OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: cvemitre.org
Date: Wed Aug 01 2001 - 14:56:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    *********************************************************************
    CVE Data Update - August 1, 2001
    *********************************************************************
    Web site: http://cve.mitre.org

    ---------------------------------------------------------------------
    In this issue
    ---------------------------------------------------------------------

    1. CVE talk at Black Hat Briefings
    2. 127 New Candidates Available on CVE Web Site
    3. Subscribing and unsubscribing to CVE-DATA-UPDATE-LIST
    4. More information

    Other news can be found on the CVE web site at
    http://cve.mitre.org/news/.

    ---------------------------------------------------------------------
    1. CVE talk at Black Hat Briefings
    ---------------------------------------------------------------------

    At the Black Hat Briefings on July 11, Steve Christey gave a talk on
    some of the challenges that are faced in CVE. You can download his
    Power Point presentation at http://cve.mitre.org/docs/

    ---------------------------------------------------------------------
    2. 127 New Candidates Available on CVE Web Site
    ---------------------------------------------------------------------

    The following candidates were recently proposed to the CVE Editorial
    Board and published on the CVE web site. The Editorial Board is
    reviewing and voting on these candidates to determine if they should
    become entries on the official CVE list.

    ======================================================
    Candidate: CAN-2001-0340
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0340
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: MS:MS01-030
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp

    An interaction between the Outlook Web Access (OWA) service in
    Microsoft Exchange 2000 Server and Internet Explorer allows attackers
    to execute malicious script code against a user's mailbox via a
    message attachment that contains HTML code, which is executed
    automatically.

    ======================================================
    Candidate: CAN-2001-0344
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0344
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-032
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp

    An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using
    Mixed Mode allows local database users to gain privileges by reusing a
    cached connection of the sa administrator account.

    ======================================================
    Candidate: CAN-2001-0345
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0345
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Microsoft Windows 2000 telnet service allows attackers to prevent idle
    Telnet sessions from timing out, causing a denial of service by
    creating a large number of idle sessions.

    ======================================================
    Candidate: CAN-2001-0347
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0347
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Information disclosure vulnerability in Microsoft Windows 2000 telnet
    service allows remote attackers to determine Guest accounts.

    ======================================================
    Candidate: CAN-2001-0348
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0348
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Microsoft Windows 2000 telnet service allows attackers to cause a
    denial of service via a malformed logon command.

    ======================================================
    Candidate: CAN-2001-0349
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0349
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Microsoft Windows 2000 telnet service creates named pipes with
    predictable names and does not properly verify them, which allows
    local users to execute arbitrary commands by creating a named pipe
    with the predictable name and associating a malicious program with it,
    the first of two variants of this vulnerability.

    ======================================================
    Candidate: CAN-2001-0350
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0350
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Microsoft Windows 2000 telnet service creates named pipes with
    predictable names and does not properly verify them, which allows
    local users to execute arbitrary commands by creating a named pipe
    with the predictable name and associating a malicious program with it,
    the second of two variants of this vulnerability.

    ======================================================
    Candidate: CAN-2001-0351
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0351
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: MS:MS01-031
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp

    Microsoft Windows 2000 telnet service allows a local user to make a
    certain system call that allows the user to terminate a Telnet session
    and cause a denial of service.

    ======================================================
    Candidate: CAN-2001-0352
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0352
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010620 Wired-side SNMP WEP key exposure in 802.11b Access Points

    SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point
    allow remote attackers to obtain the WEP encryption key by reading it
    from a MIB when the value should be write-only, via (1)
    dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE
    802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the
    Symbol MIB.

    ======================================================
    Candidate: CAN-2001-0353
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0353
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon

    Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and
    earlier allows local and remote attackers to gain root privileges via
    a "transfer job" routine.

    ======================================================
    Candidate: CAN-2001-0357
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0357
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010310 CORRECTION to CODE: FormMail.pl can be used to send anonymous email
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98433523520344&w=2
    Reference: XF:formmail-anonymous-flooding
    Reference: URL:http://xforce.iss.net/static/6242.php

    FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to
    send anonymous email (spam) by modifying the recipient and message
    paramaters.

    ======================================================
    Candidate: CAN-2001-0394
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0394
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
    Reference: XF:website-pro-remote-dos
    Reference: URL:http://xforce.iss.net/static/6295.php

    Remote manager service in Website Pro 3.0.37 allows remote attackers
    to cause a denial of service via a series of malformed HTTP requests
    to the /dyn directory.

    ======================================================
    Candidate: CAN-2001-0497
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0497
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys

    dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2
    and earlier, set insecure permissions for a HMAC-MD5 shared secret key
    file used for DNS Transactional Signatures (TSIG), which allows
    attackers to obtain the keys and perform dynamic DNS updates.

    ======================================================
    Candidate: CAN-2001-0498
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0498
    Phase: Proposed (20010727)
    Category: SF
    Reference: NAI:20010627 Oracle 8i SQLNet Header Vulnerability
    Reference: URL:http://www.pgp.com/research/covert/advisories/049.asp

    Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i
    8.1.7 and earlier allows remote attackers to cause a denial of service
    via a malformed SQLNet connection request with a large offset in the
    header extension.

    ======================================================
    Candidate: CAN-2001-0499
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0499
    Phase: Proposed (20010727)
    Category: SF
    Reference: NAI:20010627 Vulnerability in Oracle 8i TNS Listener
    Reference: URL:http://www.pgp.com/research/covert/advisories/050.asp

    Buffer overflow in Transparent Network Substrate (TNS) Listener in
    Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges
    via a long argument to the commands (1) STATUS, (2) PING, (3)
    SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.

    ======================================================
    Candidate: CAN-2001-0500
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0500
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-033
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
    Reference: CERT:CA-2001-13
    Reference: URL:http://www.cert.org/advisories/CA-2001-13.html

    Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and
    Indexing Service 2000 in IIS 6.0 beta and earlier allows remote
    attackers to execute arbitrary commands via a long argument to
    Internet Data Administration (.ida) and Internet Data Query (.idq)
    files.

    ======================================================
    Candidate: CAN-2001-0501
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0501
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99325144322224&w=2
    Reference: MS:MS01-034
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-034.asp
    Reference: BID:2876
    Reference: URL:http://www.securityfocus.com/bid/2876

    Microsoft Word 2002 and earlier allows attackers to automatically
    execute macros without warning the user by embedding the macros in a
    manner that escapes detection by the security scanner.

    ======================================================
    Candidate: CAN-2001-0502
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0502
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-036
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp

    Running Windows 2000 LDAP Server over SSL, a function does not
    properly check the permissions of a user request when the directory
    principal is a domain user and the data attribute is the domain
    password, which allows local users to modify the login password of
    other users.

    ======================================================
    Candidate: CAN-2001-0503
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0503
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS00-077
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp

    Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote
    attackers to cause a denial of service via a malformed string to the
    NetMeeting service port, aka a variant of the "NetMeeting Desktop
    Sharing" vulnerability.

    ======================================================
    Candidate: CAN-2001-0504
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0504
    Phase: Proposed (20010727)
    Category: SF
    Reference: MS:MS01-037
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp

    Vulnerability in authentication process for SMTP service in Microsoft
    Windows 2000 allows remote attackers to use incorrect credentials to
    gain privileges and conduct activites such as mail relaying.

    ======================================================
    Candidate: CAN-2001-0513
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0513
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: ISS:20010619 Oracle Redirect Denial of Service

    Oracle listener process on Windows NT redirects connection requests to
    another port and creates a separate thread to process the request,
    which allows remote attackers to cause a denial of service by
    repeatedly connecting to the Oracle listener but not connecting to the
    redirected port.

    ======================================================
    Candidate: CAN-2001-0514
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0514
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw

    SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as
    used in Netgear ME102 and Linksys WAP11, accepts arbitrary community
    strings with requested MIB modifications, which allows remote
    attackers to obtain sensitive information such as WEP keys, cause a
    denial of service, or gain access to the network.

    ======================================================
    Candidate: CAN-2001-0515
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0515
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities

    Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause
    a denial of service via a malformed connection packet with a large
    offset_to_data value.

    ======================================================
    Candidate: CAN-2001-0516
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0516
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities

    Oracle listener between Oracle 9i and Oracle 8.0 allows remote
    attackers to cause a denial of service via a malformed connection
    packet that contains an incorrect requester_version value that does
    not match an expected offset to the data.

    ======================================================
    Candidate: CAN-2001-0517
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0517
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities

    Oracle listener in Oracle 8i on Solaris allows remote attackers to
    cause a denial of service via a malformed connection packet with a
    maximum transport data size that is set to 0.

    ======================================================
    Candidate: CAN-2001-0518
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0518
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities

    Oracle listener before Oracle 9i allows attackers to cause a denial of
    service by repeatedly sending the first portion of a fragmented Oracle
    command without sending the remainder of the command, which causes the
    listener to hang.

    ======================================================
    Candidate: CAN-2001-0519
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0519
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Filter Bypass - Updated Advisory
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0282.html
    Reference: XF:esafe-gateway-bypass-filtering(6580)
    Reference: URL:http://xforce.iss.net/static/6580.php

    Aladdin eSafe Gateway versions 2.x allows a remote attacker to
    circumvent HTML SCRIPT filtering via a special arrangement of HTML
    tags which includes SCRIPT tags embedded within other SCRIPT tags.

    ======================================================
    Candidate: CAN-2001-0520
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0520
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through HTML tags
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html
    Reference: XF:esafe-gateway-bypass-filtering(6580)
    Reference: URL:http://xforce.iss.net/static/6580.php

    Aladdin eSafe Gateway versions 3.0 and earlier allows a remote
    attacker to circumvent filtering of SCRIPT tags by embedding the
    scripts within certain HTML tags including (1) onload in the BODY tag,
    (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5)
    any other tag in which scripts can be defined.

    ======================================================
    Candidate: CAN-2001-0521
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0521
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through Unicode Vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html
    Reference: XF:esafe-gateway-bypass-filtering(6580)
    Reference: URL:http://xforce.iss.net/static/6580.php

    Aladdin eSafe Gateway versions 3.0 and earlier allows a remote
    attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding
    of SCRIPT tags within the HTML document.

    ======================================================
    Candidate: CAN-2001-0522
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0522
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0281.html
    Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
    Reference: MANDRAKE:MDKSA-2001:053
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3

    Gnu Privacy Guard (GnuPG, aka gpg) 1.05 and earlier can allow an
    attacker to gain additional privileges via a format string attack in a
    maliciously encrypted file. The format string used is the name of the
    original, encrypted file.

    ======================================================
    Candidate: CAN-2001-0523
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0523
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
    Reference: BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
    Reference: XF:eeye-secureiis-bypass-detection
    Reference: URL:http://xforce.iss.net/static/6563.php
    Reference: XF:eeye-secureiis-directory-traversal
    Reference: URL:http://xforce.iss.net/static/6564.php

    eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to
    bypass filtering of requests made to SecureIIS via the escaping of
    HTML characters within the request, which could allow a remote
    attacker to use restricted variables and perform directory traversal
    attacks on vulnerable programs that would otherwise be protected by
    SecureIIS.

    ======================================================
    Candidate: CAN-2001-0524
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0524
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
    Reference: BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
    Reference: XF:eeye-secureiis-http-header-bo(6574)
    Reference: URL:http://xforce.iss.net/static/6574.php

    eEye SecureIIS versions 1.0.3 and earlier does not perform length
    checking on individual HTTP headers, which allows a remote attacker to
    send arbitrary length strings to IIS, contrary to an advertised
    feature of SecureIIS versions 1.0.3 and earlier.

    ======================================================
    Candidate: CAN-2001-0525
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0525
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
    Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
    Reference: XF:dqs-dsh-bo
    Reference: URL:http://xforce.iss.net/static/6577.php

    dsh program in dqs version 3.2.7 in SuSE Linux 7.0 and earlier, and
    possibly other operating systems, allows a local attacker to gain
    privileges via a buffer overflow in the first command line argument.

    ======================================================
    Candidate: CAN-2001-0526
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0526
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
    Reference: XF:solaris-mailtool-openwinhome-bo(6626)
    Reference: URL:http://xforce.iss.net/static/6626.php

    Buffer overflow in mailtool in Solaris 8 and earlier versions can
    allow a local attacker to gain privileges via the OPENWINHOME
    environmental variable.

    ======================================================
    Candidate: CAN-2001-0527
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0527
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
    Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
    Reference: XF:dcforum-cgi-admin-access(6538)
    Reference: URL:http://xforce.iss.net/static/6538.php

    DCScripts DCForum versions 2000 and earlier allow a remote attacker to
    gain additional privileges by inserting pipe symbols (|) and newlines
    into the last name in the registration form, which will create an
    extra entry in the registration database.

    ======================================================
    Candidate: CAN-2001-0528
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0528
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
    Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
    Reference: BID:2694
    Reference: URL:http://www.securityfocus.com/bid/2694
    Reference: XF:oracle-adi-plaintext-passwords(6501)
    Reference: URL:http://xforce.iss.net/static/6501.php

    Oracle E-Business Suite Release 11i Applications Desktop Integrator
    (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which
    logs the APPS schema password in cleartext in a debug file, which
    allows local users to obtain the password and gain privileges.

    ======================================================
    Candidate: CAN-2001-0529
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0529
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010604 SSH allows deletion of other users files...
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
    Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files...
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
    Reference: NETBSD:NetBSD-SA2001-010
    Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
    Reference: CALDERA:CSSA-2001-023.0
    Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
    Reference: BID:2825
    Reference: URL:http://www.securityfocus.com/bid/2825

    OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a
    local attacker to delete any file named 'cookies' via a symlink
    attack.

    ======================================================
    Candidate: CAN-2001-0530
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0530
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
    Reference: BUGTRAQ:20010607 SpearHead Security NetGAP
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
    Reference: BID:2798
    Reference: URL:http://www.securityfocus.com/bid/2798
    Reference: XF:netgap-unicode-bypass-filter
    Reference: URL:http://xforce.iss.net/static/6625.php

    Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker
    to bypass file blocking and content inspection via specially encoded
    URLs which include '%' characters.

    ======================================================
    Candidate: CAN-2001-0533
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0533
    Phase: Proposed (20010727)
    Category: SF/CF/MP/SA/AN/unknown
    Reference: IBM:MSS-OAR-E01-2001:271.1
    Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt

    Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows
    local users to gain root privileges via a long LANG environmental
    variable.

    ======================================================
    Candidate: CAN-2001-0534
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0534
    Phase: Proposed (20010727)
    Category: SF
    Reference: ISS:20010705 Remote Buffer Overflow in Multiple RADIUS Implementations
    Reference: URL:http://xforce.iss.net/alerts/alerts.php

    Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b
    and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial
    of service or execute arbitrary commands.

    ======================================================
    Candidate: CAN-2001-0537
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0537
    Phase: Proposed (20010727)
    Category: SF
    Reference: CISCO:20010627 IOS HTTP authorization vulnerability
    Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
    Reference: CERT:CA-2001-14
    Reference: URL:http://www.cert.org/advisories/CA-2001-14.html

    HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass
    authentication and execute arbitrary commands, when local
    authorization is being used, via a .... (modified dot dot) in the URL.

    ======================================================
    Candidate: CAN-2001-0538
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0538
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2
    Reference: MS:MS01-038
    Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp

    Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and
    earlier allows remote attackers to execute arbitrary commands via a
    malicious HTML e-mail message or web page.

    ======================================================
    Candidate: CAN-2001-0548
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0548
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2

    Buffer overflow in dtmail in Solaris 2.6 and 7, and possibly other
    operating systems, allows local users to gain privileges via the MAIL
    environmental variable.

    ======================================================
    Candidate: CAN-2001-0549
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0549
    Phase: Proposed (20010727)
    Category: SF
    Reference: CERT-VN:VU#814187
    Reference: URL:http://www.kb.cert.org/vuls/id/814187
    Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html

    Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a
    registry key, which could allow local users to obtain the passwords.

    ======================================================
    Candidate: CAN-2001-0553
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0553
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html

    SSH Secure Shell 3.0.0 on Unix systems does not properly perform
    password authentication to the sshd2 daemon, which allows local users
    to gain access to accounts with short password fields, such as locked
    accounts that use "NP" in the password field.

    ======================================================
    Candidate: CAN-2001-0554
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0554
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability
    Reference: URL:http://www.securityfocus.com/archive/1/197804
    Reference: CERT:CA-2000-21
    Reference: URL:http://www.cert.org/advisories/CA-2001-21.html
    Reference: FREEBSD:FreeBSD-SA-01:49
    Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
    Reference: NETBSD:NetBSD-SA2001-012
    Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
    Reference: BID:3064
    Reference: URL:http://www.securityfocus.com/bid/3064

    Buffer overflow in BSD-based telnetd telnet daemon on various
    operating systems allows remote attackers to execute arbitrary
    commands via a set of options including AYT (Are You There), which is
    not properly handled by the telrcv function.

    ======================================================
    Candidate: CAN-2001-0555
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0555
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010613 ScreamingMedia SITEWare source code disclosure vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
    Reference: BUGTRAQ:20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
    Reference: CONFIRM:http://www01.screamingmedia.com/en/security/sms1001.php

    ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote
    attacker to read world-readable files via a .. (dot dot) attack
    through (1) the SITEWare Editor's Desktop or (2) the template
    parameter in SWEditServlet.

    ======================================================
    Candidate: CAN-2001-0556
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0556
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...)
    Reference: URL:http://www.securityfocus.com/archive/1/180237
    Reference: CONFIRM:http://www.nedit.org/archives/develop/2001-Feb/0391.html
    Reference: SUSE:SuSE-SA:2001:14
    Reference: URL:http://www.suse.de/de/support/security/2001_014_nedit.txt
    Reference: MANDRAKE:MDKSA-2001:042
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
    Reference: DEBIAN:DSA-053
    Reference: URL:http://www.debian.org/security/2001/dsa-053
    Reference: REDHAT:RHSA-2001:061
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-061.html
    Reference: BID:2667
    Reference: URL:http://www.securityfocus.com/bid/2667

    The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker
    to overwrite other users' files via a symlink attack on (1) backup
    files or (2) temporary files used when nedit prints a file or portions
    of a file.

    ======================================================
    Candidate: CAN-2001-0557
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0557
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for Jana server
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
    Reference: XF:jana-server-directory-traversal(6513)
    Reference: URL:http://xforce.iss.net/static/6513.php
    Reference: BID:2703
    Reference: URL:http://www.securityfocus.com/bid/2703

    T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to
    view arbitrary files via a '..' (dot dot) attack which is URL encoded
    (%2e%2e).

    ======================================================
    Candidate: CAN-2001-0558
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0558
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for Jana server
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
    Reference: XF:jana-server-device-dos(6521)
    Reference: URL:http://xforce.iss.net/static/6521.php
    Reference: BID:2704
    Reference: URL:http://www.securityfocus.com/bid/2704

    T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote
    attacker to create a denial of service via a URL request which
    includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

    ======================================================
    Candidate: CAN-2001-0559
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0559
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Vixie cron vulnerability
    Reference: URL:http://www.securityfocus.com/archive/1/183029
    Reference: DEBIAN:DSA-054
    Reference: URL:http://www.debian.org/security/2001/dsa-054
    Reference: MANDRAKE:MDKSA-2001:050
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
    Reference: SUSE:SuSE-SA:2001:17
    Reference: URL:http://www.suse.de/de/support/security/2001_017_cron_txt.txt
    Reference: BID:2687
    Reference: URL:http://www.securityfocus.com/bid/2687
    Reference: XF:vixie-cron-gain-privileges
    Reference: URL:http://xforce.iss.net/static/6508.php

    crontab in Vixie cron 3.0.1 and earlier does not properly drop
    privileges after the failed parsing of a modification operation, which
    could allow a local attacker to gain additional privileges when an
    editor is called to correct the error.

    ======================================================
    Candidate: CAN-2001-0560
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0560
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010210 vixie cron possible local root compromise
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
    Reference: AIXAPAR:IY17048
    Reference: AIXAPAR:IY17261
    Reference: MANDRAKE:MDKSA-2001:022
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
    Reference: REDHAT:RHSA-2001-014
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html
    Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
    Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
    Reference: XF:vixie-crontab-bo(6098)
    Reference: URL:http://xforce.iss.net/static/6098.php

    Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local
    attacker to gain additional privileges via a long username (> 20
    characters).

    ======================================================
    Candidate: CAN-2001-0561
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0561
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for A1Stats
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
    Reference: BID:2705
    Reference: URL:http://www.securityfocus.com/bid/2705
    Reference: XF:a1stats-dot-directory-traversal(6503)
    Reference: URL:http://xforce.iss.net/static/6503.php

    Directory traversal vulnerability in Drummond Miles A1Stats prior to
    1.6 allows a remote attacker to read arbitrary files via a '..' (dot
    dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.

    ======================================================
    Candidate: CAN-2001-0562
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0562
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for A1Stats
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
    Reference: BID:2705
    Reference: URL:http://www.securityfocus.com/bid/2705
    Reference: XF:a1stats-a1admin-dos(6505)
    Reference: URL:http://xforce.iss.net/static/6505.php

    a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a
    remote attacker to execute commands via a specially crafted URL which
    includes shell metacharacters.

    ======================================================
    Candidate: CAN-2001-0563
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0563
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
    Reference: XF:electrocomm-telnet-dos(6514)
    Reference: URL:http://xforce.iss.net/static/6514.php
    Reference: BID:2706
    Reference: URL:http://www.securityfocus.com/bid/2706

    ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a
    remote attacker to create a denial of service via large (> 160000
    character) strings sent to port 23.

    ======================================================
    Candidate: CAN-2001-0564
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0564
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html

    APC Web/SNMP Management Card prior to Firmware 310 only supports one
    telnet connection, which allows a remote attacker to create a denial
    of service via repeated failed logon attempts which temporarily locks
    the card.

    ======================================================
    Candidate: CAN-2001-0565
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0565
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
    Reference: XF:mailx-bo(6181)
    Reference: URL:http://xforce.iss.net/static/6181.php

    Buffer overflow in mailx in Solaris 8 and earlier allows a local
    attacker to gain additional privileges via a long '-F' command line
    option.

    ======================================================
    Candidate: CAN-2001-0566
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0566
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010503 Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled.
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html
    Reference: XF:cisco-catalyst-udp-dos(6515)
    Reference: URL:http://xforce.iss.net/static/6515.php

    Cisco Catalyst 2900XL switch allows a remote attacker to create a denial
    of service via an empty UDP packet sent to port 161 (SNMP) when SNMP
    is disabled.

    ======================================================
    Candidate: CAN-2001-0567
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0567
    Phase: Proposed (20010727)
    Category: SF
    Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
    Reference: DEBIAN:DSA-055
    Reference: URL:http://www.debian.org/security/2001/dsa-055
    Reference: MANDRAKE:MDKSA-2001:049
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
    Reference: REDHAT:RHSA-2001:065
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html

    Digital Creations Zope 2.3.2 and earlier allows a local attacker
    to gain additional privileges via the changing of ZClass permission
    mappings for objects and methods in the ZClass.

    ======================================================
    Candidate: CAN-2001-0568
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0568
    Phase: Proposed (20010727)
    Category: SF
    Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
    Reference: MANDRAKE:MDKSA-2001:025
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
    Reference: DEBIAN:DSA-043
    Reference: URL:http://www.debian.org/security/2001/dsa-043
    Reference: REDHAT:RHSA-2001:021
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html
    Reference: CONECTIVA:CLA-2001:382
    Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382

    Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker
    (Zope user) with through-the-web scripting capabilities to alter
    ZClasses class attributes.

    ======================================================
    Candidate: CAN-2001-0569
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0569
    Phase: Proposed (20010727)
    Category: SF
    Reference: CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
    Reference: MANDRAKE:MDKSA-2001:025
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
    Reference: DEBIAN:DSA-043
    Reference: URL:http://www.debian.org/security/2001/dsa-043
    Reference: REDHAT:RHSA-2001:021
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-021.html
    Reference: CONECTIVA:CLA-2001:382
    Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382

    Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the
    method return values related to the classes (1) ObjectManager, (2)
    PropertyManager, and (3) PropertySheet.

    ======================================================
    Candidate: CAN-2001-0570
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0570
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010503 minicom exploit
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-067.html
    Reference: REDHAT:RHSA-2001:067
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-067.html
    Reference: CALDERA:CSSA-2001-016.0
    Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-016.0.txt
    Reference: BUGTRAQ:20010517 Immunix OS Security update for minicom
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99014300904714&w=2
    Reference: XF:minicom-xmodem-format-string(6498)
    Reference: URL:http://xforce.iss.net/static/6498.php

    minicom 1.83.1 and earlier allows a local attacker to gain additional
    privileges via numerous format string attacks.

    ======================================================
    Candidate: CAN-2001-0571
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0571
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010323 Elron IM Products Vulnerability
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98538867727489&w=2
    Reference: BUGTRAQ:20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98567864203963&w=2
    Reference: BUGTRAQ:20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html
    Reference: BID:2519
    Reference: URL:http://www.securityfocus.com/bid/2519
    Reference: BID:2520
    Reference: URL:http://www.securityfocus.com/bid/2520

    Directory traversal vulnerability in the web server for (1) Elron
    Internet Manager (IM) Message Inspector and (2) Anti-Virus before
    3.0.4 allows remote attackers to read arbitrary files via a .. (dot
    dot) in the requested URL.

    ======================================================
    Candidate: CAN-2001-0572
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0572
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010318 Passive Analysis of SSH (Secure Shell) Traffic
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html
    Reference: CONECTIVA:CLA-2001:391
    Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391
    Reference: REDHAT:RHSA-2001:033
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-033.html
    Reference: MANDRAKE:MDKSA-2001:033
    Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3

    The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and
    other packages have various weaknesses which can allow a remote
    attacker to obtain the following information via sniffing: (1)
    password lengths or ranges of lengths, which simplifies brute force
    password guessing, (2) whether RSA or DSA authentication is being
    used, (3) the number of authorized_keys in RSA authentication, or (4)
    the lengths of shell commands.

    ======================================================
    Candidate: CAN-2001-0573
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0573
    Phase: Proposed (20010727)
    Category: SF
    Reference: AIXAPAR:IY16909
    Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0000.html

    lsfs in AIX 4.x allows a local user to gain additional privileges by
    creating Trojan horse programs named (1) grep or (2) lslv in a certain
    directory that is under the user's control, which cause lsfs to access
    the programs in that directory.

    ======================================================
    Candidate: CAN-2001-0574
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0574
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for MP3Mystic
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
    Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
    Reference: XF:mp3mystic-dot-directory-traversal(6504)
    Reference: URL:http://xforce.iss.net/static/6504.php
    Reference: BID:2699
    Reference: URL:http://www.securityfocus.com/bid/2699

    Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows
    a remote attacker to download arbitrary files via a '..' (dot dot) in
    the URL.

    ======================================================
    Candidate: CAN-2001-0575
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0575
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpshut)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html
    Reference: XF:sco-openserver-lpshut-bo(6290)
    Reference: URL:http://xforce.iss.net/static/6290.php

    Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local
    attacker to gain additional privileges via a long first argument to
    lpshut.

    ======================================================
    Candidate: CAN-2001-0576
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0576
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpusers)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html
    Reference: XF:sco-openserver-lpusers-bo(6292)
    Reference: URL:http://xforce.iss.net/static/6292.php

    lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a
    local attacker to gain additional privileges via a buffer overflow
    attack in the '-u' command line parameter.

    ======================================================
    Candidate: CAN-2001-0577
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0577
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (recon)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html
    Reference: XF:sco-openserver-recon-bo(6289)
    Reference: URL:http://xforce.iss.net/static/6289.php

    recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker
    to gain additional privileges via a buffer overflow attack in the
    first command line argument.

    ======================================================
    Candidate: CAN-2001-0578
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0578
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpforms)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html
    Reference: XF:sco-openserver-lpforms-bo(6293)
    Reference: URL:http://xforce.iss.net/static/6293.php

    Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a
    local attacker to gain additional privileges via a long first argument
    to the lpforms command.

    ======================================================
    Candidate: CAN-2001-0579
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0579
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 issues (lpadmin)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html
    Reference: XF:sco-openserver-lpadmin-bo(6291)
    Reference: URL:http://xforce.iss.net/static/6291.php

    lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain
    additional privileges via a buffer overflow attack in the first
    argument to the command.

    ======================================================
    Candidate: CAN-2001-0580
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0580
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:200105007 Advisory for Vdns
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html

    Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote
    attacker to create a denial of service by connecting to port 6070,
    sending some data, and closing the connection.

    ======================================================
    Candidate: CAN-2001-0581
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0581
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010507 Advisory for Spynet Chat
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0051.html
    Reference: XF:spynet-connection-dos(6509)
    Reference: URL:http://xforce.iss.net/static/6509.php
    Reference: BID:2701
    Reference: URL:http://www.securityfocus.com/bid/2701

    Spytech Spynet Chat Server 6.5 allows a remote attacker to create a
    denial of service (crash) via a large amount (> 100) of connections to
    port 6387.

    ======================================================
    Candidate: CAN-2001-0582
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0582
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010503 Vulnerabilities in CrushFTP Server
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html
    Reference: XF:crushftp-directory-traversal(6495)
    Reference: URL:http://xforce.iss.net/static/6495.php

    Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local
    attacker to access arbtrary files via a '..' (dot dot) attack, or
    variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.

    ======================================================
    Candidate: CAN-2001-0583
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0583
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010315 def-2001-11: MDaemon 3.5.4 Dos-Device DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0188.html
    Reference: XF:mdaemon-webservices-dos(6240)
    Reference: URL:http://xforce.iss.net/static/6240.php

    Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a
    denial of service via the URL request of a MS-DOS device (such as GET
    /aux) to (1) the Worldclient service at port 3000, or (2) the
    Webconfig service at port 3001.

    ======================================================
    Candidate: CAN-2001-0584
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0584
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010325 MDaemon IMAP Denial Of Service
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0365.html
    Reference: BID:2508
    Reference: URL:http://www.securityfocus.com/bid/2508
    Reference: XF:mdaemon-imap-command-dos(6279)
    Reference: URL:http://xforce.iss.net/static/6279.php

    IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to
    cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE
    commands.

    ======================================================
    Candidate: CAN-2001-0585
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0585
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
    Reference: BID:2494
    Reference: URL:http://www.securityfocus.com/bid/2494
    Reference: XF:ntmail-long-url-dos(6249)
    Reference: URL:http://xforce.iss.net/static/6249.php

    Gordano NTMail 6.0.3c allows a remote attacker to create a denial of
    service via a long (>= 255 characters) URL request to port 8000 or
    port 9000.

    ======================================================
    Candidate: CAN-2001-0586
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0586
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
    Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html

    TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local
    attacker to recover the administrative credentials for ScanMail via a
    combination of unprotected registry keys and weakly encrypted
    passwords.

    ======================================================
    Candidate: CAN-2001-0587
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0587
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (deliver)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html
    Reference: XF:sco-openserver-deliver-bo(6302)
    Reference: URL:http://xforce.iss.net/static/6302.php

    deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a
    local attacker to gain additional privileges via a buffer overflow in
    the first argument to the command.

    ======================================================
    Candidate: CAN-2001-0588
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0588
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (sendmail 8.9.3)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0417.html

    sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO
    OpenServer 5.0.6, can allow a local attacker to gain additional
    privileges via a buffer overflow in the first argument to the command.

    ======================================================
    Candidate: CAN-2001-0589
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0589
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
    Reference: BID:2523
    Reference: URL:http://www.securityfocus.com/bid/2523

    NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and
    Netscreen-100 can allow a local attacker to bypass the DMZ 'denial'
    policy via specific traffic patterns.

    ======================================================
    Candidate: CAN-2001-0590
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0590
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html

    Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a
    remote attacker to read the source code to arbitrary 'jsp' files via a
    malformed URL request which does not end with an HTTP protocol
    specification (i.e. HTTP/1.0)

    ======================================================
    Candidate: CAN-2001-0591
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0591
    Phase: Proposed (20010727)
    Category: SF
    Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
    Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html
    Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
    Reference: BID:2286
    Reference: URL:http://www.securityfocus.com/bid/2286

    Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1
    and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read
    or execute arbitrary .jsp files via a '..' (dot dot) attack.

    ======================================================
    Candidate: CAN-2001-0592
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0592
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010405 def-2001-18: Watchguard Firebox II Kernel DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0054.html
    Reference: XF:firebox-kernel-dos(6327)
    Reference: URL:http://xforce.iss.net/static/6327.php

    Watchguard Firebox II prior to 4.6 allows a remote attacker to create
    a denial of service in the kernel via a large stream (>10,000) of
    malformed ICMP or TCP packets.

    ======================================================
    Candidate: CAN-2001-0593
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0593
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010327 advisory
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
    Reference: BID:2512
    Reference: URL:http://www.securityfocus.com/bid/2512
    Reference: XF:anaconda-clipper-directory-traversal(6286)
    Reference: URL:http://xforce.iss.net/static/6286.php

    Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to
    read arbitrary files via a '..' (dot dot) attack in the template
    parameter.

    ======================================================
    Candidate: CAN-2001-0594
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0594
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010409 Solaris kcms_configure vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html
    Reference: BID:2558
    Reference: URL:http://www.securityfocus.com/bid/2558
    Reference: XF:solaris-kcms-command-bo(6359)
    Reference: URL:http://xforce.iss.net/static/6359.php

    kcms_configure as included with Solaris 7 and 8 allows a local
    attacker to gain additional privileges via a buffer overflow in a
    command line argument.

    ======================================================
    Candidate: CAN-2001-0595
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0595
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
    Reference: XF:solaris-kcssunwiosolf-bo(6365)
    Reference: URL:http://xforce.iss.net/static/6365.php

    Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8
    allows local attackers to execute arbitrary commands via the
    KCMS_PROFILES environmental variable, e.g. in the kcms_configure
    program.as with the kcms_configure program.

    ======================================================
    Candidate: CAN-2001-0596
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0596
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010409 Netscape 4.76 gif comment flaw
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98685237415117&w=2
    Reference: DEBIAN:DSA-051
    Reference: URL:http://www.debian.org/security/2001/dsa-051
    Reference: CONECTIVA:CLA-2001:393
    Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
    Reference: REDHAT:RHSA-2001:046
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-046.html
    Reference: XF:netscape-javascript-access-data(6344)
    Reference: URL:http://xforce.iss.net/static/6344.php

    Netscape Communicator prior to 4.77 allows a remote attacker to execute
    arbitrary javascript via specially crafted GIF images. The javascript
    is embedded in the GIF file as a comment.

    ======================================================
    Candidate: CAN-2001-0597
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0597
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010410 Catastrophic failure of Strip password generation.
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html
    Reference: BID:2567
    Reference: URL:http://www.securityfocus.com/bid/2567
    Reference: XF:strip-weak-passwords(6362)
    Reference: URL:http://xforce.iss.net/static/6362.php

    Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and
    earlier for the PalmOS allows a local attacker to recover passwords
    via a brute force attack. This attack is made feasible by STRIP's use
    of SysRandom, which is seeded by TimeGetTicks, and an implementation
    flaw which vastly reduces the password 'search space'.

    ======================================================
    Candidate: CAN-2001-0598
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0598
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-21: Ghost Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html
    Reference: XF:ghost-configuration-server-dos(6357)
    Reference: URL:http://xforce.iss.net/static/6357.php
    Reference: BID:2570
    Reference: URL:http://www.securityfocus.com/bid/2570

    Symantec Ghost 6.5 and earlier allows a remote attacker to create a
    denial of service by sending large (> 45Kb) amounts of data to the
    Ghost Configuration Server on port 1347, which triggers an error that
    is not properly handled.

    ======================================================
    Candidate: CAN-2001-0599
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0599
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-21: Ghost Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html
    Reference: XF:ghost-database-engine-dos(6356)
    Reference: URL:http://xforce.iss.net/static/6356.php
    Reference: BID:2572
    Reference: URL:http://www.securityfocus.com/bid/2572

    Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier
    as included with Symantec Ghost 6.5 allows a remote attacker to create
    a denial of service by sending large (> 45Kb) amounts of data to port
    2638.

    ======================================================
    Candidate: CAN-2001-0600
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0600
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
    Reference: XF:lotus-domino-header-dos(6347)
    Reference: URL:http://xforce.iss.net/static/6347.php

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a
    denial of service via repeated URL requests with the same HTTP
    headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding,
    (4) Accept-Language, and (5) Content-Type.

    ======================================================
    Candidate: CAN-2001-0601
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0601
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
    Reference: XF:lotus-domino-unicode-dos(6349)
    Reference: URL:http://xforce.iss.net/static/6349.php

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a
    denial of service via HTTP requests containing certain combinations of
    UNICODE characters.

    ======================================================
    Candidate: CAN-2001-0602
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0602
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
    Reference: XF:lotus-domino-device-dos(6348)
    Reference: URL:http://xforce.iss.net/static/6348.php

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a
    denial of service via repeated (>400) URL requests for DOS devices.

    ======================================================
    Candidate: CAN-2001-0603
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0603
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
    Reference: XF:lotus-domino-corba-dos(6350)
    Reference: URL:http://xforce.iss.net/static/6350.php

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a
    denial of service via repeatedly sending large (> 10Kb) amounts of
    data to the DIIOP - CORBA service on TCP port 63148.

    ======================================================
    Candidate: CAN-2001-0604
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0604
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
    Reference: XF:lotus-domino-url-dos(6351)
    Reference: URL:http://xforce.iss.net/static/6351.php

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a
    denial of service via URL requests (>8Kb) containing a large number of
    '/' characters.

    ======================================================
    Candidate: CAN-2001-0605
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0605
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010226 My Getright Unsupervised File Download Vulnerability
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98321819112158&w=2

    Headlight Software MyGetright prior to 1.0b allows a remote attacker
    to upload and/or overwrite arbitrary files via a malicious .dld
    (skins-data) file which contains long strings of random data.

    ======================================================
    Candidate: CAN-2001-0606
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0606
    Phase: Proposed (20010727)
    Category: SF
    Reference: HP:HPSBUX0102-139
    Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0041.html

    Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with
    VirtualVault A.04.00 allows a remote attacker to create a denial of
    service via the HTTPS service.

    ======================================================
    Candidate: CAN-2001-0607
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0607
    Phase: Proposed (20010727)
    Category: CF
    Reference: HP:HPSBUX0103-145
    Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0080.html

    asecure as included with HP-UX 10.01 through 11.00 can allow a local
    attacker to create a denial of service and gain additional privileges
    via unsafe permissions on the asecure program.

    ======================================================
    Candidate: CAN-2001-0608
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0608
    Phase: Proposed (20010727)
    Category: SF
    Reference: HP:HPSBMP0103-011
    Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0087.html

    HP architected interface facility (AIF) as includes with MPE/iX 5.5
    through 6.5 running on a HP3000 allows an attacker to gain additional
    privileges and gain access to databases via the AIF - AIFCHANGELOGON
    program.

    ======================================================
    Candidate: CAN-2001-0609
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0609
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010411 CFINGERD remote vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.html
    Reference: DEBIAN:DSA-048
    Reference: URL:http://www.debian.org/security/2001/dsa-048
    Reference: BID:2576
    Reference: URL:http://www.securityfocus.com/bid/2576
    Reference: XF:cfingerd-remote-format-string(6364)
    Reference: URL:http://xforce.iss.net/static/6364.php

    Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier
    allows a remote attacker to gain additional privileges via a malformed
    ident reply that is passed to the syslog function.

    ======================================================
    Candidate: CAN-2001-0610
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0610
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010418 Insecure directory handling in KFM file manager
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html
    Reference: XF:kfm-tmpfile-symlink(6428)
    Reference: URL:http://xforce.iss.net/static/6428.php

    kfm as included with KDE 1.x can allow a local attacker to gain
    additional privileges via a symlink attack in the kfm cache directory
    in /tmp.

    ======================================================
    Candidate: CAN-2001-0611
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0611
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
    Reference: BID:2723
    Reference: URL:http://www.securityfocus.com/bid/2723
    Reference: XF:becky-mail-message-bo(6531)
    Reference: URL:http://xforce.iss.net/static/6531.php

    Becky! 2.00.05 and earlier can allow a remote attacker to gain
    additional privileges via a buffer overflow attack on long messages
    without newline characters.

    ======================================================
    Candidate: CAN-2001-0612
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0612
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010516 Remote Desktop DoS
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
    Reference: XF:remote-desktop-dos(6547)
    Reference: URL:http://xforce.iss.net/static/6547.php
    Reference: BID:2726
    Reference: URL:http://www.securityfocus.com/bid/2726

    McAfee Remote Desktop 3.0 and earlier allows a remote attacker to
    create a denial of service (crash) via large amounts of packets to
    port 5045.

    ======================================================
    Candidate: CAN-2001-0613
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0613
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
    Reference: XF:omnihttpd-post-dos(6540)
    Reference: URL:http://xforce.iss.net/static/6540.php
    Reference: BID:2730
    Reference: URL:http://www.securityfocus.com/bid/2730

    Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a
    remote attacker to create a denial of service via a long (>4111 bytes)
    POST URL request.

    ======================================================
    Candidate: CAN-2001-0614
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0614
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010514 def-2001-25: Carello E-Commerce Arbitrary Command Execution
    Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98991352402073&w=2
    Reference: XF:carello-url-code-execution(6532)
    Reference: URL:http://xforce.iss.net/static/6532.php

    Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain
    additional privileges and execute arbitrary commands via a specially
    constructed URL.

    ======================================================
    Candidate: CAN-2001-0615
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0615
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
    Reference: BID:2776
    Reference: URL:http://www.securityfocus.com/bid/2776
    Reference: XF:freestyle-chat-directory-traversal(6601)
    Reference: URL:http://xforce.iss.net/static/6601.php

    Directory traversal vulnerability in Faust Informatics Freestyle Chat
    server prior to 4.1 SR3 allows a remote attacker to read arbitrary
    files via a specially crafted URL which includes variations of a '..'
    (dot dot) attack such as '...' or '....'.

    ======================================================
    Candidate: CAN-2001-0616
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0616
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
    Reference: BID:2777
    Reference: URL:http://www.securityfocus.com/bid/2777
    Reference: XF:freestyle-chat-device-dos(6602)
    Reference: URL:http://xforce.iss.net/static/6602.php

    Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a
    remote attacker to create a denial of service via a URL request which
    includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).

    ======================================================
    Candidate: CAN-2001-0617
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0617
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010514 Cable-Router AR220e Portmapper Security-Flaw
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html
    Reference: XF:telesyn-portmapper-access-services(6560)
    Reference: URL:http://xforce.iss.net/static/6560.php

    Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the
    portmapper and the 'Virtual Server' enabled can allow a remote
    attacker to gain access to mapped services even though the single
    portmappings may be disabled.

    ======================================================
    Candidate: CAN-2001-0618
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0618
    Phase: Proposed (20010727)
    Category: CF
    Reference: BUGTRAQ:20010402 RG-1000 802.11 Residential Gateway default WEP key disclosure flaw
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0020.html
    Reference: XF:orinoco-rg1000-wep-key(6328)
    Reference: URL:http://xforce.iss.net/static/6328.php

    Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of
    the 'Network Name' or SSID as the default Wired Equivalent Privacy
    (WEP) encryption key. Since the SSID occurs in the clear during
    communications, a remote attacker could determine the WEP key and
    decrypt RG-1000 traffic.

    ======================================================
    Candidate: CAN-2001-0619
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0619
    Phase: Proposed (20010727)
    Category: unknown
    Reference: BUGTRAQ:20010402 Design Flaw in Lucent/Orinoco 802.11 proprietary access control- closed network
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0015.html

    The Lucent Closed Network protocol can allow remote attackers to join
    Closed Network networks which they do not have access to. The 'Network Name'
    or SSID, which is used as a shared secret to join the network, is transmitted
    in the clear.

    ======================================================
    Candidate: CAN-2001-0620
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0620
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010418 iplanet calendar server 5.0p2 exposes Netscape Admin Server master password
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0320.html
    Reference: XF:iplanet-calendar-plaintext-password(6402)
    Reference: URL:http://xforce.iss.net/static/6402.php

    iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to
    gain access to the Netscape Admin Server (NAS) LDAP database and read
    arbitrary files by obtaining the cleartext administrator username and
    password from the configuration file, which has insecure permissions.

    ======================================================
    Candidate: CAN-2001-0621
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0621
    Phase: Proposed (20010727)
    Category: SF
    Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP
    Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
    Reference: XF:cisco-css-ftp-commands(6557)
    Reference: URL:http://xforce.iss.net/static/6557.php

    The FTP server on Cisco Content Service 11000 series switches (CSS)
    before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an
    FTP user to read and write arbitrary files via GET or PUT commands.

    ======================================================
    Candidate: CAN-2001-0622
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0622
    Phase: Proposed (20010727)
    Category: SF
    Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web
    Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml

    The web management service on Cisco Content Service series 11000
    switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote
    attacker to gain additional privileges by directly requesting the the
    web management URL instead of navigating through the interface.

    ======================================================
    Candidate: CAN-2001-0623
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0623
    Phase: Proposed (20010727)
    Category: SF
    Reference: DEBIAN:DSA-052
    Reference: URL:http://www.debian.org/security/2001/dsa-052
    Reference: XF:saft-sendfiled-execute-code(6430)
    Reference: URL:http://xforce.iss.net/static/6430.php

    sendfiled, as included with Simple Asynchronous File Transfer (SAFT),
    on various Linux systems does not properly drop privileges when
    sending notification emails, which allows local attackers to gain
    privileges.

    ======================================================
    Candidate: CAN-2001-0624
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0624
    Phase: Proposed (20010727)
    Category: SF
    Reference: VULN-DEV:20010421 QNX FIle Read Vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0266.html
    Reference: XF:qnx-fat-file-read
    Reference: URL:http://xforce.iss.net/static/6437.php

    QNX 2.4 allows a local user to read arbitrary files by directly
    accessing the mount point for the FAT disk partition, e.g. /fs-dos.

    ======================================================
    Candidate: CAN-2001-0625
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0625
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd)
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html
    Reference: XF:inoculateit-ftpdownload-symlink(6607)
    Reference: URL:http://xforce.iss.net/static/6607.php
    Reference: BID:2778
    Reference: URL:http://www.securityfocus.com/bid/2778

    ftpdownload in Computer Associates InoculateIT 6.0 allows a local
    attacker to overwrite arbitrary files via a symlink attack on
    /tmp/ftpdownload.log .

    ======================================================
    Candidate: CAN-2001-0626
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0626
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
    Reference: BID:2488
    Reference: URL:http://www.securityfocus.com/bid/2488

    O'Reilly Website Professional 2.5.4 and earlier allows remote
    attackers to determine the physical path to the root directory via a
    URL request containing a ":" character.

    ======================================================
    Candidate: CAN-2001-0627
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0627
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html
    Reference: BID:2752
    Reference: URL:http://www.securityfocus.com/bid/2752

    vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker
    to overwrite arbitrary files via a symlink attack.

    ======================================================
    Candidate: CAN-2001-0628
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0628
    Phase: Proposed (20010727)
    Category: SF
    Reference: MSKB:Q274228
    Reference: URL:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp
    Reference: BID:2760
    Reference: URL:http://www.securityfocus.com/bid/2760
    Reference: XF:word-asd-macro-execution(6614)
    Reference: URL:http://xforce.iss.net/static/6614.php

    Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros. This
    can allow a local attacker to execute arbitrary macros with the user ID of
    the Word user.

    ======================================================
    Candidate: CAN-2001-0629
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0629
    Phase: Proposed (20010727)
    Category: SF
    Reference: HP:HPSBUX0107-158
    Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0006.html
    Reference: BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html
    Reference: BID:2761
    Reference: URL:http://www.securityfocus.com/bid/2761
    Reference: XF:openview-nnm-ecsd-bo(6582)
    Reference: URL:http://xforce.iss.net/static/6582.php

    HP Event Correlation Service (ecsd) as included with OpenView Network Node
    Manager 6.1 allows a remote attacker to gain addition privileges via
    a buffer overflow attack in the '-restore_config' command line parameter.

    ======================================================
    Candidate: CAN-2001-0630
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0630
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010523 Vulnerability in viewsrc.cgi
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
    Reference: BID:2762
    Reference: URL:http://www.securityfocus.com/bid/2762

    Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a
    remote attacker to read arbitrary files via a '..' (dot dot) attack in
    the 'loc' variable.

    ======================================================
    Candidate: CAN-2001-0631
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0631
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity"
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
    Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html

    Centrinity First Class Internet Services 5.50 allows for the
    circumventing of the default 'spam' filters via the presence of '<>'
    in the 'From:' field, which allows remote attackers to send spoofed
    email with the identity of local users.

    ======================================================
    Candidate: CAN-2001-0632
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0632
    Phase: Proposed (20010727)
    Category: CF
    Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
    Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

    Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin
    username and password in the default installation, which can allow a
    remote attacker to gain additional privileges.

    ======================================================
    Candidate: CAN-2001-0633
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0633
    Phase: Proposed (20010727)
    Category: SF
    Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
    Reference: BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

    Directory traversal vulnerability in Sun Chili!Soft ASP on multiple
    Unixes allows a remote attacker to read arbitrary files above the web
    root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.

    ======================================================
    Candidate: CAN-2001-0634
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0634
    Phase: Proposed (20010727)
    Category: CF
    Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
    Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
    Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html

    Sun Chili!Soft ASP on multiple Unixes has weak permissions on various
    configuration files, which allows a local attacker to gain additional
    privileges and create a denial of service.

    ======================================================
    Candidate: CAN-2001-0635
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0635
    Phase: Proposed (20010727)
    Category: SF
    Reference: REDHAT:RHSA-2001:058
    Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-058.html

    Red Hat Linux 7.1 sets insecure permissions on swap files created
    during installation, which can allow a local attacker to gain
    additional privileges by reading sensitive information from the swap
    file, such as passwords.

    ---------------------------------------------------------------------
    3. Subscribing and unsubscribing to CVE-DATA-UPDATE-LIST
    ---------------------------------------------------------------------

    Unsubscribing
    -------------

    To unsubscribe from CVE-DATA-UPDATE-LIST, send an email message to
    listservlists.mitre.org.

    In the *BODY* of the message, type:

      SIGNOFF cve-data-update-list

    Subscribing
    -----------

    If you are not already subscribed to this list, you can subscribe via
    the following URL: http://cve.mitre.org/signup/register.html

    ---------------------------------------------------------------------
    4. More information
    ---------------------------------------------------------------------

    The MITRE Corporation (www.mitre.org) maintains CVE and provides
    impartial technical guidance to the CVE Editorial Board on all matters
    related to ongoing development of CVE.

    For more information about CVE, visit the CVE Web site at
    http://cve.mitre.org or send an email to cvemitre.org.

    To view, download, or search the CVE list and the candidate list,
    visit http://cve.mitre.org/cve/