CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 5147 | CVE-2002-0757 | Candidate | (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | Proposed (20020726) | ACCEPT(2) Baker, Cole | NOOP(5) Armstrong, Christey, Cox, Foat, Wall | Christey> This *might* be vendor acknowledgement: | URL:http://www.geocrawler.com/lists/3/SourceForge/12082/0/8595354/ | | However, the person who"s credited by the vendor found *TWO* | authentication-related vulnerabilities at about the same time, | and the vendor is clearly fixing "a" vulnerability. So, which | issue did the vendor fix? Which issue is the vendor | acknowledging - CVE-2002-0757 or CVE-2002-0756? | View |
| 1020 | CVE-1999-1040 | Candidate | Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | Proposed (20010912) | ACCEPT(3) Cole, Foat, Stracener | NOOP(1) Christey | REJECT(1) Frech | Christey> This candidate and CVE-1999-1501 are duplicates. However, | CVE-1999-1501 will be REJECTed in favor of this candidate. | Add the following references: | BID:70 | URL:http://www.securityfocus.com/bid/70 | BID:71 | URL:http://www.securityfocus.com/bid/71 | XF:irix-ipxchk-ipxlink-ifs-commands(7365) | URL:http://xforce.iss.net/static/7365.php | View |
| 4407 | CVE-2002-0013 | Candidate | Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | Modified (20061101) | ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese | REVIEWING(1) Christey | Christey> This candidate is at a higher level of abstraction (more | general) than most other candidates. CVE"s content | decisions suggest that we should provide different candidates | for each implementation and type of bug that is affected by | the PROTOS suite. | | However, as of this writing (Feb 12, 2002), there is | insufficient information to assign the proper number of | candidates. This high-level candidate will serve as a | "catch-all," but we will be assigning lower-level (more | specific) candidates when there is more information. | | Due to the size and extent of this problem, it is better to | have a high-level candidate than no candidate at all. | Christey> BID:4089 | Christey> DEBIAN:DSA-111 | MANDRAKE:MDKSA-2002:014 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CALDERA:CSSA-2002-004.0 | Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. | Christey> COMPAQ:SSRT0799 | CONECTIVA:CLA-2002:462 | DEBIAN:DSA-111 | HP:HPSBUX0202-184 | URL:http://online.securityfocus.com/advisories/4032 | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products | MANDRAKE:MDKSA-2002:014 | FREEBSD:FreeBSD-SA-02:11 | Christey> SUSE:SuSE-SA:2002:012 | | Should also mention ucd-snmp package by name. | BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html | HP:HPSBMP0206-015 | URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html | CALDERA:CSSA-2002-SCO.25 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html | CALDERA:CSSA-2002-004.1 | URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 | BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html | Christey> SUNALERT:57404 | Christey> REDHAT:RHSA-2002:036 | URL:http://www.redhat.com/support/errata/RHSA-2002-036.html | View |
| 4406 | CVE-2002-0012 | Candidate | Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | Modified (20061101) | ACCEPT(6) Cole, Foat, Green, Jones, Wall, Ziese | REVIEWING(1) Christey | Christey> This candidate is at a higher level of abstraction (more | general) than most other candidates. CVE"s content | decisions suggest that we should provide different candidates | for each implementation and type of bug that is affected by | the PROTOS suite. | | However, as of this writing (Feb 12, 2002), there is | insufficient information to assign the proper number of | candidates. This high-level candidate will serve as a | "catch-all," but we will be assigning lower-level (more | specific) candidates when there is more information. | | Due to the size and extent of this problem, it is better to | have a high-level candidate than no candidate at all. | Ziese> ACKNOWLEDGED-BY-VENDOR | Christey> DEBIAN:DSA-111 | MANDRAKE:MDKSA-2002:014 | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> CALDERA:CSSA-2002-004.0 | Christey> Consider adding BID:4088 | Christey> ADDREF SGI:20020404-01-P, which discusses the "hpsnmpd" daemon. | Christey> COMPAQ:SSRT0799 | CONECTIVA:CLA-2002:462 | BID:4088 | DEBIAN:DSA-111 | HP:HPSBUX0202-184 | URL:http://online.securityfocus.com/advisories/4032 | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities | CISCO:20020212 Malformed SNMP Message-Handling Vulnerabilities for Cisco Non-IOS Products | MANDRAKE:MDKSA-2002:014 | FREEBSD:FreeBSD-SA-02:11 | Christey> SUSE:SuSE-SA:2002:012 | | Should also mention ucd-snmp package by name. | BUGTRAQ:20020824 NOVL-2002-2961546 - SNMPv1 Trap and Request Handling Vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0295.html | HP:HPSBMP0206-015 | URL:http://archives.neohapsis.com/archives/hp/2002-q4/0010.html | CALDERA:CSSA-2002-SCO.25 | URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q2/0024.html | CALDERA:CSSA-2002-004.1 | URL:ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-004.1 | BUGTRAQ:20020227 nCipher Security Advisory #2: SNMP vulnerabilities | URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0353.html | Christey> REDHAT:RHSA-2002:036 | URL:http://www.redhat.com/support/errata/RHSA-2002-036.html | View |
| 756 | CVE-1999-0776 | Candidate | Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. | Proposed (19991214) | ACCEPT(4) Frech, Levy, Ozancin, Stracener | MODIFY(1) Baker | NOOP(6) Armstrong, Blake, Cole, Landfield, LeBlanc, Wall | REVIEWING(1) Christey | Christey> This candidate is unconfirmed by the vendor. | | Posted by Arne Vidstrom. | Blake> I"d like to change my vote on this from ACCEPT to NOOP. I did some | digging and the vendor seems to have discontinued the product, so no | information is available beyond Arne"s post. Unless Andre has a copy | in his archive and can test it, I think we have to leave it out. | Wall> I agree with Blake. We have not seen the product and it has been discontinued. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> If this is (or was) tested by some tool, we should ACCEPT it. | Baker> http://www.securityfocus.com/bid/270 | Christey> BID:270 | URL:http://www.securityfocus.com/bid/270 | View |
Page 20660 of 20943, showing 5 records out of 104715 total, starting on record 103296, ending on 103300
