CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3396 | CVE-2001-0583 | Candidate | Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | Proposed (20010727) | ACCEPT(3) Baker, Frech, Williams | NOOP(5) Bishop, Cole, Foat, Wall, Ziese | Baker> ftp1.deerfield.com/pub/mdaemon/Archive/3.5.6/ | This is the site for downloading from Deerfield, the parent company. | The release notes on the web site only apply to version 4.0 and higher. | If you download the 3.5.6 version, you can then install the software, | which will also install the release notes, named RelNotes.txt, in the | docs sub-directory. Inside this file is a vendor confirmation | of sorts, at least close enough for me.... | I quote: | "----------------------------------------------------------------------------- | MDaemon Server v3.X Release Notes | ----------------------------------------------------------------------------- | | PLEASE READ THIS ENTIRE DOCUMENT. IMPORTANT ISSUES RELATED TO THE RELEASE OF | MDAEMON 3.X ARE LISTED TOWARD THE BOTTOM OF THIS DOCUMENT. THEY ARE | CRITICALLY IMPORTANT! PLEASE READ THIS ENTIRE DOCUMENT. | | ---------------------------- | MDaemon v3.5.6 - Mar 9, 2001 | ---------------------------- | | SPECIAL CONSIDERATIONS | ---------------------- | | o None (see 3.51 below) | | MAJOR NEW FEATURES | ------------------ | | o None | | | ADDITIONAL CHANGES AND NEW FEATURES | ----------------------------------- | | o None | | FIXES | ----- | | o Fix to memory leak in IMAP server. | o Fix to crash problem in WorldClient Standard and WebConfig web server. | o Fix to "Send As" address not being used as MAIL FROM when forwarding. | o Fix to "local only" restriction not being applied when mail collected | via DomainPOP. | | ------------------------------- | MDaemon v3.5.4 - Feb 19th, 2001 | ------------------------------- | " | This matches the described problems in the worldclient and webconfig servers | which are part of the Mdaemon package. | View |
| 3397 | CVE-2001-0584 | Candidate | IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. | Proposed (20010727) | ACCEPT(3) Cole, Frech, Williams | NOOP(4) Bishop, Foat, Wall, Ziese | CHANGE> [Bishop changed vote from REVIEWING to NOOP] | View |
| 3401 | CVE-2001-0588 | Candidate | sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | Proposed (20010727) | ACCEPT(1) Williams | MODIFY(1) Frech | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Bishop | Frech> XF:sco-openserver-sendmail-bo(6303) | View |
| 3405 | CVE-2001-0592 | Candidate | Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. | Proposed (20010727) | ACCEPT(1) Frech | NOOP(4) Cole, Foat, Wall, Ziese | REVIEWING(1) Bishop | View | |
| 3410 | CVE-2001-0597 | Candidate | Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP"s use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password "search space". | Proposed (20010727) | ACCEPT(3) Cole, Frech, Ziese | NOOP(2) Foat, Wall | REVIEWING(1) Bishop | Frech> CONFIRM:http://www.zetetic.net/docs/bugs/security_04-09-2001. | html | View |
Page 280 of 20943, showing 5 records out of 104715 total, starting on record 1396, ending on 1400
