CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 2235 | CVE-2000-0659 | Candidate | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request. | Proposed (20000803) | ACCEPT(2) Baker, Levy | MODIFY(1) Frech | NOOP(3) Cole, LeBlanc, Wall | Frech> XF:analogx-proxy-socks4-crash(4997) | View |
| 2243 | CVE-2000-0667 | Candidate | Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. | Proposed (20000803) | ACCEPT(1) Levy | MODIFY(1) Frech | NOOP(3) Cole, LeBlanc, Wall | REVIEWING(1) Christey | Frech> XF:linux-gpm-gpmctl-dos(5010) | We show this issue to be cross-Linux-platform and not Caldera specific. May | also be a LOA issue or duplicate or specific instance of CVE-2000-0531. This | position is further validated by BID-1512 and BID-1377, which lists this as | a Conectiva Linux/Mandrake issue and list Mandrake:MDKSA-2000:025 in common. | We will list both CVEs under the listed XF tag unless otherwise instructed. | Christey> ADDREF Conectiva? | URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0396.html | Christey> ADDREF REDHAT:RHSA-2000:045-01 | ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - GPM | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96473014104340&w=2 | Another possible reference is: | BUGTRAQ:20000728 MDKSA:2000-025 gpm update | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96480812908563&w=2 | although the advisory is not explicit. It also refers to | CVE-2000-0531. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Per Andre Frech"s comments. | View |
| 2148 | CVE-2000-0572 | Candidate | The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges. | Proposed (20000719) | ACCEPT(2) Baker, Levy | MODIFY(1) Frech | NOOP(4) Cole, LeBlanc, Magdych, Wall | Frech> XF;razor-weak-encryption(4875) | CHANGE> [Magdych changed vote from REVIEWING to NOOP] | View |
| 2150 | CVE-2000-0574 | Candidate | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. | Proposed (20000719) | ACCEPT(3) Cole, Levy, Magdych | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | REVIEWING(1) Christey | Christey> CD:SF-CODEBASE applies here. There are many ftpd"s that | have this setproctitle() problem, but it might be traced | back to the same codebase. See if the HP problem is the | same here as well, and if so, ADDREF HP:HPSBUX0007-117 | URL:http://www.securityfocus.com/templates/advisory.html?id=2404 | Frech> XF:ftp-setproctitle-format-string(4908) | BID:1438 does not exist. | Christey> ADDREF HP:HPSBUX0007-117?? | http://archives.neohapsis.com/archives/hp/2000-q4/0020.html | Christey> ADDREF BID:650 ? | View |
| 2154 | CVE-2000-0578 | Candidate | SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. | Proposed (20000719) | ACCEPT(4) Baker, Blake, Cole, Levy | MODIFY(1) Frech | NOOP(7) Armstrong, Christey, LeBlanc, Magdych, Oliver, Ozancin, Wall | Frech> XF:sgi-mipspro-modify-files(5007) | CHANGE> [Cole changed vote from NOOP to ACCEPT] | CHANGE> [Magdych changed vote from REVIEWING to NOOP] | Christey> SGI:20030605-01-A | URL:ftp://patches.sgi.com/support/free/security/advisories/20030605-01-A | View |
Page 354 of 20943, showing 5 records out of 104715 total, starting on record 1766, ending on 1770
