CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1991 | CVE-2000-0413 | Candidate | The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | Proposed (20000615) | ACCEPT(7) Baker, Cole, Frech, LeBlanc, Levy, Ozancin, Stracener | MODIFY(1) Prosser | NOOP(1) Christey | Prosser> additional source Security BugWare | http://161.53.42.3/~crv/security/bugs/NT/fpse10.html comments on page re: | "MS soon to be released service release OSR 1.2 with needed changes." | I haven"t located anything on MS site yet. Anyone help? | Christey> BID:1433 may also refer to this issue. | Christey> [note to self: review comments by Mark Burnett] | Christey> CHANGEREF XF:iis-shtml-reveal-path XF:frontpage-ext-shtml-path(4439) | LeBlanc> Fixes are up on site now - have been for a while. | View |
| 380 | CVE-1999-0381 | Candidate | super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. | Proposed (19990726) | ACCEPT(7) Baker, Blake, Cole, Frech, Landfield, Levy, Ozancin | MODIFY(1) Bishop | NOOP(2) Armstrong, Wall | REVIEWING(1) Christey | Christey> Is this the same as CVE-1999-0373? They both have the same | X-Force reference. | | BID:342 suggests that there are two. | | http://www.debian.org/security/1999/19990215a suggests | that there are two. However, CVE-1999-0373 is written up in | a fashion that is too general; and both XF:linux-super-bo and | XF:linux-super-logging-bo refer to CVE-1999-0373. | CVE-1999-0373 may need to be split. | | Frech> From what I can surmise, ISS released the original advisory (attached to | linux-super-bo), and Sekure SDI expanded on it by releasing another related | overflow in syslog (which is linux-super-logging-bo). | | When I was originally assigning these issues, I placed both XF references | and the ISS advisory on the -0373 candidate, since there was nothing else | available. Based on the information above, I"d request that | XF:linux-super-logging-bo be removed from CVE-1999-0373. | Christey> Given Andre"s feedback, these are different issues. | CVE-1999-0373 does not need to be split because the ISS | reference is sufficient to distinguish that CVE from this | candidate; however, the CVE-1999-0373 description should | probably be modified slightly. | Bishop> (as indicated by Christey) | CHANGE> [Cole changed vote from NOOP to ACCEPT] | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> There are 2 bugs, as confirmed by the super author at: | BUGTRAQ:19990226 Buffer Overflow in Super (new) | http://www.securityfocus.com/archive/1/12713 | BID:397 also seems to cover this one, and it may cover | CVE-1999-0373 as well. | View |
| 282 | CVE-1999-0283 | Candidate | The Java Web Server would allow remote users to obtain the source code for CGI programs. | Modified (19991203-01) | ACCEPT(7) Baker, Blake, Cole, Collins, Dik, Northcutt, Wall | MODIFY(1) Frech | NOOP(5) Armstrong, Bishop, Christey, Landfield, Prosser | REVIEWING(1) Ozancin | Wall> Acknowledged by vendor at | http://www.sun.com/software/jwebserver/techinfo/jws112info.html. | Baker> Vulnerability Reference (HTML) Reference Type | http://www.securityfocus.com/archive/1/7260 Misc Defensive Info | http://www.sun.com/software/jwebserver/techinfo/jws112info.html Vendor Info | Christey> BID:1891 | URL:http://www.securityfocus.com/bid/1891 | Christey> Add version number (1.1 beta) and details of attack (appending | a . or a ) | | The Sun URL referenced by Dave Baker no longer exists, so I | wasn"t able to verify that it addressed the problem described | in the Bugtraq post. This might not even be Sun"s | "Java Web Server," as CVE-2001-0186 describes some product | called "Free Java Web Server" | Dik> There appears to be some confusion. | | The particular bug seems to be on in JWS 1.1beta or 1.1 which was fixed | in 1.1.2 (get foo.jthml source by appending "." of "" to URL) | | There are other bugs that give access and that require a configuration | change. | | http://www.sun.com/software/jwebserver/techinfo/security_advisory.html | Christey> Need to make sure to create CAN"s for the other bugs, | as documented in: | NTBUGTRAQ:19980724 Alert: New Source Bug Affect Sun JWS | http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131622&w=2 | BUGTRAQ:19980725 Alert: New Source Bug Affect Sun JWS | http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526086&w=2 | The reported bugs are: | 1) file read by appending %20 | 2) Directly call /servlet/file | URL:http://www.sddt.com/cgi-bin/Subscriber?/library/98/07/24/tbd.html | #2 is explicitly mentioned in the Sun advisory for | CVE-1999-0283. | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:javawebserver-cgi-source(5383) | View |
| 114 | CVE-1999-0114 | Candidate | Local users can execute commands as other users, and read other users" files, through the filter command in the Elm elm-2.4 mail package using a symlink attack. | Modified (20000106-01) | ACCEPT(7) Armstrong, Bishop, Blake, Cole, Landfield, Shostack, Wall | MODIFY(2) Baker, Frech | NOOP(3) Christey, Northcutt, Ozancin | REVIEWING(1) Levy | Frech> XF:elm-filter2 | CHANGE> [Wall changed vote from NOOP to ACCEPT] | Landfield> with Frech modifications | Baker> ADD REF http://www.cert.org/ftp/cert_bulletins/VB-95:10a.elm Official Advisory | Christey> The correct URL is http://www.cert.org/vendor_bulletins/VB-95:10a.elm | Need to make sure that this CERT advisory describes the right | problem, especially since the CERT advisory is dated December | 18, 1995 and the original Bugtraq post was December 26, 1995. | Christey> BID:1802 | URL:http://www.securityfocus.com/bid/1802 | BID:1802 doesn"t include the 1999 posting - does Security | Focus think that the 1999 post describes a different | vulnerability? | Christey> XF:elm-filter2 isn"t on the X-Force web site. How about XF:elm-filter(402) ? | Its references point to the December 26, 1995 BUgtraq post. | | Also consider CIAC:G-36 and CERT:VB-95:10 | Frech> DELREF:XF:elm-filter2(711) | ADDREF:XF:elm-filter(402) | View |
| 3170 | CVE-2001-0349 | Candidate | Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. | Modified (20050509) | ACCEPT(7) Armstrong, Balinsky, Cole, Foat, Stracener, Wall, Ziese | MODIFY(1) Frech | REVIEWING(1) Christey | CHANGE> [Balinsky changed vote from REVIEWING to ACCEPT] | Balinsky> Need to decide whether this and 2001-350 one or two vuls, but it is definitely valid. | Frech> XF:win2k-telnet-pipe-privileges(6664) | Christey> CIAC:L-092 | URL:http://www.ciac.org/ciac/bulletins/l-092.shtml | Christey> Consider adding BID:2849 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CERT-VN:VU#587587 | URL:http://www.kb.cert.org/vuls/id/587587 | BID:2849 | Microsoft identifies two separate vulnerabilities that are extremely | similar, but the security bulletin states that "The two | vulnerabilities differ primarily in the way they exploit the | underlying problem regarding named pipe creation." So, it may be | necessary to merge CVE-2001-0350 with CVE-2001-0349. | | If one issue is because of predictable names, and another | issue is because pipe ownership isn"t properly verified, then | these could stay SPLIT, and the descriptions should be | modified accordingly. | View |
Page 19851 of 20943, showing 5 records out of 104715 total, starting on record 99251, ending on 99255
