[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-83 - 52 candidates



I am proposing cluster RECENT-83 for review and voting by the
Editorial Board.

Name: RECENT-83
Description: Candidates announced between 1/2/2002 and 1/21/2002
Size: 52

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3
Reference: URL:http://www.securityfocus.com/archive/1/248367
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: BID:3783
Reference: URL:http://www.securityfocus.com/bid/3783
Reference: XF:geeklog-default-admin-privileges(7780)
Reference: URL:http://www.iss.net/security_center/static/7780.php

The installation of Geeklog 1.3 creates an extra group_assignments
record which is not properly deleted, which causes the first newly
created user to be added to the GroupAdmin and UserAdmin groups, which
could provide that user with administrative privileges that were not
intended.

Analysis
----------------
ED_PRI CAN-2002-0096 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The "Security" page for the geeklog project site
includes an entry dated January 3, 2002, which states "Security Fix!
... the first user that creates an account has access to the
GroupAdmin Group and, subsequently, the UserAdmin Group."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0097
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0097
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3
Reference: URL:http://online.securityfocus.com/archive/1/249443
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: BID:3844
Reference: URL:http://online.securityfocus.com/bid/3844
Reference: XF:geeklog-modify-auth-cookie(7869)
Reference: URL:http://www.iss.net/security_center/static/7869.php

Geeklog 1.3 allows remote attackers to hijack user accounts, including
the administrator account, by modifying the UID of a user's permanent
cookie to the target account.

Analysis
----------------
ED_PRI CAN-2002-0097 1
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: In an item dated January 9, 2002, the geeklog vendor
states: "Major Security Hole Fixed! ... it is possible to have your
Geeklog 1.3 system compromised by simply editing the cookie and
changing the user ID to that of a Geeklog admin."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0098
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0098
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027773404836&w=2
Reference: BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released
Reference: URL:http://online.securityfocus.com/archive/1/249219
Reference: CONFIRM:http://www.boozt.com/news_detail.php?id=3
Reference: BID:3787
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787
Reference: XF:boozt-long-name-bo(7790)
Reference: URL:http://www.iss.net/security_center/static/7790.php

Buffer overflow in index.cgi administration interface for Boozt!
Standard 0.9.8 allows local users to execute arbitrary code via a long
name field when creating a new banner.

Analysis
----------------
ED_PRI CAN-2002-0098 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0128
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0128
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/250545
Reference: BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
Reference: URL:http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: BID:3885
Reference: URL:http://www.securityfocus.com/bid/3885
Reference: XF:sambar-cgitest-dos(7894)
Reference: URL:http://www.iss.net/security_center/static/7894.php

cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers
to cause a denial of service, and possibly execute arbitrary code, via
a long argument.

Analysis
----------------
ED_PRI CAN-2002-0128 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The Sambar security page says "All versions of the
Sambar WWW Server prior to the 5.1 Beta 4 release are vulnerable to a
reported DoS attack against the /cgi-win/cgitest.exe sample
application" and credits the Bugtraq poster.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0139
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1
Reference: URL:http://online.securityfocus.com/archive/1/251422
Reference: BID:3910
Reference: URL:http://online.securityfocus.com/bid/3910
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: XF:spoonftp-ftp-bounce(7943)
Reference: URL:http://www.iss.net/security_center/static/7943.php

Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect
traffic to other sites (aka FTP bounce) via the PORT command.

Analysis
----------------
ED_PRI CAN-2002-0139 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: the home page for SpoonFTP states that "A fix to
prevent a potential 'bounce attack' against SpoonFTP was added in
version 1.2."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0107
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0107
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101052887431488&w=2
Reference: BID:3841
Reference: URL:http://www.securityfocus.com/bid/3841
Reference: BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS
Reference: URL:http://online.securityfocus.com/archive/1/254167
Reference: XF:cachos-insecure-web-interface(7835)
Reference: URL:http://www.iss.net/security_center/static/7835.php

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier
allows remote attackers to obtain sensitive information via a series
of GET requests that do not end in with HTTP/1.0 or another version
string, which causes the information to be leaked in the error
message.

Analysis
----------------
ED_PRI CAN-2002-0107 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0111
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0111
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062213627501&w=2
Reference: BID:3861
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861
Reference: XF:dinos-webserver-directory-traversal(7853)
Reference: URL:http://www.iss.net/security_center/static/7853.php

Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and
earlier allows remote attackers to read files or execute arbitrary
commands via a .. (dot dot) in the URL.

Analysis
----------------
ED_PRI CAN-2002-0111 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: email inquiry sent to andgjens@online.no (subject
"Dino's FunSoft") on 3/11/2002, acknowledgement received on 3/12/2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0115
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0115
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020110 Snort core dumped
Reference: URL:http://online.securityfocus.com/archive/1/249340
Reference: BUGTRAQ:20020110 Re: Snort core dumped
Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1
Reference: BID:3849
Reference: URL:http://online.securityfocus.com/bid/3849
Reference: XF:snort-icmp-dos(7874)
Reference: URL:http://www.iss.net/security_center/static/7874.php

Snort 1.8.3 does not properly define the minimum ICMP header size,
which allows remote attackers to cause a denial of service (crash and
core dump) via a malformed ICMP packet.

Analysis
----------------
ED_PRI CAN-2002-0115 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0123
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0123
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250242
Reference: BID:3874
Reference: URL:http://online.securityfocus.com/bid/3874
Reference: XF:ws4d-long-url-dos(7879)
Reference: URL:http://www.iss.net/security_center/static/7879.php

MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier,
and possibly 3.5.3, allows remote attackers to cause a denial of
service and possibly execute arbitrary commands via a long HTTP
request.

Analysis
----------------
ED_PRI CAN-2002-0123 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: inquiry sent to support@mdg.com on 3/11/2002.
Response received on 3/12/2002 states "This vulnerability was not in
3.5.3, but rather version 3.0 or earlier.  It was from some time ago."
So, it is not entirely clear whether the discloser correctly reported
the version, or if the problem was re-introduced, or appears in a
slightly different distribution.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0143
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0143
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/250145
Reference: BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/251597
Reference: BID:3868
Reference: URL:http://online.securityfocus.com/bid/3868
Reference: XF:eterm-home-bo(7896)
Reference: URL:http://www.iss.net/security_center/static/7896.php

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier
allows local users to execute arbitrary code via a long HOME
environment variable.

Analysis
----------------
ED_PRI CAN-2002-0143 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0094
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0094
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: MISC:http://bscw.gmd.de/WhatsNew.html
Reference: BID:3776
Reference: URL:http://www.securityfocus.com/bid/3776
Reference: XF:bscw-remote-shell-execution(7774)
Reference: URL:http://www.iss.net/security_center/static/7774.php

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x
and versions before 4.06 allows remote attackers to execute arbitrary
commands via shell metacharacters in the file name during filename
conversion.

Analysis
----------------
ED_PRI CAN-2002-0094 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: The entry dated December 21, 2001 on the vendor's
"What's New" page states "The new release fixes a number of bugs and
security issues," but this is too vague to be certain that the vendor
has fixed *this* problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: BID:3777
Reference: URL:http://www.securityfocus.com/bid/3777
Reference: XF:bscw-default-installation-registration(7775)
Reference: URL:http://www.iss.net/security_center/static/7775.php

The default configuration of BSCW (Basic Support for Cooperative Work)
3.x and possibly version 4 enables user self registration, which could
allow remote attackers to upload files and possibly join a user
community that was intended to be closed.

Analysis
----------------
ED_PRI CAN-2002-0095 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: The entry dated December 21, 2001 on the vendor's
"What's New" page states "The new release fixes a number of bugs and
security issues," but this is too vague to be certain that the vendor
has fixed *this* problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0099
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0099
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020105 Savant Webserver Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027722904078&w=2
Reference: NTBUGTRAQ:20020109 Savant Webserver Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823305479&w=2
Reference: BID:3788
Reference: URL:http://online.securityfocus.com/bid/3788
Reference: XF:savant-long-parameter-bo(7786)
Reference: URL:http://www.iss.net/security_center/static/7786.php

Buffer overflow in cgi-test.pl in Michael Lamont Savant Web Server 3.0
allows remote attackers to cause a denial of service (crash) via a
long HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0099 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0100
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0100
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020106 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101038936305397&w=2
Reference: NTBUGTRAQ:20020109 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823205474&w=2
Reference: BID:3791
Reference: URL:http://online.securityfocus.com/bid/3791
Reference: XF:aolserver-protected-file-access(7825)
Reference: URL:http://www.iss.net/security_center/static/7825.php

AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass
authentication and read password-protected files via a URL that
directly references the file.

Analysis
----------------
ED_PRI CAN-2002-0100 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0101
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0101
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020106 Internet Explorer Javascript Modeless Popup Local Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039104608083&w=2
Reference: BID:3789
Reference: URL:http://online.securityfocus.com/bid/3789
Reference: XF:ie-modeless-dialog-dos(7826)
Reference: URL:http://www.iss.net/security_center/static/7826.php

Microsoft Internet Explorer 6.0 and earlier allows local users to
cause a denial of service via an infinite loop for modeless dialogs
showModelessDialog, which causes CPU usage while the focus for the
dialog is not released.

Analysis
----------------
ED_PRI CAN-2002-0101 3
Vendor Acknowledgement: unknown
Content Decisions: EX-CLIENT-DOS

INCLUSION: CD:EX-CLIENT-DOS states that a client-side DoS that only
affects the client should not be included in CVE.  In this case, it
was reported that the CPU consumption increases significantly, so the
scope of the DoS is not limited to the client alone.  In addition, if
the dialog for the focus is not released, then the user may need to
reboot to "fix" the client, and the scope of the attack is again
beyond that of just IE.  Therefore, this item should be included in
CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0102
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0102
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
Reference: BID:3760
Reference: URL:http://online.securityfocus.com/bid/3760
Reference: BID:3762
Reference: URL:http://online.securityfocus.com/bid/3762

Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial
of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002
with a large number of null characters, and (2) a request to TCP port
4000 with a large number of "." characters.

Analysis
----------------
ED_PRI CAN-2002-0102 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: CD:SF-LOC and CD:SF-EXEC suggest merging problems of the
same type in the same version, so the null character and . character
problems are combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: CF
Reference: BUGTRAQ:20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041510727937&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf
Reference: BID:3761
Reference: URL:http://online.securityfocus.com/bid/3761
Reference: BID:3764
Reference: URL:http://online.securityfocus.com/bid/3764

An installer program for Oracle9iAS Web Cache 2.0.0.x creates
executable and configuration files with insecure permissions, which
allows local users to gain privileges by (1) running webcached or (2)
obtaining the administrator password from webcache.xml.

Analysis
----------------
ED_PRI CAN-2002-0103 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0104
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0104
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020107 Aftpd core dump vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041333323486&w=2
Reference: BID:3806
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3806
Reference: XF:aftpd-crash-core-dump(7832)
Reference: URL:http://www.iss.net/security_center/static/7832.php

AFTPD 5.4.4 allows remote attackers to gain sensitive information via
a CD (CWD) ~ (tilde) command, which causes a core dump.

Analysis
----------------
ED_PRI CAN-2002-0104 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0105
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0105
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 CDE bug in Unixware 7.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060400802428&w=2
Reference: BID:3818
Reference: URL:http://www.securityfocus.com/bid/3818
Reference: XF:unixware-dtlogin-log-symlink(7864)
Reference: URL:http://www.iss.net/security_center/static/7864.php

CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating
systems, allows local users to gain privileges via a symlink attack on
/var/dt/Xerrors since /var/dt is world-writable.

Analysis
----------------
ED_PRI CAN-2002-0105 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0106
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0106
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101050440629269&w=2
Reference: BID:3816
Reference: URL:http://www.securityfocus.com/bid/3816
Reference: XF:weblogic-dos-jsp-dos(7808)
Reference: URL:http://www.iss.net/security_center/static/7808.php

BEA Systems Weblogic Server 6.1 allows remote attackers to cause a
denial of service via a series of requests to .JSP files that contain
an MS-DOS device name.

Analysis
----------------
ED_PRI CAN-2002-0106 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 Allaire Forums Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/249026
Reference: BID:3827
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3827
Reference: XF:allaire-forums-message-spoofing(7841)
Reference: URL:http://www.iss.net/security_center/static/7841.php

Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote
authenticated users to spoof messages as other users by modifying the
hidden form fields for the name and e-mail address.

Analysis
----------------
ED_PRI CAN-2002-0108 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0109
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020106 Linksys 'routers', SNMP issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039288111680&w=2
Reference: BID:3795
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3795
Reference: BID:3797
Reference: URL:http://online.securityfocus.com/bid/3797
Reference: XF:linksys-etherfast-default-snmp(7827)
Reference: URL:http://www.iss.net/security_center/static/7827.php

Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly
other products, allow remote attackers to gain sensitive information
and cause a denial of service via an SNMP query for the default
community string "public," which causes the router to change its
configuration and send SNMP trap information back to the system that
initiated the query.

Analysis
----------------
ED_PRI CAN-2002-0109 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0110
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0110
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020109 MiraMail 1.04 can give POP account access and details
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101063476715154&w=2
Reference: BID:3843
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3843
Reference: XF:miramail-plaintext-auth-info(7855)
Reference: URL:http://www.iss.net/security_center/static/7855.php

Nevrona Designs MiraMail 1.04 and earlier stores authentication
information such as POP usernames and passwords in plaintext in a .ini
file, which allows an attacker to gain privileges by reading the
passwords from the file.

Analysis
----------------
ED_PRI CAN-2002-0110 3
Vendor Acknowledgement: yes via-email
Content Decisions: DESIGN-NO-ENCRYPTION

ACKNOWLEDGEMENT: inquiry sent to support@nevrona.com on 3/11/2002.  On
3/12/2002, tech@nevrona.com replied "The latest release, 1.05, is now
available which encypts all sensitive data in the configuration
files...  Regardless of the low security risk, Nevrona Designs has
taken this seriously and has changed the software to encrypt password
information in the 1.05 release."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0112
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0112
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062172226812&w=2
Reference: NTBUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823505486&w=2
Reference: BUGTRAQ:20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)
Reference: URL:http://online.securityfocus.com/archive/1/249734
Reference: BID:3838
Reference: URL:http://online.securityfocus.com/bid/3838

Etype Eserv 2.97 allows remote attackers to view password protected
files via /./ in the URL.

Analysis
----------------
ED_PRI CAN-2002-0112 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0113
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0113
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020110 Legato Vulnerable
Reference: URL:http://online.securityfocus.com/archive/1/249420
Reference: BID:3840
Reference: URL:http://online.securityfocus.com/bid/3840
Reference: XF:legato-nsrd-log-permissions(7897)
Reference: URL:http://www.iss.net/security_center/static/7897.php

Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with
world-readable permissions, which allows local users to read sensitive
information and possibly gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0113 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests creating separate items for problems
of different types.  There are 2 different issues identified in the
post: lack of encryption of a password, and weak permissions.
Addressing one problem doesn't fix the other.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0114
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0114
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020110 Legato Vulnerable
Reference: URL:http://online.securityfocus.com/archive/1/249420
Reference: BID:3842
Reference: URL:http://online.securityfocus.com/bid/3842
Reference: XF:legato-nsrd-log-plaintext(7898)
Reference: URL:http://www.iss.net/security_center/static/7898.php

Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log
file, which allows local users to gain privileges by reading the
password from the file.

Analysis
----------------
ED_PRI CAN-2002-0114 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION

ABSTRACTION: CD:SF-LOC suggests creating separate items for problems
of different types.  There are 2 different issues identified in the
post: lack of encryption of a password, and weak permissions.
Addressing one problem doesn't fix the other.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0116
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0116
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020110 Handspring Visor D.O.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101069677929208&w=2
Reference: BUGTRAQ:20020110 Re: Handspring Visor D.O.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101070523119956&w=2
Reference: BID:3847
Reference: URL:http://online.securityfocus.com/bid/3847
Reference: XF:palmos-nmap-dos(7865)
Reference: URL:http://www.iss.net/security_center/static/7865.php

Palm OS 3.5h and possibly other versions, as used in Handspring Visor
and Xircom products, allows remote attackers to cause a denial of
service via a TCP connect scan, e.g. from nmap.

Analysis
----------------
ED_PRI CAN-2002-0116 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0117
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
Reference: URL:http://online.securityfocus.com/archive/1/249031
Reference: BID:3828
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
Reference: XF:yabb-encoded-css(7840)
Reference: URL:http://www.iss.net/security_center/static/7840.php

Cross-site scripting vulnerability in Yet Another Bulletin Board
(YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute
arbitrary script and steal cookies via a message containing encoded
Javascript in an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0117 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0118
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0118
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
Reference: URL:http://online.securityfocus.com/archive/1/249031
Reference: BID:3829
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3829
Reference: XF:ultimatebb-encoded-css(7838)
Reference: URL:http://www.iss.net/security_center/static/7838.php

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board
(UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute
arbitrary script and steal cookies via a message containing encoded
Javascript in an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-0118 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0119
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0119
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020111 Bug in alcatel speed touch home adsl modem
Reference: URL:http://online.securityfocus.com/archive/1/249746
Reference: BID:3851
Reference: URL:http://online.securityfocus.com/bid/3851
Reference: XF:alcatel-speedtouch-nmap-dos(7893)
Reference: URL:http://www.iss.net/security_center/static/7893.php

Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a
denial of service (reboot) via a network scan with unusual packets,
such as nmap with OS detection.

Analysis
----------------
ED_PRI CAN-2002-0119 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0120
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X
Reference: URL:http://online.securityfocus.com/archive/1/250093
Reference: BID:3863
Reference: URL:http://online.securityfocus.com/bid/3863
Reference: XF:palm-macos-backup-permissions(7937)
Reference: URL:http://www.iss.net/security_center/static/7937.php

Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup
files and folders when a hotsync is performed, which could allow a
local user to obtain sensitive information.

Analysis
----------------
ED_PRI CAN-2002-0120 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0121
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020113 PHP 4.x session spoofing
Reference: URL:http://online.securityfocus.com/archive/1/250196
Reference: BID:3873
Reference: URL:http://online.securityfocus.com/bid/3873
Reference: php-session-temp-disclosure(7908)
Reference: URL:http://www.iss.net/security_center/static/7908.php

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name
contains the session ID, which allows local users to hijack web
connections.

Analysis
----------------
ED_PRI CAN-2002-0121 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0122
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Siemens Mobie SMS Exceptional Character Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250115
Reference: BID:3870
Reference: URL:http://online.securityfocus.com/bid/3870
Reference: XF:siemens-invalid-sms-dos(7902)
Reference: URL:http://www.iss.net/security_center/static/7902.php

Siemens 3568i WAP mobile phones allows remote attackers to cause a
denial of service (crash) via an SMS message containing unusual
characters.

Analysis
----------------
ED_PRI CAN-2002-0122 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0124
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0124
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250231
Reference: BID:3872
Reference: URL:http://online.securityfocus.com/bid/3872
Reference: XF:ws4d-dot-directory-traversal(7878)
Reference: URL:http://www.iss.net/security_center/static/7878.php

MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote
attackers to exploit directory traversal vulnerability via a ../ (dot
dot) containing URL-encoded slashes in the HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0124 3
Vendor Acknowledgement: unknown

ACKNOWLEDGEMENT: inquiry sent to support@mdg.com on 3/11/2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0125
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0125
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Clanlib overflow / Super Methane Brothers overflow
Reference: URL:http://online.securityfocus.com/archive/1/250414
Reference: BID:3877
Reference: URL:http://online.securityfocus.com/bid/3877
Reference: XF:clanlib-long-env-bo(7905)
Reference: URL:http://www.iss.net/security_center/static/7905.php

Buffer overflow in ClanLib library 0.5 may allow local users to
execute arbitrary code in games that use the library, such as (1)
Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and
others, via a long HOME environment variable.

Analysis
----------------
ED_PRI CAN-2002-0125 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020115 BlackMoon FTPd Buffer Overflow Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250543
Reference: BID:3884
Reference: URL:http://online.securityfocus.com/bid/3884
Reference: MISC:http://members.rogers.com/blackmoon2k/pages/news_page.html
Reference: XF:blackmoon-ftpd-static-bo(7895)
Reference: URL:http://www.iss.net/security_center/static/7895.php

Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote
attackers to execute arbitrary code via a long argument to (1) USER,
(2) PASS, or (3) CWD.

Analysis
----------------
ED_PRI CAN-2002-0126 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor news page includes an item dated Tuesday
January 15th 2002, highlighted in red, which states "This fix is
highly recommended if you are actively using any of the previous
versions."  This is the only item in red on the page, and it does line
up closely with the release date of the Bugtraq post.  However, it is
not clear whether the person being credited for the problem is
affiliated with the poster, and with the lack of details, it is
uncertain whether the vendor is truly acknowledging this issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0127
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0127
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020115 Vulnerability Netgear RP-114 Router - nmap causes DOS
Reference: URL:http://online.securityfocus.com/archive/1/250405
Reference: BID:3876
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3876

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured
to block traffic below port 1024, allows remote attackers to cause a
denial of service (hang) via a port scan of the WAN port.

Analysis
----------------
ED_PRI CAN-2002-0127 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0129
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0129
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: VULN-DEV:20020116 efax
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101114350330912&w=2
Reference: BUGTRAQ:20020116 Re: efax
Reference: URL:http://online.securityfocus.com/archive/1/250837
Reference: BID:3895
Reference: URL:http://online.securityfocus.com/bid/3895
Reference: XF:efax-d-read-files(7921)
Reference: URL:http://www.iss.net/security_center/static/7921.php

efax 0.9 and earlier, when installed setuid root, allows local users
to read arbitrary files via the -d option, which prints the contents
of the file in a warning message.

Analysis
----------------
ED_PRI CAN-2002-0129 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0130
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0130
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020116 Re: efax
Reference: URL:http://online.securityfocus.com/archive/1/250799
Reference: VULN-DEV:20020117 Re: efax - Exploitation info
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101133782204289&w=2
Reference: BID:3894
Reference: URL:http://online.securityfocus.com/bid/3894
Reference: XF:efax-x-bo(7920)
Reference: URL:http://www.iss.net/security_center/static/7920.php

Buffer overflow in efax 0.9 and earlier, when installed setuid root,
allows local users to execute arbitrary code via a long -x argument.

Analysis
----------------
ED_PRI CAN-2002-0130 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0131
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0131
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category:
Reference: BUGTRAQ:20020115 Serious privacy leak in Python for Windows
Reference: URL:http://marc.theaimsgroup.com/?t=101113015900001&r=1&w=2
Reference: BID:3893
Reference: URL:http://online.securityfocus.com/bid/3893
Reference: XF:activepython-activex-read-files(7910)
Reference: URL:http://www.iss.net/security_center/static/7910.php

ActivePython ActiveX control for Python, when used in Internet
Explorer, does not prevent a script from reading files from the
client's filesystem, which allows remote attackers to read arbitrary
files via a malicious web page containing Python script.

Analysis
----------------
ED_PRI CAN-2002-0131 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020116 Chinput Buffer Overflow Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250815
Reference: BID:3896
Reference: URL:http://online.securityfocus.com/bid/3896
Reference: XF:chinput-long-env-bo(7911)
Reference: URL:http://www.iss.net/security_center/static/7911.php

Buffer overflow in Chinput 3.0 allows local users to execute arbitrary
code via a long HOME environment variable.

Analysis
----------------
ED_PRI CAN-2002-0132 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0133
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0133
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020117 Avirt Proxy Buffer Overflow Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/251055
Reference: BUGTRAQ:20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828092&w=2
Reference: BUGTRAQ:20020220 Avirt 4.2 question
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2
Reference: BUGTRAQ:20020212 Avirt Gateway 4.2  remote buffer overflow: proof of concept
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366658112809&w=2
Reference: BID:3904
Reference: URL:http://online.securityfocus.com/bid/3904
Reference: BID:3905
Reference: URL:http://online.securityfocus.com/bid/3905
Reference: XF:avirt-http-proxy-bo(7916)
Reference: URL:http://www.iss.net/security_center/static/7916.php
Reference: XF:avirt-telnet-proxy-bo(7918)
Reference: URL:http://www.iss.net/security_center/static/7918.php

Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to
cause a denial of service and possibly execute arbitrary code via (1)
long header fields to the HTTP proxy, or (2) a long string to the
telnet proxy.

Analysis
----------------
ED_PRI CAN-2002-0133 3
Vendor Acknowledgement: unknown
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: CD-SF-EXEC suggests merging problems of the same type
that appear in different executables of the same package and version.
Both the HTTP proxy and telnet proxy are in the same package (Gateway
Suite) and version (4.2), so they are combined.
CD:SF-LOC suggests splitting problems of different types, so the "dos
prompt" problem is given a separate identifier from the "proxy
overflow" problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0134
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0134
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020117 Avirt Gateway Suite Remote SYSTEM Level Compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101131669102843&w=2
Reference: BUGTRAQ:20020220 Avirt 4.2 question
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2
Reference: BID:3901
Reference: URL:http://online.securityfocus.com/bid/3901
Reference: XF:avirt-gateway-telnet-access(7915)
Reference: URL:http://www.iss.net/security_center/static/7915.php

Telnet proxy in Avirt Gateway Suite 4.2 does not require
authentication for connecting to the proxy system itself, which allows
remote attackers to list file contents of the proxy and execute
arbitrary commands via a "dos" command.

Analysis
----------------
ED_PRI CAN-2002-0134 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

CD:SF-LOC suggests splitting problems of different types, so the "dos
prompt" problem is given a separate identifier from the "proxy
overflow" problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0135
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020118 Timbuktu 6.0.1 and Older DoS Advisory
Reference: URL:http://online.securityfocus.com/archive/1/251582
Reference: BID:3918
Reference: URL:http://online.securityfocus.com/bid/3918
Reference: XF:timbuktu-multiple-conn-dos(7935)
Reference: URL:http://www.iss.net/security_center/static/7935.php

Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to
cause a denial of service (crash) via a series of connections to one
of the ports (1417 - 1420).

Analysis
----------------
ED_PRI CAN-2002-0135 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0136
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0136
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020115 IE FORM DOS
Reference: URL:http://online.securityfocus.com/archive/1/250592
Reference: BID:3892
Reference: URL:http://online.securityfocus.com/bid/3892

Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages
to cause a denial of service (hang) via extremely long values for form
fields such as INPUT and TEXTAREA, which can be automatically filled
via Javascript.

Analysis
----------------
ED_PRI CAN-2002-0136 3
Vendor Acknowledgement: unknown
Content Decisions: EX-CLIENT-DOS

INCLUSION: CD:EX-CLIENT-DOS states that if a client-side DoS that can
be fixed by restarting an application, and the scope is limited to the
client only, that the problem should be excluded from CVE.  However,
in this case, it has been reported that the DoS can extend to the
operating system itself, including a system halt.
This also appears to work in Netscape, to some extent.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0137
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0137
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020112 cdrdao insecure filehandling
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2
Reference: BID:3865
Reference: URL:http://online.securityfocus.com/bid/3865

CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files
via a symlink attack on the $HOME/.cdrdao configuration file.

Analysis
----------------
ED_PRI CAN-2002-0137 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0138
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0138
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020112 cdrdao insecure filehandling
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2
Reference: BUGTRAQ:20020115 Re: cdrdao insecure filehandling
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101111688819855&w=2

CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via
the show-data command.

Analysis
----------------
ED_PRI CAN-2002-0138 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0140
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0140
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020120 dnrd 2.10 dos
Reference: URL:http://online.securityfocus.com/archive/1/251619
Reference: BID:3928
Reference: URL:http://online.securityfocus.com/bid/3928

Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote
malicious DNS sites to cause a denial of service and possibly execute
arbitrary code via a long or malformed DNS reply, which is not handled
properly by parse_query, get_objectname, and possibly other functions.

Analysis
----------------
ED_PRI CAN-2002-0140 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0141
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0141
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020120 Maelstrom 1.4.3 abartity file overwrite
Reference: URL:http://online.securityfocus.com/archive/1/251419
Reference: BID:3911
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3911
Reference: XF:maelstrom-tmp-symlink(7939)
Reference: URL:http://www.iss.net/security_center/static/7939.php

Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of
other Maelstrom users via a symlink attack on the /tmp/f file.

Analysis
----------------
ED_PRI CAN-2002-0141 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0142
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0142
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250126
Reference: BUGTRAQ:20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828093&w=2
Reference: NTBUGTRAQ:20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101102275316307&w=2
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753
Reference: BID:3866
Reference: URL:http://online.securityfocus.com/bid/3866
Reference: XF:pi3web-long-parameter-bo(7880)
Reference: URL:http://www.iss.net/security_center/static/7880.php

CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows
remote attackers to cause a denial of service (crash) via a series of
requests whose physical path is exactly 260 characters long and ends
in a series of . (dot) characters.

Analysis
----------------
ED_PRI CAN-2002-0142 3
Vendor Acknowledgement: yes patch
Content Decisions: EX-BETA

INCLUSION: CD:EX-BETA suggests that problems in beta software should
be excluded from CVE unless the software has reached wide
distribution, or if the software is in "permanent" beta.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0144
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0144
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020121 security vulnerability in chuid
Reference: URL:http://online.securityfocus.com/archive/1/251763
Reference: BID:3937
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3937
Reference: XF:chuid-unauthorized-ownership-change(7976)
Reference: URL:http://www.iss.net/security_center/static/7976.php

Directory traversal vulnerability in chuid 1.2 and earlier allows
remote attackers to change the ownership of files outside of the
upload directory via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2002-0144 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests separating between different types of
problems.  The Bugtraq poster (who is also the vendor) states that
there are 2 bugs, and the first is a .. problem, implying that the 2nd
bug is *not* a .. problem.  Thus the 2 issues should be separated.
(A look at the source code further clarifies this distinction.)

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0145
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0145
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020315
Category: SF
Reference: BUGTRAQ:20020121 security vulnerability in chuid
Reference: URL:http://online.securityfocus.com/archive/1/251763
Reference: BID:3937
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3937

chuid 1.2 and earlier does not properly verify the ownership of files
that will be changed, which allows remote attackers to change
files owned by other users, such as root.

Analysis
----------------
ED_PRI CAN-2002-0145 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests separating between different types of
problems.  The Bugtraq poster (who is also the vendor) states that
there are 2 bugs, and the first is a .. problem, implying that the 2nd
bug is *not* a .. problem.  Thus the 2 issues should be separated.
(A look at the source code further clarifies this distinction.)

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007