CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1745 | CVE-2000-0167 | Candidate | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | Proposed (20000223) | ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(1) Baker | REVIEWING(4) Christey, LeBlanc, Levy, Wall | Frech> XF:iis-pickup-directory-dos | Christey> BID:1819 | URL:http://www.securityfocus.com/bid/1819 | LeBlanc> Trying to get more info | View |
| 1792 | CVE-2000-0214 | Candidate | FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites. | Proposed (20000322) | ACCEPT(5) Armstrong, Baker, Cole, Levy, Ozancin | MODIFY(1) Frech | NOOP(3) Blake, LeBlanc, Wall | Frech> XF:ftp-explorer-weak-pwd(4038) | View |
| 1794 | CVE-2000-0216 | Candidate | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | Proposed (20000322) | ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(2) Baker, Ozancin | REJECT(3) Blake, LeBlanc, Levy | REVIEWING(1) Wall | Blake> This is a configuration issue. Should the fact that NT can be configured | to accept a blank Admin password have a CVE entry? | LeBlanc> This is documented as bad practice - if you have a wide distribution | mailing list, you should only allow certain users to send mail to it. | I don"t think we want to start listing all possible admin errors as | vulnerabilities. | Frech> XF:microsoft-mail-client-dos(4893) | Levy> I agree with all the above comments. Furthermore the delivery status | notification RFC makes it clear that mailing list software should | strip messages from DSN headers. I assume Microsoft"s products are | using the DSN standard and not something else. | View |
| 1798 | CVE-2000-0220 | Candidate | ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. | Proposed (20000322) | ACCEPT(1) Armstrong | MODIFY(1) Frech | NOOP(5) Baker, Cole, LeBlanc, Ozancin, Wall | REJECT(1) Blake | REVIEWING(1) Levy | Blake> Discussion on Bugtraq shows that this is a really marginal issue. Very | tough to come up with a viable attack scenario. Also, it"s part of how | this class of software works, not a flaw in the cited package. Might be | possible to recast this into something more generic.... | Frech> XF:zonealarm-exposes-info | View |
| 1751 | CVE-2000-0173 | Candidate | Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. | Proposed (20000322) | ACCEPT(3) Baker, Blake, Cole | MODIFY(1) Frech | NOOP(4) LeBlanc, Ozancin, Prosser, Wall | REVIEWING(2) Christey, Levy | Prosser> Although SCO is reporting the problem, there is too little info | available to make an informed decision. Unable to find anything | anywhere on this. It is an events logging system, so one would assume | that there is a way to fill up the log and cause a system halt, but no | way of confirming this with limited information. | Christey> Perhaps we should create a content decision, say | CD:VAGUE-ACK, which says whether it"s reasonable to | ACCEPT vendor-acknowledged problems that do not provide any | salient details, as in this candidate as well as several | others. | Cole> I researched this a little more and you can change my NOOP to an | ACCEPT | Frech> XF:sco-eels-dos | View |
Page 20570 of 20943, showing 5 records out of 104715 total, starting on record 102846, ending on 102850
