CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 3308 | CVE-2001-0491 | Candidate | Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST. | Modified (20010910-01) | ACCEPT(1) Williams | MODIFY(2) Baker, Frech | NOOP(4) Cole, Renaud, Wall, Ziese | Frech> XF:raidenftpd-dot-directory-traversal(6455) | Baker> Should probably modify description to say v2.1 prior to build 952, since the interim builds also had similar problems until build 952 resolved this. | View |
| 3313 | CVE-2001-0496 | Candidate | kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | Modified (20010910-01) | ACCEPT(4) Baker, Cole, Williams, Ziese | MODIFY(1) Frech | NOOP(2) Renaud, Wall | REVIEWING(1) Christey | Williams> kdesu is part of kdelibs package. since entire kdelibs package must be upgraded, and since kdelibs (rather than kdesu) is referenced in most advisories related to this issue, we might want to reference kdelibs in this CAN. | Frech> XF:kdelibs-kdesu-insecure-tmpfile(6856) | Christey> Agree with Ken Williams. The CVE descriptions in general | should capture all "reasonable" keywords under which | someone may know the vulnerability. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> It"s possible that this is the same vulnerability as CVE-2001-0178, | but the description is written so differently from the others, that | it"s hard to be sure. In addition, Mandrake released a separate | advisory for CVE-2001-0178. | BID:2669 addresses CVE-2001-0178. | View |
| 3068 | CVE-2001-0247 | Candidate | Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. | Modified (20010910-01) | ACCEPT(5) Baker, Cole, Oliver, Renaud, Ziese | MODIFY(1) Frech | NOOP(2) Christey, Wall | Frech> XF:ftp-glob-expansion(6332) | Christey> ADDREF SGI:20010802-01-P | Christey> COMPAQ:SSRT-547 | URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html | View |
| 2952 | CVE-2001-0131 | Candidate | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | Modified (20010430-01) | ACCEPT(2) Baker, Cole | MODIFY(1) Frech | NOOP(3) Christey, Magdych, Wall | Frech> XF:linux-apache-symlink(5926) | Christey> XF:linux-apache-symlink | URL:http://xforce.iss.net/static/5926.php | Christey> http://archives.neohapsis.com/archives/vendor/2001-q1/0019.html | Christey> This item may have been re-introduced into the Apache source | code sometime during 2002; CVE-2002-1233 has been created for | that version, which affects Apache 1.3.27 and other versions. | Christey> As a further clarification, CVE-2002-1233 is *only* for the | Debian-specific regression error. | Christey> DEBIAN:DSA-195 | URL:http://www.debian.org/security/2002/dsa-195 | View |
| 2660 | CVE-2000-1093 | Candidate | Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. | Modified (20010417-01) | ACCEPT(2) Baker, Wall | MODIFY(1) Frech | NOOP(1) Cole | REVIEWING(1) Christey | Frech> XF:aim-remote-bo(5732) | Christey> CD:SF-LOC as currently written suggests merging this with | CVE-2000-1094, since both describe buffer overflows in the | same software version. | Christey> Consider adding BID:2118 | View |
Page 560 of 20943, showing 5 records out of 104715 total, starting on record 2796, ending on 2800
