CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 225 | CVE-1999-0226 | Candidate | Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | Proposed (19990728) | ACCEPT(1) Northcutt | MODIFY(1) Frech | NOOP(1) Baker | REJECT(1) Christey | Christey> Too general, and no references. | Frech> XF:nt-frag(528) | See reference from BugTraq Mailing List, "A New Fragmentation Attack" at | http://www.securityfocus.com/templates/archive.pike?list=1&date=1997-07-8&ms | g=Pine.SUN.3.94.970710054440.11707A-100000@dfw.dfw.net | View |
| 3998 | CVE-2001-1194 | Candidate | Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | Modified (20050702) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Cole, Foat, Wall, Ziese | RECAST(1) Christey | Christey> This should probably be SPLIT. The 2 vulnerabilities, while | both related to malformed input, are clearly different types | of malformed input. | XF:prestige-dsl-frag-packet-dos(7723) | URL:http://xforce.iss.net/static/7723.php | XF:prestige-dsl-frag-packet-dos(7723) | URL:http://xforce.iss.net/static/7723.php | BID:3711 | URL:http://www.securityfocus.com/bid/3711 | Frech> XF:prestige-dsl-packet-length-dos(7704) | View |
| 5909 | CVE-2002-1525 | Candidate | Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017. | Proposed (20030317) | ACCEPT(3) Armstrong, Baker, Cole | NOOP(2) Cox, Wall | RECAST(1) Christey | Christey> This should probably be SPLIT (".." and absolute path are | typically different types of bugs.) | View |
| 61 | CVE-1999-0061 | Candidate | File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | Proposed (19990630) | ACCEPT(3) Frech, Hill, Northcutt | RECAST(1) Baker | REVIEWING(1) Christey | Christey> This should be split into three separate problems based on | the SNI advisory. But there"s newer information to further | complicate things. | | What do we do about this one? in 1997 or so, SNI did an | advisory on this problem. In early 2000, it was still | discovered to be present in some Linux systems. So an | SF-DISCOVERY content decision might say that this is a | long enough time between the two, so this should be recorded | separately. But they"re the same codebase... so if we keep | them in the same entry, how do we make sure that this entry | reflects that some new information has been discovered? | | The use of dot notation may help in this regard, to use one | dot for the original problem as discovered in 1997, and | another dot for the resurgence of the problem in 2000. | Baker> We should merge these. | Christey> Perhaps this should be NAI-19 instead of NAI-20? | The original Bugtraq post for the SNI advisory suggests SNI-19: | BUGTRAQ:19971002 SNI-19:BSD lpd vulnerability | URL:SNI-19:BSD lpd vulnerability | | Also add: | BUGTRAQ:19971021 SNI-19: BSD lpd vulnerabilities (UPDATE) | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87747479514310&w=2 | | However, archives of "NAI-0020" point to the lpd vuln. | | If I recall correctly, some of the NAI advisory numbers got | switched when NAI acquired SNI. | View |
| 5929 | CVE-2002-1545 | Candidate | CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response. | Proposed (20030317) | NOOP(4) Armstrong, Cole, Cox, Wall | REVIEWING(1) Christey | Christey> This seems like a rediscovery of CVE-2001-0934. | View |
Page 281 of 20943, showing 5 records out of 104715 total, starting on record 1401, ending on 1405
