ini file, which allows local users who can read the file to
decrypt the passwords and gain privileges.

======================================================
Candidate: CAN-2001-0984
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0984
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010913 leak of information in counterpane/Bruce Schneier's Password Safe program
Reference: URL:http://www.securityfocus.com/archive/1/213931
Reference: XF:counterpane-password-access(7123)
Reference: URL:http://xforce.iss.net/static/7123.php
Reference: BID:3337
Reference: URL:http://www.securityfocus.com/bid/3337

Password Safe 1.7(1) leaves cleartext passwords in memory when a user
copies the password to the clipboard and minimizes Password Safe with
the "Clear the password when minimized" and "Lock password database on
minimize and promp on restore" options enabled, which could allow an
attacker with access to the memory (e.g. an administrator) to read the
passwords.

======================================================
Candidate: CAN-2001-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0985
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010908 Shopping Cart Version 1.23
Reference: URL:http://www.securityfocus.com/archive/1/212827
Reference: MISC:http://www.irata.com/shopver.html
Reference: BID:3308
Reference: URL:http://www.securityfocus.com/bid/3308
Reference: XF:hassan-cart-command-execution(7106)
Reference: URL:http://xforce.iss.net/static/7106.php

shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote
attackers to execute arbitrary commands via shell metacharacters in
the "page" parameter.

======================================================
Candidate: CAN-2001-0986
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0986
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc)
Reference: URL:http://www.securityfocus.com/archive/1/214217
Reference: XF:winnt-indexserver-sqlqhit-asp(7125)
Reference: URL:http://xforce.iss.net/static/7125.php
Reference: BID:3339
Reference: URL:http://www.securityfocus.com/bid/3339

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote
attackers to obtain sensitive information such as the physical path,
file attributes, or portions of source code by directly calling
sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2)
extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

======================================================
Candidate: CAN-2001-0987
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0987
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
Reference: CONFIRM:http://cgiwrap.sourceforge.net/changes.html
Reference: BID:3084
Reference: URL:http://www.securityfocus.com/bid/3084
Reference: XF:cgiwrap-cross-site-scripting(6886)
Reference: URL:http://xforce.iss.net/static/6886.php

Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote
attackers to execute arbitrary Javascript on other web clients by
causing the Javascript to be inserted into error messages that are
generated by CGIWrap.

======================================================
Candidate: CAN-2001-0988
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0988
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010723 permission probs with Arkeia
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0521.html
Reference: BID:3085
Reference: URL:http://www.securityfocus.com/bid/3085
Reference: XF:arkeia-insecure-file-permissions(6885)
Reference: URL:http://xforce.iss.net/static/6885.php

Arkeia backup server 4.2.8-2 and earlier creates its database files
with world-writable permissions, which could allow local users to
overwrite the files or obtain sensitive information.

======================================================
Candidate: CAN-2001-0989
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0989
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010723 pileup 1.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0512.html
Reference: CONFIRM:http://www.babbage.demon.co.uk/linux/pileup-1.2/pileup-1.2.tar.gz
Reference: BID:3086
Reference: URL:http://www.securityfocus.com/bid/3086

Buffer overflows in Pileup before 1.2 allows local users to gain root
privileges via (1) long command line arguments, or (2) a long
callsign.

======================================================
Candidate: CAN-2001-0990
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0990
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem
Reference: URL:http://www.securityfocus.com/archive/1/212036
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: BID:3284
Reference: URL:http://www.securityfocus.com/bid/3284
Reference: XF:vpopmail-insecure-auth-data(7076)
Reference: URL:http://xforce.iss.net/static/7076.php

Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module,
compiles authentication information in cleartext into the
libvpopmail.a library, which allows local users to obtain the MySQL
username and password by inspecting the vpopmail programs that use the
library.

======================================================
Candidate: CAN-2001-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0991
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010724 Proxomitron Cross-site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/198954
Reference: XF:proxomitron-cross-site-scripting(6887)
Reference: URL:http://xforce.iss.net/static/6887.php
Reference: BID:3087
Reference: URL:http://www.securityfocus.com/bid/3087

Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and
earlier allows remote attackers to execute arbitrary script on other
clients via an incorrect URL containing the malicious script, which is
printed back in an error message.

======================================================
Candidate: CAN-2001-0992
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0992
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010905 ShopPlus Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html
Reference: XF:shopplus-command-execution(7077)
Reference: URL:http://xforce.iss.net/static/7077.php

shopplus.cgi in ShopPlus shopping cart allows remote attackers to
execute arbitrary commands via shell metacharacters in the "file"
parameter.

======================================================
Candidate: CAN-2001-0993
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0993
Phase: Proposed (20020131)
Category: SF
Reference: NETBSD:NetBSD-SA2001-011
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html
Reference: XF:bsd-kernel-sendmsg-dos(6908)
Reference: URL:http://xforce.iss.net/static/6908.php
Reference: BID:3088
Reference: URL:http://www.securityfocus.com/bid/3088

sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause
a denial of service (kernel trap or panic) via a msghdr structure with
a large msg_controllen length.

======================================================
Candidate: CAN-2001-0994
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0994
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010904 Telnet DoS Vulnerability in Marconi ATM Switch Software
Reference: URL:http://www.securityfocus.com/archive/1/211956
Reference: XF:forethought-telnet-dos(7082)
Reference: URL:http://xforce.iss.net/static/7082.php
Reference: BID:3286
Reference: URL:http://www.securityfocus.com/bid/3286

Marconi ForeThought 7.1 allows remote attackers to cause a denial of
service by causing both telnet sessions to be locked via unusual input
(e.g., from a port scanner), which prevents others from logging into
the device.

======================================================
Candidate: CAN-2001-0995
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0995
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/210349
Reference: MISC:http://www.phprojekt.com/ChangeLog
Reference: BID:3239
Reference: URL:http://www.securityfocus.com/bid/3239
Reference: XF:phprojekt-id-modify(7035)
Reference: URL:http://xforce.iss.net/static/7035.php

PHProjekt before 2.4a allows remote attackers to perform actions as
other PHProjekt users by modifying the ID number in an HTTP request to
PHProjekt CGI programs.

======================================================
Candidate: CAN-2001-0996
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0996
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010902 POP3Lite 0.2.3b minor client side DoS and message injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0436.html
Reference: XF:pop3lite-dot-message-injection(7075)
Reference: URL:http://xforce.iss.net/static/7075.php
Reference: BID:3278
Reference: URL:http://www.securityfocus.com/bid/3278

POP3Lite before 0.2.4 does not properly quote a . (dot) in an email
message, which could allow a remote attacker to append arbitrary text
to the end of an email message, which could then be interpreted by
various mail clients as valid POP server responses or other input that
could cause clients to crash or otherwise behave unexpectedly.

======================================================
Candidate: CAN-2001-0997
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0997
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010911 Textor Webmasters Ltd (listrec.pl)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html
Reference: XF:listrecpl-remote-command-execution(7117)
Reference: URL:http://xforce.iss.net/static/7117.php

Textor Webmasters Ltd listrec.pl CGI program allows remote attackers
to execute arbitrary commands via shell metacharacters in the TEMPLATE
parameter.

======================================================
Candidate: CAN-2001-0998
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0998
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010924 HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216105
Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"
Reference: URL:http://www.securityfocus.com/archive/1/217910
Reference: AIXAPAR:IY20943
Reference: AIXAPAR:IY17630
Reference: XF:hacmp-portscan-dos(7165)
Reference: URL:http://xforce.iss.net/static/7165.php
Reference: BID:3358
Reference: URL:http://www.securityfocus.com/bid/3358

IBM HACMP 4.4 allows remote attackers to cause a denial of service via
a completed TCP connection to HACMP ports (e.g., using a port scan)
that does not send additional data, which causes a failure in snmpd.

======================================================
Candidate: CAN-2001-0999
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0999
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010912 FREAK SHOW: Outlook Express 6.00
Reference: URL:http://www.securityfocus.com/archive/1/213754
Reference: BUGTRAQ:20010915 Proof-Of-Concept Perl Script for Bugtraq-ID: #3334
Reference: URL:http://www.securityfocus.com/archive/1/214453
Reference: XF:outlook-express-text-script-execution(7118)
Reference: URL:http://xforce.iss.net/static/7118.php
Reference: BID:3334
Reference: URL:http://www.securityfocus.com/bid/3334

Outlook Express 6.00 allows remote attackers to execute arbitrary
script by embedding SCRIPT tags in a message whose MIME content type
is text/plain, contrary to the expected behavior that text/plain
messages will not run script.

======================================================
Candidate: CAN-2001-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1000
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010907 rlmadmin v3.8M view file symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0036.html
Reference: XF:radius-rlmadmin-help-symlink(7096)
Reference: URL:http://xforce.iss.net/static/7096.php
Reference: BID:3302
Reference: URL:http://www.securityfocus.com/bid/3302

rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and
possibly other versions, allows local users to read arbitrary files
via a symlink attack on the rlmadmin.help file.

======================================================
Candidate: CAN-2001-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1002
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99892644616749&w=2
Reference: REDHAT:RHSA-2001:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html
Reference: BID:3241
Reference: URL:http://www.securityfocus.com/bid/3241

The default configuration of the DVI print filter (dvips) in Red Hat
Linux 7.0 and earlier does not run dvips in secure mode when dvips is
executed by lpd, which could allow remote attackers to gain privileges
by printing a DVI file that contains malicious commands.

======================================================
Candidate: CAN-2001-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1003
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010823 Respondus v1.1.2 stores passwords using weak encryption
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99859557930285&w=2

Respondus 1.1.2 for WebCT uses weak encryption to remember usernames
and passwords, which allows local users who can read the WEBCT.SVR
file to decrypt the passwords and gain additional privileges.

======================================================
Candidate: CAN-2001-1004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1004
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010830 gnut gnutella client html injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0415.html
Reference: MISC:http://www.gnutelliums.com/linux_unix/gnut/ChangeLog.txt

Cross-site scripting (CSS) vulnerability in gnut Gnutella client
before 0.4.27 allows remote attackers to execute arbitrary script on
other clients by sharing a file whose name contains the script tags.

======================================================
Candidate: CAN-2001-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1005
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067
Reference: BID:3231
Reference: URL:http://www.securityfocus.com/bid/3231

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak
encryption to store the user password in a registry key, which allows
attackers who have access to the registry key to decrypt the password
and gain privileges.

======================================================
Candidate: CAN-2001-1006
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1006
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067
Reference: BID:3232
Reference: URL:http://www.securityfocus.com/bid/3232

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not
encrypt sensitive files and relies solely on its password feature to
restrict access, which allows an attacker to read the files using a
different application.

======================================================
Candidate: CAN-2001-1007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1007
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/210067

Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a
small keyspace for device keys and does not impose a delay when an
incorrect key is entered, which allows attackers to more quickly guess
the key via a brute force attack.

======================================================
Candidate: CAN-2001-1008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1008
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html
Reference: BID:3245
Reference: URL:http://www.securityfocus.com/bid/3245

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the
certificate is expired, which could allow remote attackers to conduct
unauthorized activities via an applet that has been signed by an
expired certificate.

======================================================
Candidate: CAN-2001-1009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1009
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010809 Fetchmail security advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html
Reference: ENGARDE:ESA-20010816-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1555.html
Reference: REDHAT:RHSA-2001:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html
Reference: MANDRAKE:MDKSA-2001:072
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3
Reference: DEBIAN:DSA-071
Reference: URL:http://www.debian.org/security/2001/dsa-071
Reference: CONECTIVA:CLA-2001:419
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419
Reference: BID:3164
Reference: URL:http://www.securityfocus.com/bid/3164
Reference: BID:3166
Reference: URL:http://www.securityfocus.com/bid/3166

Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious
(1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory
and possibly gain privileges via a negative index number as part of a
response to a LIST request.

======================================================
Candidate: CAN-2001-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1010
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010721 Sambar Web Server pagecount exploit code
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: XF:sambar-pagecount-overwrite-files(6916)
Reference: URL:http://xforce.iss.net/static/6916.php
Reference: BID:3092
Reference: URL:http://www.securityfocus.com/bid/3092

Directory traversal vulnerability in pagecount CGI script in Sambar
Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary
files via a .. (dot dot) attack on the page parameter.

======================================================
Candidate: CAN-2001-1011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1011
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz
Reference: BID:3093
Reference: URL:http://www.securityfocus.com/bid/3093
Reference: XF:mambo-phpsessid-gain-privileges(6910)
Reference: URL:http://xforce.iss.net/static/6910.php

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote
attackers to gain Mambo administrator privileges by setting the
PHPSESSID parameter and providing the appropriate administrator
information in other parameters.

======================================================
Candidate: CAN-2001-1012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1012
Phase: Proposed (20020131)
Category: SF
Reference: SUSE:SuSE-SA:2001:030
Reference: URL:http://www.suse.com/de/support/security/2001_030_screen_txt.txt
Reference: XF:screen-local-privilege-elevation(7134)
Reference: URL:http://xforce.iss.net/static/7134.php

Vulnerability in screen before 3.9.10, related toa multi-attach error,
allows local users to gain root privileges when there is a
subdirectory under /tmp/screens/.

======================================================
Candidate: CAN-2001-1013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1013
Phase: Proposed (20020131)
Category: SF
Reference: VULN-DEV:20000707 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
Reference: VULN-DEV:20000707 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
Reference: VULN-DEV:20000707 Re: apache and 404/404 status codes
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html
Reference: BUGTRAQ:20010912 Is there user Anna at your host ?
Reference: URL:http://www.securityfocus.com/archive/1/213667
Reference: XF:linux-apache-username-exists(7129)
Reference: URL:http://xforce.iss.net/static/7129.php
Reference: BID:3335
Reference: URL:http://www.securityfocus.com/bid/3335

Apache on Red Hat Linux with with the UserDir directive enabled
generates different error codes when a username exists and there is no
public_html directory and when the username does not exist, which
could allow remote attackers to determine valid usernames on the
server.

======================================================
Candidate: CAN-2001-1014
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1014
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010915 advisory
Reference: URL:http://www.securityfocus.com/archive/1/214456
Reference: BID:3340
Reference: URL:http://www.securityfocus.com/bid/3340
Reference: XF:eshop-script-execute-commands(7128)
Reference: URL:http://xforce.iss.net/static/7128.php

eshop.pl in WebDiscount(e)shop allows remote attackers to execute
arbitrary commands via shell metacharacters in the seite parameter.

======================================================
Candidate: CAN-2001-1015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1015
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011016 [ ** Snes9x buffer overflow vulnerability ** ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html
Reference: BID:3437
Reference: URL:http://www.securityfocus.com/bid/3437

Buffer overflow in Snes9x 1.37, when installed setuid root, allows
local users to gain root privileges via a long command line argument.

======================================================
Candidate: CAN-2001-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1016
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/211806
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp
Reference: BID:3280
Reference: URL:http://www.securityfocus.com/bid/3280
Reference: XF:pgp-invalid-key-display(7081)
Reference: URL:http://xforce.iss.net/static/7081.php

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3,
Freeware before 7.0.3, and E-Business Server before 7.1 does not
properly display when invalid userID's are used to sign a message,
which could allow an attacker to make the user believe that the
document has been signed by a trusted third party by adding a second,
invalid user ID to a key which has already been signed by the third
party, aka the "PGPsdk Key Validity Vulnerability."

======================================================
Candidate: CAN-2001-1017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1017
Phase: Proposed (20020131)
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:59
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
Reference: XF:rmuser-insecure-password-file(7086)
Reference: URL:http://xforce.iss.net/static/7086.php
Reference: BID:3282
Reference: URL:http://www.securityfocus.com/bid/3282

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the
master.passwd file with world-readable permissions while updating the
original file, which could allow local users to gain privileges by
reading the copied file while rmuser is running, obtain the password
hashes, and crack the passwords.

======================================================
Candidate: CAN-2001-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1018
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010919 lotus domino server 5.08 is very gabby
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094373621813&w=2
Reference: BID:3350
Reference: URL:http://www.securityfocus.com/bid/3350
Reference: XF:lotus-domino-ip-reveal(7180)
Reference: URL:http://xforce.iss.net/static/7180.php

Lotus Domino web server 5.08 allows remote attackers to determine the
internal IP address of the server when NAT is enabled via a GET
request that contains a long sequence of / (slash) characters.

======================================================
Candidate: CAN-2001-1019
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1019
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010908 sglMerchant Version 1.0
Reference: URL:http://www.securityfocus.com/archive/1/212825
Reference: BID:3309
Reference: URL:http://www.securityfocus.com/bid/3309
Reference: XF:sglmerchant-dot-directory-traversal(7100)
Reference: URL:http://xforce.iss.net/static/7100.php

Directory traversal vulnerability in view_item CGI program in
sglMerchant 1.0 allows remote attackers to read arbitrary files via a
.. (dot dot) in the HTML_FILE parameter.

======================================================
Candidate: CAN-2001-1020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1020
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010905 directorymanager bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589
Reference: BID:3288
Reference: URL:http://www.securityfocus.com/bid/3288
Reference: XF:directory-manager-execute-commands(7079)
Reference: URL:http://xforce.iss.net/static/7079.php

edit_image.php in Vibechild Directory Manager before 0.91 allows
remote attackers to execute arbitrary commands via shell
metacharacters in the userfile_name parameter, which is sent
unfiltered to the PHP passthru function.

======================================================
Candidate: CAN-2001-1021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1021
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010726 def-2001-28 - WS_FTP server 2.0.2 Buffer Overflow and possible DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0610.html
Reference: MISC:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
Reference: XF:wsftp-long-command-bo(6911)
Reference: URL:http://xforce.iss.net/static/6911.php

Buffer overflows in WS_FTP 2.02 allow remote attackers to execute
arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4)
MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or
(11) XRMD.

======================================================
Candidate: CAN-2001-1022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1022
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0
Reference: URL:http://www.securityfocus.com/archive/1/199706
Reference: DEBIAN:DSA-072
Reference: URL:http://www.debian.org/security/2001/dsa-072
Reference: CONECTIVA:CLA-2001:428
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428
Reference: XF:linux-groff-format-string(6918)
Reference: URL:http://xforce.iss.net/static/6918.php
Reference: BID:3103
Reference: URL:http://www.securityfocus.com/bid/3103

Format string vulnerability in pic utility in groff 1.16.1 and other
versions allows remote attackers to bypass the -S option and execute
arbitrary commands via format string specifiers in the plot command.

======================================================
Candidate: CAN-2001-1023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1023
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html
Reference: XF:xcache-path-disclosure(7159)
Reference: URL:http://xforce.iss.net/static/7159.php
Reference: BID:3352
Reference: URL:http://www.securityfocus.com/bid/3352

Xcache 2.1 allows remote attackers to determine the absolute path of
web server documents by requesting a URL that is not cached by Xcache,
which returns the full pathname in the Content-PageName header.

======================================================
Candidate: CAN-2001-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1024
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010727 Entrust - getAccess
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html
Reference: XF:entrust-getaccess-execute-commands(6915)
Reference: URL:http://xforce.iss.net/static/6915.php

login.gas.bat and other CGI scripts in Entrust getAccess allow remote
attackers to execute Java programs, and possibly arbitrary commands,
by specifying an alternate -classpath argument.

======================================================
Candidate: CAN-2001-1025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1025
Phase: Proposed (20020131)
Category: SF
Reference: VULNWATCH:20010803 [VulnWatch] 3 phpnuke bugs (2 possibly lead to admin privs)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
Reference: BID:3149
Reference: URL:http://www.securityfocus.com/bid/3149

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL
operations by modifying the "prefix" variable when calling any scripts
that do not already define the prefix variable (e.g., by including
mainfile.php), such as article.php.

======================================================
Candidate: CAN-2001-1026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1026
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010709 Various problems in Ternd Micro AppletTrap URL filtering
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html
Reference: XF:applettrap-bypass-ip-restrictions(6818)
Reference: URL:http://xforce.iss.net/static/6818.php
Reference: XF:content-slash-bypass-filter(6816)
Reference: URL:http://xforce.iss.net/static/6816.php
Reference: XF:applettrap-unicode-bypass-filter(6817)
Reference: URL:http://xforce.iss.net/static/6817.php
Reference: XF:applettrap-zero-bypass-restrictions(6819)
Reference: URL:http://xforce.iss.net/static/6819.php

Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs
when they are modified in certain ways such as (1) using a double
slash (//) instead of a single slash, (2) URL-encoded characters, (3)
requesting the IP address instead of the domain name, or (4) using
leading a leading 0 in an octet of an IP address.

======================================================
Candidate: CAN-2001-1027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1027
Phase: Proposed (20020131)
Category: SF
Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog
Reference: DEBIAN:DSA-074
Reference: URL:http://www.debian.org/security/2001/dsa-074
Reference: CONECTIVA:CLA-2001:411
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411
Reference: SUSE:SuSE-SA:2001:032
Reference: URL:http://www.suse.de/de/support/security/2001_032_wmaker_txt.txt
Reference: MANDRAKE:MDKSA-2001:074
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3
Reference: BID:3177
Reference: URL:http://www.securityfocus.com/bid/3177

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows
remote attackers to execute arbitrary code via a long window title.

======================================================
Candidate: CAN-2001-1028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1028
Phase: Proposed (20020131)
Category: SF
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html

Buffer overflow in ultimate_source function of man 1.5 and earlier
allows local users to gain privileges.

======================================================
Candidate: CAN-2001-1029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1029
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges
before verifying the capabilities for reading the copyright and
welcome files, which allows local users to bypass the capabilities
checks and read arbitrary files by specifying alternate copyright or
welcome files.

======================================================
Candidate: CAN-2001-1030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1030
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning
Reference: URL:http://www.securityfocus.com/archive/1/197727
Reference: BUGTRAQ:20010719 TSLSA-2001-0013 - Squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html
Reference: IMMUNIX:IMNX-2001-70-031-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01
Reference: CALDERA:CSSA-2001-029.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt
Reference: MANDRAKE:MDKSA-2001:066
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3
Reference: REDHAT:RHSA-2001:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-097.html
Reference: XF:squid-http-accelerator-portscanning(6862)
Reference: URL:http://xforce.iss.net/static/6862.php

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable
access control lists (ACLs) when the httpd_accel_host and
http_accel_with_proxy off settings are used, which allows attackers to
bypass the ACLs and conduct unauthorized activities such as port
scanning.

======================================================
Candidate: CAN-2001-1031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1031
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010927 CARTSA-2001-03 Meteor FTPD 1.0 Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0231.html
Reference: MISC:http://207.202.218.172/
Reference: XF:meteor-ftpd-directory-traversal(7176)
Reference: URL:http://xforce.iss.net/static/7176.php

Directory traversal vulnerability in Meteor FTP 1.0 allows remote
attackers to read arbitrary files via (1) a .. (dot dot) in the
ls/LIST command, or (2) a ... in the cd/CWD command.

======================================================
Candidate: CAN-2001-1032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1032
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html
Reference: XF:php-nuke-admin-file-overwrite(7170)
Reference: URL:http://xforce.iss.net/static/7170.php

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check
login credentials for upload operations, which allows remote attackers
to copy and upload arbitrary files and read the PHP-Nuke configuration
file by directly calling admin.php with an upload parameter and
specifying the file to copy.

======================================================
Candidate: CAN-2001-1033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1033
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010925 Re: HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216323
Reference: XF:trucluster-portscan-dos(7171)
Reference: URL:http://xforce.iss.net/static/7171.php
Reference: BID:3362
Reference: URL:http://www.securityfocus.com/bid/3362

Compaq TruCluster 1.5 allows remote attackers to cause a denial of
service via a port scan from a system that does not have a DNS PTR
record, which causes the cluster to enter a "split-brain" state.

======================================================
Candidate: CAN-2001-1034
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1034
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010923 hylafax
Reference: URL:http://www.securityfocus.com/archive/1/215984
Reference: XF:hylafax-hostname-format-string(7164)
Reference: URL:http://xforce.iss.net/static/7164.php
Reference: BID:3357
Reference: URL:http://www.securityfocus.com/bid/3357

Format string vulnerability in Hylafax on FreeBSD allows local users
to execute arbitrary code via format specifiers in the -h hostname
argument for (1) faxrm or (2) faxalter.

======================================================
Candidate: CAN-2001-1035
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1035
Phase: Proposed (20020131)
Category: SF
Reference: DEBIAN:DSA-078
Reference: URL:http://www.debian.org/security/2001/dsa-078
Reference: BID:3364
Reference: URL:http://www.securityfocus.com/bid/3364
Reference: XF:slrn-decode-script-execution(7166)
Reference: URL:http://xforce.iss.net/static/7166.php

Binary decoding feature of slrn 0.9 and earlier allows remote
attackers to execute commands via shell scripts that are inserted into
a news post.

======================================================
Candidate: CAN-2001-1036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1036
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
Reference: URL:http://www.securityfocus.com/archive/1/200991
Reference: XF:locate-command-execution(6932)
Reference: URL:http://xforce.iss.net/static/6932.php
Reference: BID:3127
Reference: URL:http://www.securityfocus.com/bid/3127

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local
users to gain privileges via an old formatted filename database
(locatedb) that contains an entry with an out-of-range offset, which
causes locate to write to arbitrary process memory.

======================================================
Candidate: CAN-2001-1037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1037
Phase: Proposed (20020131)
Category: SF
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: XF:cisco-sn-gain-access(6827)
Reference: URL:http://xforce.iss.net/static/6827.php
Reference: BID:3131
Reference: URL:http://www.securityfocus.com/bid/3131

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to
access a developer's shell without a password and execute certain
restricted commands without being logged.

======================================================
Candidate: CAN-2001-1038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1038
Phase: Proposed (20020131)
Category: SF
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: CIAC:L-112
Reference: URL:http://www.ciac.org/ciac/bulletins/l-112.shtml
Reference: XF:cisco-sn-dos(6826)
Reference: URL:http://xforce.iss.net/static/6826.php

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote
attackers to cause a denial of service (reboot) via a series of
connections to TCP port 8023.

======================================================
Candidate: CAN-2001-1039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1039
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010801 HP Jetdirect passwords don't sync
Reference: URL:http://www.securityfocus.com/archive/1/201160
Reference: BID:3132
Reference: URL:http://www.securityfocus.com/bid/3132

The JetAdmin web interface for HP JetDirect does not set a password
for the telnet interface when the admin password is changed, which
allows remote attackers to gain access to the printer.

======================================================
Candidate: CAN-2001-1040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1040
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010802 Re: HP Jetdirect passwords don't sync
Reference: URL:http://www.securityfocus.com/archive/1/201224
Reference: BID:3132
Reference: URL:http://www.securityfocus.com/bid/3132

HP LaserJet, and possibly other JetDirect devices, resets the admin
password when the device is turned off, which could allow remote
attackers to access the device without the password.

======================================================
Candidate: CAN-2001-1041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1041
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99677282117387&w=2
Reference: BUGTRAQ:20011024 Oracle File Overwrite Security Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100395579811880&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
Reference: BID:3135
Reference: URL:http://www.securityfocus.com/bid/3135

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to
overwrite arbitrary files via a symlink attack on an Oracle log trace
(.trc) file that is created in an alternate home directory identified
by the ORACLE_HOME environment variable.

======================================================
Candidate: CAN-2001-1042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1042
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010701 Broker 5.9.5.0 Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194443
Reference: BID:2960
Reference: URL:http://www.securityfocus.com/bid/2960
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:http://xforce.iss.net/static/6760.php

Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary
files and directories by uploading a .lnk (link) file that points to
the target file.

======================================================
Candidate: CAN-2001-1043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1043
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194445
Reference: BID:2961
Reference: URL:http://www.securityfocus.com/bid/2961
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:http://xforce.iss.net/static/6760.php

ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary
files and directories by uploading a .lnk (link) file that points to
the target file.

======================================================
Candidate: CAN-2001-1044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1044
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010112 Basilix Webmail System *.class *.inc Permission Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/155897
Reference: XF:basilix-webmail-retrieve-files(5934)
Reference: URL:http://xforce.iss.net/static/5934.php
Reference: BID:2198
Reference: URL:http://www.securityfocus.com/bid/2198

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class
and *.inc files under the document root and does not restrict access,
which could allows remote attackers to obtain sensitive information
such as MySQL passwords and usernames from the mysql.class file.

======================================================
Candidate: CAN-2001-1045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1045
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010706 basilix bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html
Reference: BID:2995
Reference: URL:http://www.securityfocus.com/bid/2995
Reference: XF:basilix-webmail-view-files(6873)
Reference: URL:http://xforce.iss.net/static/6873.php

Directory traversal vulnerability in basilix.php3 in Basilix Webmail
1.0.3beta and earlier allows remote attackers to read arbitrary files
via a .. (dot dot) in the request_id[DUMMY] parameter.

======================================================
Candidate: CAN-2001-1046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1046
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/188267
Reference: VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=98777649031406&w=2
Reference: CALDERA:CSSA-2001-SCO.8
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html
Reference: BID:2811
Reference: URL:http://www.securityfocus.com/bid/2811
Reference: XF:qpopper-username-bo(6647)
Reference: URL:http://xforce.iss.net/static/6647.php

Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2
allows remote attackers gain privileges via a long username.

======================================================
Candidate: CAN-2001-1047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1047
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010602 Locally exploitable races in OpenBSD VFS
Reference: URL:http://www.securityfocus.com/archive/1/188474
Reference: BID:2817
Reference: URL:http://www.securityfocus.com/bid/2817
Reference: BID:2818
Reference: URL:http://www.securityfocus.com/bid/2818
Reference: XF:openbsd-pipe-race-dos(6661)
Reference: URL:http://xforce.iss.net/static/6661.php
Reference: XF:openbsd-dup2-race-dos(6660)
Reference: URL:http://xforce.iss.net/static/6660.php

Race condition in OpenBSD VFS allows local users to cause a denial of
service (kernel panic) by (1) creating a pipe in one thread and
causing another thread to set one of the file descriptors to NULL via
a close, or (2) calling dup2 on a file descriptor in one process, then
setting the descriptor to NULL via a close in another process that is
created via rfork.

======================================================
Candidate: CAN-2001-1048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1048
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php
Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
Reference: BID:3387
Reference: URL:http://www.securityfocus.com/bid/3387

AWOL PHP script allows remote attackers to include arbitrary files
from remote web sites via an HTTP request that sets the includedir
variable.

======================================================
Candidate: CAN-2001-1049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1049
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://phorecast.org/
Reference: BID:3388
Reference: URL:http://www.securityfocus.com/bid/3388
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

Phorecast PHP script before 0.40 allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.

======================================================
Candidate: CAN-2001-1050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1050
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: BID:3389
Reference: URL:http://www.securityfocus.com/bid/3389
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

CCCSoftware CCC PHP script allows remote attackers to include
arbitrary files from remote web sites via an HTTP request that sets
the includedir variable.

======================================================
Candidate: CAN-2001-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1051
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=440666&group_id=20971&atid=120971
Reference: BID:3390
Reference: URL:http://www.securityfocus.com/bid/3390
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

Dark Hart Portal (darkportal) PHP script allows remote attackers to
include arbitrary files from remote web sites via an HTTP request that
sets the includedir variable.

======================================================
Candidate: CAN-2001-1052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1052
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: BID:3391
Reference: URL:http://www.securityfocus.com/bid/3391
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

Empris PHP script allows remote attackers to include arbitrary files
from remote web sites via an HTTP request that sets the includedir
variable.

======================================================
Candidate: CAN-2001-1053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1053
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html
Reference: CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17
Reference: XF:adcycle-insert-sql-command(6837)
Reference: URL:http://xforce.iss.net/static/6837.php
Reference: BID:3032
Reference: URL:http://www.securityfocus.com/bid/3032
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to
bypass authentication and gain privileges by injecting SQL code in the
$password argument.

======================================================
Candidate: CAN-2001-1054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1054
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952
Reference: BID:3392
Reference: URL:http://www.securityfocus.com/bid/3392
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://xforce.iss.net/static/7215.php

PHPAdsNew PHP script allows remote attackers to include arbitrary
files from remote web sites via an HTTP request that sets the
includedir variable.

======================================================
Candidate: CAN-2001-1055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1055
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet
Reference: URL:http://www.securityfocus.com/archive/1/200323
Reference: BID:3113
Reference: URL:http://www.securityfocus.com/bid/3113

Vulnerability in the Microsoft Windows network stack allows remote
attackers to cause a denial of service (CPU consumption) via a flood
of malformed ARP request packets with random source IP and MAC
addresses.

======================================================
Candidate: CAN-2001-1056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1056
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html
Reference: BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
Reference: BID:3117
Reference: URL:http://www.securityfocus.com/bid/3117

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows
remote attackers to bypass intended firewall restrictions by causing
the target system to send a "DCC SEND" request to a malicious server
which listens on port 6667, which may cause the module to believe that
the traffic is a valid request and allow the connection to the port
specified in the DCC SEND request.

======================================================
Candidate: CAN-2001-1057
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1057
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010730 a couple minor issues with mathematica license manager
Reference: URL:http://www.securityfocus.com/archive/1/200462
Reference: BID:3120
Reference: URL:http://www.securityfocus.com/bid/3120
Reference: XF:mathematica-license-dos(6926)
Reference: URL:http://xforce.iss.net/static/6926.php

The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote
attackers to cause a denial of service (resource exhaustion) by
connecting to port 16286 and not disconnecting, which prevents users
from making license requests.

======================================================
Candidate: CAN-2001-1058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1058
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010730 a couple minor issues with mathematica license manager
Reference: URL:http://www.securityfocus.com/archive/1/200462
Reference: BID:3118
Reference: URL:http://www.securityfocus.com/bid/3118
Reference: XF:mathematica-license-retrieval(6927)
Reference: URL:http://xforce.iss.net/static/6927.php

The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote
attackers to bypass access control (specified by the -restrict
argument) and steal a license via a client request that includes the
name of a host that is allowed to obtain the license.

======================================================
Candidate: CAN-2001-1059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1059
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20010730 vmware bug?
Reference: URL:http://www.securityfocus.com/archive/1/200455
Reference: BID:3119
Reference: URL:http://www.securityfocus.com/bid/3119
Reference: XF:vmware-obtain-license-info(6925)
Reference: URL:http://xforce.iss.net/static/6925.php

VMWare creates a temporary file vmware-log.USERNAME with insecure
permissions, which allows local users to read or modify license
information.

======================================================
Candidate: CAN-2001-1060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1060
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010731 New command execution vulnerability in myPhpAdmin
Reference: URL:http://www.securityfocus.com/archive/1/200596
Reference: MISC:http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/
Reference: BID:3121
Reference: URL:http://www.securityfocus.com/bid/3121

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute
arbirtrary commands by inserting them into (1) the strCopyTableOK
argument in tbl_copy.php, or (2) the strRenameTableOK argument in
tbl_rename.php.

======================================================
Candidate: CAN-2001-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1061
Phase: Proposed (20020131)
Category: SF
Reference: AIXAPAR:IY22255
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0003.html

Vulnerability in lsmcode in unknown versions of AIX, possibly related
to a usage error.

======================================================
Candidate: CAN-2001-1062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1062
Phase: Proposed (20020131)
Category: SF
Reference: CALDERA:CSSA-2001-SCO.12
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local
users to execute arbitrary code.

======================================================
Candidate: CAN-2001-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1063
Phase: Proposed (20020131)
Category: SF
Reference: CALDERA:CSSA-2001-SCO.14
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt
Reference: BID:3244
Reference: URL:http://www.securityfocus.com/bid/3244
Reference: XF:unixware-openunix-uidadmin-bo(7036)
Reference: URL:http://xforce.iss.net/static/7036.php

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7
allows local users to gain root privileges via a long -S (scheme)
command line argument.

======================================================
Candidate: CAN-2001-1064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1064
Phase: Proposed (20020131)
Category: SF
Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
Reference: BID:3236
Reference: URL:http://www.securityfocus.com/bid/3236
Reference: XF:cisco-cbos-telnet-dos(7025)
Reference: URL:http://xforce.iss.net/static/7025.php
Reference: XF:cisco-cbos-http-dos(7026)
Reference: URL:http://xforce.iss.net/static/7026.php

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows
remote attackers to cause a denial of service via multiple connections
to the router on the (1) HTTP or (2) telnet service, which causes the
router to become unresponsive and stop forwarding packets.

======================================================
Candidate: CAN-2001-1065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1065
Phase: Proposed (20020131)
Category: CF
Reference: CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
Reference: XF:cisco-cbos-web-config(7027)
Reference: URL:http://xforce.iss.net/static/7027.php

Web-based configuration utility in Cisco 600 series routers running
CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based
configuration services are disabled, which could leave the router open
to attack.

======================================================
Candidate: CAN-2001-1066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1066
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99893667921216&w=2

ns6install installation script for Netscape 6.01 on Solaris allows
local users to overwrite files via a symlink attack.

======================================================
Candidate: CAN-2001-1067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1067
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html
Reference: BUGTRAQ:20010906 AOLserver exploit code
Reference: URL:http://www.securityfocus.com/archive/1/213041
Reference: BID:3230
Reference: URL:http://www.securityfocus.com/bid/3230
Reference: XF:aolserver-long-password-dos(7030)
Reference: URL:http://xforce.iss.net/static/7030.php

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a
denial of service, and possibly execute arbitrary code, via an HTTP
request with a long Authorization header.

======================================================
Candidate: CAN-2001-1068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1068
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010825 qpopper and pam.d
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html
Reference: XF:qpopper-pam-auth-error(7047)
Reference: URL:http://xforce.iss.net/static/7047.php
Reference: BID:3242
Reference: URL:http://www.securityfocus.com/bid/3242

qpopper 4.01 with PAM based authentication on Red Hat systems
generates different error messages when an invalid username is
provided instead of a valid name, which allows remote attackers to
determine valid usernames on the system.

======================================================
Candidate: CAN-2001-1069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1069
Phase: Proposed (20020131)
Category: CF
Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99849121502399&w=2
Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
Reference: BID:3225
Reference: URL:http://www.securityfocus.com/bid/3225
Reference: XF:adobe-acrobat-insecure-permissions(7024)
Reference: URL:http://xforce.iss.net/static/7024.php

libCoolType library as used in Adobe Acrobat (acroread) on Linux
creates the AdobeFnt.lst file with world-writable permissions, which
allows local users to modify the file and possibly modify acroread's
behavior.

======================================================
Candidate: CAN-2001-1070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1070
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010821 Bug in MAS90 Accounting Platform remote access?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0312.html
Reference: XF:mas-telnet-connect-dos(7020)
Reference: URL:http://xforce.iss.net/static/7020.php
Reference: BID:3221
Reference: URL:http://www.securityfocus.com/bid/3221

Sage Software MAS 200 allows remote attackers to cause a denial of
service by connecting to port 10000 and entering a series of control
characters.

======================================================
Candidate: CAN-2001-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1071
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20011009 Cisco CDP attacks
Reference: URL:http://www.securityfocus.com/archive/1/219257
Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP
Reference: URL:http://www.securityfocus.com/archive/1/219305
Reference: BID:3412
Reference: URL:http://www.securityfocus.com/bid/3412
Reference: XF:cisco-ios-cdp-dos(7242)
Reference: URL:http://xforce.iss.net/static/7242.php

Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP)
allows remote attackers to cause a denial of service (memory
consumption) via a flood of CDP neighbor announcements.

======================================================
Candidate: CAN-2001-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1072
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect?
Reference: URL:http://www.securityfocus.com/archive/1/203955
Reference: BID:3176
Reference: URL:http://www.securityfocus.com/bid/3176

Apache with mod_rewrite enabled on most UNIX systems allows remote
attackers to bypass RewriteRules by inserting extra / (slash)
characters into the requested path, which causes the regular
expression in the RewriteRule to fail

======================================================
Candidate: CAN-2001-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1073
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010815 webridge application suite gives up too much error information on Internal Server Error
Reference: URL:http://www.securityfocus.com/archive/1/204725
Reference: XF:webridge-px-reveal-information(6993)
Reference: URL:http://xforce.iss.net/static/6993.php
Reference: BID:3182
Reference: URL:http://www.securityfocus.com/bid/3182

Webridge PX Application Suite allows remote attackers to obtain
sensitive information via a malformed request that generates a server
error message, which includes full pathname or internal IP address
information in the variables (1) APPL_PHYSICAL_PATH, (2)
PATH_TRANSLATED, and (3) LOCAL_ADDR.

======================================================
Candidate: CAN-2001-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1074
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html
Reference: CALDERA:CSSA-2001-019.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt
Reference: MANDRAKE:MDKSA-2001:059
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3
Reference: XF:webmin-gain-information(6627)
Reference: URL:http://xforce.iss.net/static/6627.php
Reference: BID:2795
Reference: URL:http://www.securityfocus.com/bid/2795

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION
environment variable when the web server is restarted, which makes
authentication information available to all CGI programs and allows
local users to gain privileges.

======================================================
Candidate: CAN-2001-1075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1075
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html
Reference: BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html
Reference: XF:cobalt-poprelayd-mail-relay(6806)
Reference: URL:http://xforce.iss.net/static/6806.php
Reference: BID:2986
Reference: URL:http://www.securityfocus.com/bid/2986

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote
attackers to bypass authentication for relaying by causing a "POP
login by user" string that includes the attacker's IP address to be
injected into the maillog log file.

======================================================
Candidate: CAN-2001-1076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1076
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010705 Solaris whodo Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0076.html
Reference: BID:2935
Reference: URL:http://www.securityfocus.com/bid/2935
Reference: XF:solaris-whodo-bo(6802)
Reference: URL:http://xforce.iss.net/static/6802.php

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows
local users to execute arbitrary code via a long (1) SOR or (2) CFIME
environment variable.

======================================================
Candidate: CAN-2001-1077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1077
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010615 Rxvt vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/191510
Reference: DEBIAN:DSA-062
Reference: URL:http://www.debian.org/security/2001/dsa-062
Reference: IMMUNIX:IMNX-2001-70-028-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01
Reference: XF:rxvt-ttprintf-bo(6701)
Reference: URL:http://xforce.iss.net/static/6701.php

Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users
to gain privileges via a long (1) -T or (2) -name argument.

======================================================
Candidate: CAN-2001-1078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1078
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010622 eXtremail Remote Format String ('s)
Reference: URL:http://www.securityfocus.com/archive/1/192791
Reference: CONFIRM:http://www.extremail.com/history.htm
Reference: CONFIRM:http://www.extremail.com/news.htm
Reference: XF:extremail-flog-format-string(6733)
Reference: URL:http://xforce.iss.net/static/6733.php
Reference: BID:2908
Reference: URL:http://www.securityfocus.com/bid/2908

Format string vulnerability in flog function of eXtremail 1.1.9 and
earlier allows remote attackers to gain root privileges via format
specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or
(4) RCPT TO, and the POP3 commands (5) USER and (6) other commands
that can be executed after POP3 authentication.

======================================================
Candidate: CAN-2001-1079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1079
Phase: Proposed (20020131)
Category: CF
Reference: AIXAPAR:IY19069
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0000.html

create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX 3.2.0
creates keyfile directories with world-writable permissions, which
could allow a local user to delete key files and cause a denial of
service.

======================================================
Candidate: CAN-2001-1080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1080
Phase: Proposed (20020131)
Category: SF
Reference: IBM:MSS-OAR-E01-2001:225.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt
Reference: XF:aix-diagrpt-root-shell(6734)
Reference: URL:http://xforce.iss.net/static/6734.php

diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable
to find and execute certain programs, which allows local users to gain
privileges by modifying the variable to point to a Trojan horse
program.

======================================================
Candidate: CAN-2001-1081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1081
Phase: Proposed (20020131)
Category: SF
Reference: CONFIRM:http://freshmeat.net/releases/52020/
Reference: BID:2994
Reference: URL:http://www.securityfocus.com/bid/2994

Format string vulnerabilities in Livingston/Lucent RADIUS before
2.1.va.1 may allow local or remote attackers to cause a denial of
service and possibly execute arbitrary code via format specifiers that
are injected into log messages.

======================================================
Candidate: CAN-2001-1082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1082
Phase: Proposed (20020131)
Category: SF
Reference: CONFIRM:http://freshmeat.net/releases/52020/

Directory traversal vulnerability in Livingston/Lucent RADIUS before
2.1.va.1 may allow attackers to read arbitrary files via a .. (dot
dot) attack.

======================================================
Candidate: CAN-2001-1083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20010626 Advisory
Reference: URL:http://www.securityfocus.com/archive/1/193516
Reference: MISC:http://www.icecast.org/index.html
Reference: BID:2933
Reference: URL:http://www.securityfocus.com/bid/2933
Reference: XF:icecast-http-remote-dos(6751)
Reference: URL:http://xforce.iss.net/static/6751.php

Icecast 1.3.8beta2 and earlier with HTTP server file streaming support
enabled allows remote attackers to cause a denial of service (crash)
via a URL that ends in . (dot), / (forward slash), or \ (backward
slash).

======================================================
Candidate: CAN-2002-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0001
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100994648918287&w=2
Reference: CONFIRM:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
Reference: DEBIAN:DSA-096
Reference: URL:http://www.debian.org/security/2002/dsa-096
Reference: REDHAT:RHSA-2002:003
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-003.html

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt
1.3.x before 1.3.25 allows remote attackers to execute arbitrary
commands via an improperly terminated comment or phrase in the address
list.

======================================================
Candidate: CAN-2002-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0002
Phase: Proposed (20020131)
Category: SF
Reference: MISC:http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2
Reference: CONFIRM:http://stunnel.mirt.net/news.html
Reference: REDHAT:RHSA-2002:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html

Format string vulnerability in stunnel before 3.22 when used in client
mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious
servers to execute arbitrary code.

======================================================
Candidate: CAN-2002-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0003
Phase: Proposed (20020131)
Category: SF
Reference: REDHAT:RHSA-2002:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html

Buffer overflow in the preprocessor in groff 1.16 and earlier allows
remote attackers to gain privileges via lpd in the LPRng printing
system.

======================================================
Candidate: CAN-2002-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0004
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101128661602088&w=2
Reference: DEBIAN:DSA-102
Reference: URL:http://www.debian.org/security/2002/dsa-102
Reference: SUSE:SuSE-SA:2002:003
Reference: URL:http://www.suse.de/de/support/security/2002_003_at_txt.txt
Reference: MANDRAKE:MDKSA-2002:007
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101147632721031&w=2
Reference: REDHAT:RHSA-2002:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html

Heap corruption vulnerability in the "at" program allows local users
to execute arbitrary code via a malformed execution time, which causes
at to free the same memory twice.

======================================================
Candidate: CAN-2002-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2
Reference: BUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.securityfocus.com/archive/1/247944
Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
Reference: NTBUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
Reference: BID:3769
Reference: URL:http://www.securityfocus.com/bid/3769
Reference: XF:aim-game-overflow(7743)
Reference: URL:http://xforce.iss.net/static/7743.php

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and
other versions allows remote attackers to execute arbitrary code via a
long argument in a game request (AddGame).

======================================================
Candidate: CAN-2002-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0007
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote
attackers to obtain an anonymous bind to the LDAP server via a request
that does not include a password, which causes a null password to be
sent to the LDAP server.

======================================================
Candidate: CAN-2002-0008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0008
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108385
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108516

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user
comment via an HTTP request process_bug.cgi using the "who" parameter,
instead of the Bugzilla_login cookie, or (2) post a bug as another
user by modifying the reporter parameter to enter_bug.cgi, which is
passed to post_bug.cgi.

======================================================
Candidate: CAN-2002-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs
Access" privileges to see other products that are not accessible to
the user, by submitting a bug and reading the resulting Product
pulldown menu.

======================================================
Candidate: CAN-2002-0010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0010
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: BUGTRAQ:20020106 Inproper input validation in Bugzilla <=2.14 - exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108812
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108822
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108821
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109690
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109679
Reference: MISC:http://www.bugzilla.org/bugzilla2.14to2.14.1.patch

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL
code and create files or gain privileges via (1) the sql parameter in
buglist.cgi, (2) invalid field names from the "boolean chart" query in
buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a
malformed bug ID in the buglist parameter in long_list.cgi, and (5)
the value parameter in editusers.cgi, which allows groupset privileges
to be modified by attackers with blessgroupset privileges.

======================================================
Candidate: CAN-2002-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may
allow remote attackers to more easily conduct attacks on the login.

======================================================
Candidate: CAN-2002-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0028
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101043894627851&w=2
Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101043076806401&w=2
Reference: CERT:CA-2002-02
Reference: URL:http://www.cert.org/advisories/CA-2002-02.html
Reference: CERT-VN:VU#570167
Reference: URL:http://www.kb.cert.org/vuls/id/570167
Reference: BID:3813
Reference: URL:http://www.securityfocus.com/bid/3813

Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows
remote attackers to execute arbitrary code via a Voice Video & Games
request.

======================================================
Candidate: CAN-2002-0038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0038
Phase: Proposed (20020131)
Category: SF
Reference: SGI:20020102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I
Reference: SGI:20020102-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I
Reference: SGI:20020102-03-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P

Vulnerability in the cache-limiting function of the unified name
service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote
attackers to cause a denial of service by forcing the cache to fill
the disk.

======================================================
Candidate: CAN-2002-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0043
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/250168
Reference: REDHAT:RHSA-2002-013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html
Reference: REDHAT:RHSA-2002-011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html
Reference: CONECTIVA:CLA-2002:451
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
Reference: ENGARDE:ESA-20020114-001
Reference: SUSE:SuSE-SA:2002:002
Reference: URL:http://www.suse.de/de/support/security/2002_002_sudo_txt.txt
Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2
Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html
Reference: XF:sudo-unclean-env-root(7891)
Reference: URL:http://xforce.iss.net/static/7891.php
Reference: BID:3871
Reference: URL:http://www.securityfocus.com/bid/3871

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment
before calling the mail program, which could allow local users to gain
root privileges by modifying environment variables and changing how
the mail program is invoked.

======================================================
Candidate: CAN-2002-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0044
Phase: Proposed (20020131)
Category: SF
Reference: REDHAT:RHSA-2002-012
Reference: URL:https://www.redhat.com/support/errata/RHSA-2002-012.html
Reference: HP:HPSBTL0201-019
Reference: URL:http://www.securityfocus.com/advisories/3818
Reference: MANDRAKE:MDKSA-2002:010
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3
Reference: DEBIAN:DSA-105
Reference: URL:http://www.debian.org/security/2002/dsa-105
Reference: XF:gnu-enscript-tmpfile-symlink(7932)
Reference: URL:http://xforce.iss.net/static/7932.php
Reference: BID:3920
Reference: URL:http://www.securityfocus.com/bid/3920

GNU Enscript 1.6.1 and earlier allows local users to overwrite
arbitrary files of the Enscript user via a symlink attack on temporary
files.

======================================================
Candidate: CAN-2002-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0045
Phase: Proposed (20020131)
Category: SF
Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous
users before 2.0.8, to conduct a "replace" action on access controls
without any values, which causes OpenLDAP to delete non-mandatory
attributes which would otherwise be protected by ACLs.

======================================================
Candidate: CAN-2002-0046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046
Phase: Proposed (20020131)
Category: SF
Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp
Reference: URL:http://www.securityfocus.com/archive/1/251418
Reference: REDHAT:RHSA-2002-007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html

Linux kernel, and possibly other operating systems, allows remote
attackers to read portions of memory via a series of fragmented ICMP
packets that generate an ICMP TTL Exceeded response, which includes
portions of the memory in the response packet.

======================================================
Candidate: CAN-2002-0047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047
Phase: Proposed (20020131)
Category: SF
Reference: DEBIAN:DSA-104
Reference: URL:http://www.debian.org/security/2002/dsa-104
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:cipe-packet-handling-dos(7883)
Reference: URL:http://xforce.iss.net/static/7883.php

CIPE VPN package before 1.3.0-3 allows remote attackers to cause a
denial of service (crash) via a short malformed packet.

======================================================
Candidate: CAN-2002-0048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0048
Phase: Proposed (20020131)
Category: SF
Reference: SUSE:SuSE-SA:2002:004
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html
Reference: DEBIAN:DSA-106
Reference: URL:http://www.debian.org/security/2002/dsa-106
Reference: MANDRAKE:MDKSA-2002:009
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php
Reference: REDHAT:RHSA-2002:018
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-018.html
Reference: BUGTRAQ:20020128 TSLSA-2002-0025 - rsync
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223214906963&w=2
Reference: BUGTRAQ:20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223603321315&w=2
Reference: CONECTIVA:CLA-2002:458
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458
Reference: ENGARDE:ESA-20020125-004
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1853.html

Multiple signedness errors (mixed signed and unsigned numbers) in the
I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote
attackers to cause a denial of service and execute arbitrary code in
the rsync client or server.

---------------------------------------------------------------------
4. Subscribing and unsubscribing to CVE-DATA-UPDATE-LIST
---------------------------------------------------------------------

Unsubscribing
-------------

To unsubscribe from CVE-DATA-UPDATE-LIST, send an email message to
listservlists.mitre.org.

In the *BODY* of the message, type:

  SIGNOFF cve-data-update-list

Subscribing
-----------

If you are not already subscribed to this list, you can subscribe via
the following URL: http://cve.mitre.org/signup/register.html

---------------------------------------------------------------------
5. More information
---------------------------------------------------------------------

The MITRE Corporation (www.mitre.org) maintains CVE and provides
impartial technical guidance to the CVE Editorial Board on all matters
related to ongoing development of CVE.

For more information about CVE, visit the CVE Web site at
http://cve.mitre.org or send an email to cvemitre.org.

To view, download, or search the CVE list and the candidate list,
visit http://cve.mitre.org/cve/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]