[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PROPOSAL] Cluster RECENT-79 - 45 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster RECENT-79 - 45 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Thu, 31 Jan 2002 19:11:22 -0500 (EST)
Delivery-Date: Thu Jan 31 19:11:26 2002
Sender: owner-cve-editorial-board-list@lists.mitre.org
I am proposing cluster RECENT-79 for review and voting by the
Editorial Board.

Name: RECENT-79
Description: Candidates announced between 12/2/2001 and 1/25/2002
Size: 45

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2001-0726
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0726
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: MS:MS01-057
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-057.asp

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used
with Internet Explorer, does not properly detect certain inline
script, which can allow remote attackers to perform arbitrary actions
on a user's Exchange mailbox via an HTML e-mail message.

Analysis
----------------
ED_PRI CAN-2001-0726 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0727
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0727
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010927
Category: SF
Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100835204509262&w=2
Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100861273114437&w=2
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: CERT:CA-2001-36
Reference: URL:http://www.cert.org/advisories/CA-2001-36.html

Internet Explorer 6.0 allows remote attackers to execute arbitrary
code by modifying the Content-Disposition and Content-Type header
fields in a way that causes Internet Explorer to believe that the file
is safe to open without prompting the user, aka the "File Execution
Vulnerability."

Analysis
----------------
ED_PRI CAN-2001-0727 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0797
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0797
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011024
Category: SF
Reference: ISS:20011212 Buffer Overflow in /bin/login
Reference: URL:http://xforce.iss.net/alerts/advise105.php
Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow
Reference: URL:http://www.securityfocus.com/archive/1/246487
Reference: CERT:CA-2001-34
Reference: URL:http://www.cert.org/advisories/CA-2001-34.html
Reference: CERT-VN:VU#569272
Reference: URL:http://www.kb.cert.org/vuls/id/569272
Reference: CALDERA:CSSA-2001-SCO.40
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
Reference: SUN:00213
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
Reference: AIXAPAR:IY26221
Reference: SGI:20011201-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
Reference: XF:telnet-tab-bo(7284)
Reference: URL:http://xforce.iss.net/static/7284.php
Reference: BID:3681
Reference: URL:http://www.securityfocus.com/bid/3681

Buffer overflow in login in various System V based operating systems
allows remote attackers to execute arbitrary commands via a large
number of arguments through services such as telnet and rlogin.

Analysis
----------------
ED_PRI CAN-2001-0797 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011203
Category: SF
Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2
Reference: REDHAT:RHSA-2001:161
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html
Reference: SUSE:SuSE-SA:2001:045
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
Reference: XF:openssh-uselogin-execute-code(7647)
Reference: URL:http://xforce.iss.net/static/7647.php

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly
cleanse critical environment variables such as LD_PRELOAD, which
allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-2001-0872 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0874
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-frame-verification-variant2(7702)
Reference: URL:http://xforce.iss.net/static/7702.php
Reference: BID:3693
Reference: URL:http://www.securityfocus.com/bid/3693

Internet Explorer 5.5 and 6.0 allow remote attackers to read certain
files via HTML that passes information from a frame in the client's
domain to a frame in the web site's domain, a variant of the "Frame
Domain Verification" vulnerability.

Analysis
----------------
ED_PRI CAN-2001-0874 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0875
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog
Reference: URL:http://www.securityfocus.com/archive/1/245594
Reference: MS:MS01-058
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp
Reference: XF:ie-file-download-ext-spoof(7636)
Reference: URL:http://xforce.iss.net/static/7636.php
Reference: BID:3597
Reference: URL:http://www.securityfocus.com/bid/3597

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the
File Download dialogue box to misrepresent the name of the file in the
dialogue in a way that could fool users into thinking that the file
type is safe to download.

Analysis
----------------
ED_PRI CAN-2001-0875 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0876
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0876
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#951555
Reference: URL:http://www.kb.cert.org/vuls/id/951555
Reference: XF:win-upnp-notify-bo(7721)
Reference: URL:http://xforce.iss.net/static/7721.php
Reference: BID:3723
Reference: URL:http://www.securityfocus.com/bid/3723

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98E,
ME, and XP allows remote attackers to execute arbitrary code via a
NOTIFY directive with a long Location URL.

Analysis
----------------
ED_PRI CAN-2001-0876 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0877
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0877
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100887440810532&w=2
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100887271006313&w=2
Reference: BUGTRAQ:20020109 UPNP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/249238
Reference: MS:MS01-059
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-059.asp
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#411059
Reference: URL:http://www.kb.cert.org/vuls/id/411059
Reference: XF:win-upnp-udp-dos(7722)
Reference: URL:http://xforce.iss.net/static/7722.php

Universal Plug and Play (UPnP) on Windows 98, 98E, ME, and XP allows
remote attackers to cause a denial of service via (1) a spoofed SSDP
advertisement that causes the client to connect to a service on
another machine that generates a large amount of traffic (e.g.,
chargen), or (2) via a spoofed SSDP announcement to broadcast or
multicast addresses, which could cause all UPnP clients to send
traffic to a single target system.

Analysis
----------------
ED_PRI CAN-2001-0877 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0879
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0879
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011211
Category: SF
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp
Reference: XF:mssql-c-runtime-format-string(7725)
Reference: URL:http://xforce.iss.net/static/7725.php
Reference: BID:3732
Reference: URL:http://www.securityfocus.com/bid/3732

Format string vulnerability in the C runtime functions in SQL Server
7.0 and 2000 allows attackers to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2001-0879 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0886
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011214
Category: SF
Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues.
Reference: URL:http://www.securityfocus.com/archive/1/245956
Reference: REDHAT:RHSA-2001-160
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html
Reference: MANDRAKE:MDKSA-2001:095
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
Reference: ENGARDE:ESA-20011217-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html
Reference: XF:glibc-glob-bo(7705)
Reference: URL:http://xforce.iss.net/static/7705.php
Reference: BID:3707
Reference: URL:http://www.securityfocus.com/bid/3707

Buffer overflow in glob function of glibc allows attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
glob pattern that ends in a brace "{" character.

Analysis
----------------
ED_PRI CAN-2001-0886 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0887
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0887
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011219
Category: SF
Reference: FREEBSD:FreeBSD-SA-01:68
Reference: URL:http://www.securityfocus.com/advisories/3734
Reference: BID:3700
Reference: URL:http://www.securityfocus.com/bid/3700
Reference: XF:xsane-temp-symlink(7714)
Reference: URL:http://xforce.iss.net/static/7714.php

xSANE 0.81 and earlier allows local users to modify files of other
xSANE users via a symlink attack on temporary files.

Analysis
----------------
ED_PRI CAN-2001-0887 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0889
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0889
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011221
Category: SF
Reference: BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2
Reference: REDHAT:RHSA-2001:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html

Exim 3.22 and earlier, in some configurations, does not properly
verify the local part of an address when redirecting the address to a
pipe, which could allow remote attackers to execute arbitrary commands
via shell metacharacters.

Analysis
----------------
ED_PRI CAN-2001-0889 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0001
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020101
Category: SF
Reference: BUGTRAQ:20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100994648918287&w=2
Reference: CONFIRM:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
Reference: DEBIAN:DSA-096
Reference: URL:http://www.debian.org/security/2002/dsa-096
Reference: REDHAT:RHSA-2002:003
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-003.html

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt
1.3.x before 1.3.25 allows remote attackers to execute arbitrary
commands via an improperly terminated comment or phrase in the address
list.

Analysis
----------------
ED_PRI CAN-2002-0001 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020102
Category: SF
Reference: MISC:http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2
Reference: CONFIRM:http://stunnel.mirt.net/news.html
Reference: REDHAT:RHSA-2002:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html

Format string vulnerability in stunnel before 3.22 when used in client
mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious
servers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0002 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020102
Category: SF
Reference: REDHAT:RHSA-2002:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html

Buffer overflow in the preprocessor in groff 1.16 and earlier allows
remote attackers to gain privileges via lpd in the LPRng printing
system.

Analysis
----------------
ED_PRI CAN-2002-0003 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0004
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0004
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020102
Category: SF
Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101128661602088&w=2
Reference: DEBIAN:DSA-102
Reference: URL:http://www.debian.org/security/2002/dsa-102
Reference: SUSE:SuSE-SA:2002:003
Reference: URL:http://www.suse.de/de/support/security/2002_003_at_txt.txt
Reference: MANDRAKE:MDKSA-2002:007
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101147632721031&w=2
Reference: REDHAT:RHSA-2002:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html

Heap corruption vulnerability in the "at" program allows local users
to execute arbitrary code via a malformed execution time, which causes
at to free the same memory twice.

Analysis
----------------
ED_PRI CAN-2002-0004 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0028
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0028
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101043894627851&w=2
Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101043076806401&w=2
Reference: CERT:CA-2002-02
Reference: URL:http://www.cert.org/advisories/CA-2002-02.html
Reference: CERT-VN:VU#570167
Reference: URL:http://www.kb.cert.org/vuls/id/570167
Reference: BID:3813
Reference: URL:http://www.securityfocus.com/bid/3813

Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows
remote attackers to execute arbitrary code via a Voice Video & Games
request.

Analysis
----------------
ED_PRI CAN-2002-0028 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0038
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0038
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020116
Category: SF
Reference: SGI:20020102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I
Reference: SGI:20020102-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I
Reference: SGI:20020102-03-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P

Vulnerability in the cache-limiting function of the unified name
service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote
attackers to cause a denial of service by forcing the cache to fill
the disk.

Analysis
----------------
ED_PRI CAN-2002-0038 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0043
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0043
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020122
Category: SF
Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/250168
Reference: REDHAT:RHSA-2002-013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html
Reference: REDHAT:RHSA-2002-011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html
Reference: CONECTIVA:CLA-2002:451
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
Reference: ENGARDE:ESA-20020114-001
Reference: SUSE:SuSE-SA:2002:002
Reference: URL:http://www.suse.de/de/support/security/2002_002_sudo_txt.txt
Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2
Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html
Reference: XF:sudo-unclean-env-root(7891)
Reference: URL:http://xforce.iss.net/static/7891.php
Reference: BID:3871
Reference: URL:http://www.securityfocus.com/bid/3871

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment
before calling the mail program, which could allow local users to gain
root privileges by modifying environment variables and changing how
the mail program is invoked.

Analysis
----------------
ED_PRI CAN-2002-0043 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0044
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0044
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020122
Category: SF
Reference: REDHAT:RHSA-2002-012
Reference: URL:https://www.redhat.com/support/errata/RHSA-2002-012.html
Reference: HP:HPSBTL0201-019
Reference: URL:http://www.securityfocus.com/advisories/3818
Reference: MANDRAKE:MDKSA-2002:010
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3
Reference: DEBIAN:DSA-105
Reference: URL:http://www.debian.org/security/2002/dsa-105
Reference: XF:gnu-enscript-tmpfile-symlink(7932)
Reference: URL:http://xforce.iss.net/static/7932.php
Reference: BID:3920
Reference: URL:http://www.securityfocus.com/bid/3920

GNU Enscript 1.6.1 and earlier allows local users to overwrite
arbitrary files of the Enscript user via a symlink attack on temporary
files.

Analysis
----------------
ED_PRI CAN-2002-0044 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0046
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020122
Category: SF
Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp
Reference: URL:http://www.securityfocus.com/archive/1/251418
Reference: REDHAT:RHSA-2002-007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html

Linux kernel, and possibly other operating systems, allows remote
attackers to read portions of memory via a series of fragmented ICMP
packets that generate an ICMP TTL Exceeded response, which includes
portions of the memory in the response packet.

Analysis
----------------
ED_PRI CAN-2002-0046 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0047
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020122
Category: SF
Reference: DEBIAN:DSA-104
Reference: URL:http://www.debian.org/security/2002/dsa-104
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:cipe-packet-handling-dos(7883)
Reference: URL:http://xforce.iss.net/static/7883.php

CIPE VPN package before 1.3.0-3 allows remote attackers to cause a
denial of service (crash) via a short malformed packet.

Analysis
----------------
ED_PRI CAN-2002-0047 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0048
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0048
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020124
Category: SF
Reference: SUSE:SuSE-SA:2002:004
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2002-Jan/0003.html
Reference: DEBIAN:DSA-106
Reference: URL:http://www.debian.org/security/2002/dsa-106
Reference: MANDRAKE:MDKSA-2002:009
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-009.php
Reference: REDHAT:RHSA-2002:018
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-018.html
Reference: BUGTRAQ:20020128 TSLSA-2002-0025 - rsync
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223214906963&w=2
Reference: BUGTRAQ:20020127 rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101223603321315&w=2
Reference: CONECTIVA:CLA-2002:458
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000458
Reference: ENGARDE:ESA-20020125-004
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1853.html

Multiple signedness errors (mixed signed and unsigned numbers) in the
I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote
attackers to cause a denial of service and execute arbitrary code in
the rsync client or server.

Analysis
----------------
ED_PRI CAN-2002-0048 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0946
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100743394701962&w=2
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create
or change the modification dates of arbitrary files via a symlink
attack on the LOW_POWER temporary file, which could be used to cause a
denial of service, e.g. by creating /etc/nologin and disabling logins.

Analysis
----------------
ED_PRI CAN-2001-0946 2
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0954
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780146532131&w=2L:1
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
Reference: XF:lotus-domino-database-dos(7684)
Reference: URL:http://xforce.iss.net/static/7684.php
Reference: BID:3656
Reference: URL:http://www.securityfocus.com/bid/3656

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows
remote attackers to cause a denial of service (block access to
databases that have not been previously accessed) via a URL that
includes the . (dot) directory.

Analysis
----------------
ED_PRI CAN-2001-0954 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0955
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0955
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: VULN-DEV:20010922 XFree86 DOS / Buffer overflow local and remote.
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=100118958310463&w=2
Reference: BUGTRAQ:20011207 Crashing X
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100776624224549&w=2
Reference: BUGTRAQ:20011208 Re: Crashing X
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100784290015880&w=2
Reference: CONFIRM:http://www.xfree86.org/4.2.0/RELNOTES2.html#2
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: MISC:http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
Reference: BID:3663
Reference: URL:http://www.securityfocus.com/bid/3663
Reference: BID:3657
Reference: URL:http://www.securityfocus.com/bid/3657
Reference: XF:xfree86-konqueror-bo(7673)
Reference: URL:http://xforce.iss.net/static/7673.php
Reference: XF:xfree86-xterm-title-bo(7683)
Reference: URL:http://xforce.iss.net/static/7683.php

Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph
clipping for large origins, allows attackers to cause a denial of
service and possibly gain privileges via a large number of characters,
possibly through the web page search form of KDE Konqueror or from an
xterm command with a long title.

Analysis
----------------
ED_PRI CAN-2001-0955 2
Vendor Acknowledgement: yes

ABSTRACTION: It is possible that the Konqueror and xterm bugs have
different issues, both of which may or may not be due to the same
problem in XFree86.  However, both of the reports involve X clients
that crash the server - which shouldn't be doable by a client - so
that suggests a common problem that is "exploitable" through different
means.  Various Bugtraq discussions seem to eventually agree that it
is something in XFree86.  However, the XFree86 security reports do not
provide sufficient details to be certain that it is the same
underlying problem.
ACKNOWLEDGEMENT: Some posts on Bugtraq imply that there are patches in
the fbglyph.c file.  The XFree86 security page has the following
comment for version 4.2.0: "Fix a buffer overflow in glyph clipping
for large origin" which could be the same as the issue being discussed
here.
Section 2.3 in the release notes for 4.2.0 says "A security problem
related to glyph clipping for large origins is fixed."
However, the patch was applied on September 16th - a week before the
problem was initially posted to VULN-DEV.
While the vendor's descriptions of the problems do not cleanly match
the exploit scenarios described in the mailing lists - which affects
the certainty of this candidate's description - there seems to be
enough evidence that XFree86 was aware of and fixed this problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0005
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020107
Category: SF
Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=100998295512885&w=2
Reference: BUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.securityfocus.com/archive/1/247944
Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
Reference: NTBUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
Reference: BID:3769
Reference: URL:http://www.securityfocus.com/bid/3769
Reference: XF:aim-game-overflow(7743)
Reference: URL:http://xforce.iss.net/static/7743.php

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and
other versions allows remote attackers to execute arbitrary code via a
long argument in a game request (AddGame).

Analysis
----------------
ED_PRI CAN-2002-0005 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0007
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0007
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote
attackers to obtain an anonymous bind to the LDAP server via a request
that does not include a password, which causes a null password to be
sent to the LDAP server.

Analysis
----------------
ED_PRI CAN-2002-0007 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0008
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108385
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108516

Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user
comment via an HTTP request process_bug.cgi using the "who" parameter,
instead of the Bugzilla_login cookie, or (2) post a bug as another
user by modifying the reporter parameter to enter_bug.cgi, which is
passed to post_bug.cgi.

Analysis
----------------
ED_PRI CAN-2002-0008 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0009
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0009
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs
Access" privileges to see other products that are not accessible to
the user, by submitting a bug and reading the resulting Product
pulldown menu.

Analysis
----------------
ED_PRI CAN-2002-0009 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0010
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: BUGTRAQ:20020106 Inproper input validation in Bugzilla <=2.14 - exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0052.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108812
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108822
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=108821
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109690
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=109679
Reference: MISC:http://www.bugzilla.org/bugzilla2.14to2.14.1.patch

Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL
code and create files or gain privileges via (1) the sql parameter in
buglist.cgi, (2) invalid field names from the "boolean chart" query in
buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a
malformed bug ID in the buglist parameter in long_list.cgi, and (5)
the value parameter in editusers.cgi, which allows groupset privileges
to be modified by attackers with blessgroupset privileges.

Analysis
----------------
ED_PRI CAN-2002-0010 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0011
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0011
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020109
Category: SF
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may
allow remote attackers to more easily conduct attacks on the login.

Analysis
----------------
ED_PRI CAN-2002-0011 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0045
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0045
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020122
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous
users before 2.0.8, to conduct a "replace" action on access controls
without any values, which causes OpenLDAP to delete non-mandatory
attributes which would otherwise be protected by ACLs.

Analysis
----------------
ED_PRI CAN-2002-0045 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0542
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010710
Category: SF
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-060.asp
Reference: XF:mssql-text-message-bo(7724)
Reference: URL:http://xforce.iss.net/static/7724.php
Reference: BID:3733
Reference: URL:http://www.securityfocus.com/bid/3733

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers
with access to SQL Server to execute arbitrary code through the
functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf.  NOTE:
the C runtime format string vulnerability reported in MS01-060 is
identified by CAN-2001-0879.

Analysis
----------------
ED_PRI CAN-2001-0542 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0551
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0551
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20010718
Category: SF
Reference: CERT-VN:VU#860296
Reference: URL:http://www.kb.cert.org/vuls/id/860296
Reference: AIXAPAR:IY21539
Reference: AIXAPAR:IY20917
Reference: HP:HPSBUX0105-151
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q2/0044.html

Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users
to execute arbitrary code by copying text from the clipboard into the
Help window.

Analysis
----------------
ED_PRI CAN-2001-0551 3
Vendor Acknowledgement: yes
Content Decisions: SF-CODEBASE, SF-LOC

ABSTRACTION: HP says that they have fixed this problem in HP advisory
HPSBUX0105-151, which is CAN-2001-0772.  CAN-2001-0772 is a vague
advisory that covers more overflows and other types of problems.  So,
there is some overlap between these two candidates.  It is not certain
how to resolve this overlap.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0888
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0888
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20011219
Category: SF
Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100895903202798&w=2
Reference: XF:atmel-snmp-community-dos(7734)
Reference: URL:http://xforce.iss.net/static/7734.php
Reference: BID:3734
Reference: URL:http://www.securityfocus.com/bid/3734

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers
to cause a denial of service via a SNMP request with (1) a community
string other than "public" or (2) an unknown OID, which causes the WAP
to deny subsequent SNMP requests.

Analysis
----------------
ED_PRI CAN-2001-0888 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0944
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011202 mIRC bug?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100734173831990&w=2

DDE in mIRC allows local users to launch applications under another
user's account via a DDE message that executes a command, which may be
executed by the other user's process.

Analysis
----------------
ED_PRI CAN-2001-0944 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0945
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011203 Buffer over flow on Outlook express for Macintosh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100741295502017&w=2

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh
allows remote attackers to cause a denial of service via an e-mail
message that contains a long line.

Analysis
----------------
ED_PRI CAN-2001-0945 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0947
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0947
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-forms-reveal-path(7649)
Reference: URL:http://xforce.iss.net/static/7649.php
Reference: BID:3615
Reference: URL:http://www.securityfocus.com/bid/3615

Forms.exe CGI program in ValiCert Enterprise Validation Authority
(EVA) 3.3 through 4.2.1 allows remote attackers to determine the real
pathname of the server by requesting an invalid extension, which
produces an error page that includes the path.

Analysis
----------------
ED_PRI CAN-2001-0947 3
Vendor Acknowledgement: yes advisory
Content Decisions: DESIGN-REAL-PATH, SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting between problems of
different types, so the Valicert overflows, CSS, path disclosure, and
other types of problems are separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0948
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0948
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-admin-script-injection(7650)
Reference: URL:http://xforce.iss.net/static/7650.php
Reference: BID:3619
Reference: URL:http://www.securityfocus.com/bid/3619

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise
Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers
to execute arbitrary code or display false information by including
HTML or script in the certificate's description, which is executed
when the certificate is viewed.

Analysis
----------------
ED_PRI CAN-2001-0948 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests splitting between problems of
different types, so the Valicert overflows, CSS, path disclosure, and
other types of problems are separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0949
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0949
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-forms-bo(7652)
Reference: URL:http://xforce.iss.net/static/7652.php
Reference: BID:3621
Reference: URL:http://www.securityfocus.com/bid/3621
Reference: BID:3622
Reference: URL:http://www.securityfocus.com/bid/3622
Reference: BID:3624
Reference: URL:http://www.securityfocus.com/bid/3624
Reference: BID:3625
Reference: URL:http://www.securityfocus.com/bid/3625
Reference: BID:3627
Reference: URL:http://www.securityfocus.com/bid/3627
Reference: BID:3628
Reference: URL:http://www.securityfocus.com/bid/3628
Reference: BID:3629
Reference: URL:http://www.securityfocus.com/bid/3629
Reference: BID:3630
Reference: URL:http://www.securityfocus.com/bid/3630
Reference: BID:3631
Reference: URL:http://www.securityfocus.com/bid/3631
Reference: BID:3632
Reference: URL:http://www.securityfocus.com/bid/3632
Reference: BID:3633
Reference: URL:http://www.securityfocus.com/bid/3633
Reference: BID:3634
Reference: URL:http://www.securityfocus.com/bid/3634
Reference: BID:3635
Reference: URL:http://www.securityfocus.com/bid/3635
Reference: BID:3636
Reference: URL:http://www.securityfocus.com/bid/3636

Buffer overflows in forms.exe CGI program in ValiCert Enterprise
Validation Authority (EVA) Administration Server 3.3 through 4.2.1
allows remote attackers to execute arbitrary code via long arguments
to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs,
(4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen,
(8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal,
(12) maxOCSPValidityPeriod, (13) extension, and (14) a particular
combination of parameters associated with private key generation that
form a string of a certain length.

Analysis
----------------
ED_PRI CAN-2001-0949 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CF:SF-LOC suggests combining problems of the same type in
the same version, so all buffer overflows are included in this item.
This is a good example of CVE's "content decisions" at work - XF chose
one level of abstraction and BID chose another.  CD:SF-LOC also
suggests splitting between problems of different types, so the
Valicert overflows, path disclosure, and other types of problems are
separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0950
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0950
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2
Reference: CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
Reference: XF:eva-insecure-key-generation(7653)
Reference: URL:http://xforce.iss.net/static/7653.php
Reference: XF:eva-insecure-key-storage(7651)
Reference: URL:http://xforce.iss.net/static/7651.php
Reference: BID:3618
Reference: URL:http://www.securityfocus.com/bid/3618
Reference: BID:3620
Reference: URL:http://www.securityfocus.com/bid/3620

ValiCert Enterprise Validation Authority (EVA) Administration Server
3.3 through 4.2.1 uses insufficiently random data to (1) generate
session tokens for HSMs using the C rand function, or (2) generate
certificates or keys using /dev/urandom instead of another source
which blocks when the entropy pool is low, which could make it easier
for local or remote attackers to steal tokens or certificates via
brute force guessing.

Analysis
----------------
ED_PRI CAN-2001-0950 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests merging problems of the same type that
appear in the same version.  Both the C rand() function and the use of
/dev/urandom have a common underlying result: insufficiently random
data.  Thus these 2 problems are the "same type" and should be
combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0951
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774842520403&w=2
Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100813081913496&w=2
Reference: XF:win2k-ike-dos(7667)
Reference: URL:http://xforce.iss.net/static/7667.php
Reference: BID:3652
Reference: URL:http://www.securityfocus.com/bid/3652

Windows 2000 allows remote attackers to cause a denial of service
(high CPU usage) by flooding Internet Key Exchange (IKE) UDP port 500
with packets that contain a large number of dots.

Analysis
----------------
ED_PRI CAN-2001-0951 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0952
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011207 Red Faction Server/Client DOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100774266027774&w=2
Reference: XF:red-faction-udp-dos(7672)
Reference: URL:http://xforce.iss.net/static/7672.php
Reference: BID:3651
Reference: URL:http://www.securityfocus.com/bid/3651

THQ Volition Red Faction Game allows remote attackers to cause a
denial of service (hang) of a client or server via packets to UDP port
7755.

Analysis
----------------
ED_PRI CAN-2001-0952 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2001-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0953
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020131
Assigned: 20020131
Category: SF
Reference: BUGTRAQ:20011208 kebi-Webmail Solution vulnerability (Tested)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100780264902037&w=2:1
Reference: XF:kebi-webmail-admin-dir-access(7674)
Reference: URL:http://xforce.iss.net/static/7674.php
Reference: BID:3655
Reference: URL:http://www.securityfocus.com/bid/3655

Kebi WebMail allows remote attackers to access the administrator menu
and gain privileges via the /a/ hidden directory, which is installed
under the web document root.

Analysis
----------------
ED_PRI CAN-2001-0953 3
Vendor Acknowledgement: unknown foreign

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster RECENT-78 - 54 candidates
Next by Date: [BOARD] Franck Veysset has joined the Editorial Board
Prev by thread: [PROPOSAL] Cluster RECENT-78 - 54 candidates
Next by thread: [BOARD] Franck Veysset has joined the Editorial Board
Index(es):
- Date
- Thread