|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-83 - 52 candidates
I am proposing cluster RECENT-83 for review and voting by the Editorial Board. Name: RECENT-83 Description: Candidates announced between 1/2/2002 and 1/21/2002 Size: 52 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0096 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3 Reference: URL:http://www.securityfocus.com/archive/1/248367 Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security Reference: BID:3783 Reference: URL:http://www.securityfocus.com/bid/3783 Reference: XF:geeklog-default-admin-privileges(7780) Reference: URL:http://www.iss.net/security_center/static/7780.php The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended. Analysis ---------------- ED_PRI CAN-2002-0096 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The "Security" page for the geeklog project site includes an entry dated January 3, 2002, which states "Security Fix! ... the first user that creates an account has access to the GroupAdmin Group and, subsequently, the UserAdmin Group." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0097 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3 Reference: URL:http://online.securityfocus.com/archive/1/249443 Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security Reference: BID:3844 Reference: URL:http://online.securityfocus.com/bid/3844 Reference: XF:geeklog-modify-auth-cookie(7869) Reference: URL:http://www.iss.net/security_center/static/7869.php Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. Analysis ---------------- ED_PRI CAN-2002-0097 1 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: In an item dated January 9, 2002, the geeklog vendor states: "Major Security Hole Fixed! ... it is possible to have your Geeklog 1.3 system compromised by simply editing the cookie and changing the user ID to that of a Geeklog admin." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0098 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027773404836&w=2 Reference: BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released Reference: URL:http://online.securityfocus.com/archive/1/249219 Reference: CONFIRM:http://www.boozt.com/news_detail.php?id=3 Reference: BID:3787 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787 Reference: XF:boozt-long-name-bo(7790) Reference: URL:http://www.iss.net/security_center/static/7790.php Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. Analysis ---------------- ED_PRI CAN-2002-0098 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0128 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/250545 Reference: BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit Reference: URL:http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: BID:3885 Reference: URL:http://www.securityfocus.com/bid/3885 Reference: XF:sambar-cgitest-dos(7894) Reference: URL:http://www.iss.net/security_center/static/7894.php cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument. Analysis ---------------- ED_PRI CAN-2002-0128 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The Sambar security page says "All versions of the Sambar WWW Server prior to the 5.1 Beta 4 release are vulnerable to a reported DoS attack against the /cgi-win/cgitest.exe sample application" and credits the Bugtraq poster. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0139 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1 Reference: URL:http://online.securityfocus.com/archive/1/251422 Reference: BID:3910 Reference: URL:http://online.securityfocus.com/bid/3910 Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml Reference: XF:spoonftp-ftp-bounce(7943) Reference: URL:http://www.iss.net/security_center/static/7943.php Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. Analysis ---------------- ED_PRI CAN-2002-0139 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the home page for SpoonFTP states that "A fix to prevent a potential 'bounce attack' against SpoonFTP was added in version 1.2." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0107 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101052887431488&w=2 Reference: BID:3841 Reference: URL:http://www.securityfocus.com/bid/3841 Reference: BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS Reference: URL:http://online.securityfocus.com/archive/1/254167 Reference: XF:cachos-insecure-web-interface(7835) Reference: URL:http://www.iss.net/security_center/static/7835.php Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. Analysis ---------------- ED_PRI CAN-2002-0107 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0111 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062213627501&w=2 Reference: BID:3861 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861 Reference: XF:dinos-webserver-directory-traversal(7853) Reference: URL:http://www.iss.net/security_center/static/7853.php Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. Analysis ---------------- ED_PRI CAN-2002-0111 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: email inquiry sent to andgjens@online.no (subject "Dino's FunSoft") on 3/11/2002, acknowledgement received on 3/12/2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0115 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Snort core dumped Reference: URL:http://online.securityfocus.com/archive/1/249340 Reference: BUGTRAQ:20020110 Re: Snort core dumped Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1 Reference: BID:3849 Reference: URL:http://online.securityfocus.com/bid/3849 Reference: XF:snort-icmp-dos(7874) Reference: URL:http://www.iss.net/security_center/static/7874.php Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. Analysis ---------------- ED_PRI CAN-2002-0115 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0123 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250242 Reference: BID:3874 Reference: URL:http://online.securityfocus.com/bid/3874 Reference: XF:ws4d-long-url-dos(7879) Reference: URL:http://www.iss.net/security_center/static/7879.php MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. Analysis ---------------- ED_PRI CAN-2002-0123 2 Vendor Acknowledgement: yes via-email ACKNOWLEDGEMENT: inquiry sent to support@mdg.com on 3/11/2002. Response received on 3/12/2002 states "This vulnerability was not in 3.5.3, but rather version 3.0 or earlier. It was from some time ago." So, it is not entirely clear whether the discloser correctly reported the version, or if the problem was re-introduced, or appears in a slightly different distribution. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0143 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local) Reference: URL:http://online.securityfocus.com/archive/1/250145 Reference: BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local) Reference: URL:http://online.securityfocus.com/archive/1/251597 Reference: BID:3868 Reference: URL:http://online.securityfocus.com/bid/3868 Reference: XF:eterm-home-bo(7896) Reference: URL:http://www.iss.net/security_center/static/7896.php Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable. Analysis ---------------- ED_PRI CAN-2002-0143 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0094 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems Reference: URL:http://www.securityfocus.com/archive/1/248000 Reference: MISC:http://bscw.gmd.de/WhatsNew.html Reference: BID:3776 Reference: URL:http://www.securityfocus.com/bid/3776 Reference: XF:bscw-remote-shell-execution(7774) Reference: URL:http://www.iss.net/security_center/static/7774.php config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion. Analysis ---------------- ED_PRI CAN-2002-0094 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: The entry dated December 21, 2001 on the vendor's "What's New" page states "The new release fixes a number of bugs and security issues," but this is too vague to be certain that the vendor has fixed *this* problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0095 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems Reference: URL:http://www.securityfocus.com/archive/1/248000 Reference: BID:3777 Reference: URL:http://www.securityfocus.com/bid/3777 Reference: XF:bscw-default-installation-registration(7775) Reference: URL:http://www.iss.net/security_center/static/7775.php The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed. Analysis ---------------- ED_PRI CAN-2002-0095 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: The entry dated December 21, 2001 on the vendor's "What's New" page states "The new release fixes a number of bugs and security issues," but this is too vague to be certain that the vendor has fixed *this* problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0099 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020105 Savant Webserver Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027722904078&w=2 Reference: NTBUGTRAQ:20020109 Savant Webserver Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823305479&w=2 Reference: BID:3788 Reference: URL:http://online.securityfocus.com/bid/3788 Reference: XF:savant-long-parameter-bo(7786) Reference: URL:http://www.iss.net/security_center/static/7786.php Buffer overflow in cgi-test.pl in Michael Lamont Savant Web Server 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP request. Analysis ---------------- ED_PRI CAN-2002-0099 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0100 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020106 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101038936305397&w=2 Reference: NTBUGTRAQ:20020109 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823205474&w=2 Reference: BID:3791 Reference: URL:http://online.securityfocus.com/bid/3791 Reference: XF:aolserver-protected-file-access(7825) Reference: URL:http://www.iss.net/security_center/static/7825.php AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentication and read password-protected files via a URL that directly references the file. Analysis ---------------- ED_PRI CAN-2002-0100 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0101 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0101 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020106 Internet Explorer Javascript Modeless Popup Local Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039104608083&w=2 Reference: BID:3789 Reference: URL:http://online.securityfocus.com/bid/3789 Reference: XF:ie-modeless-dialog-dos(7826) Reference: URL:http://www.iss.net/security_center/static/7826.php Microsoft Internet Explorer 6.0 and earlier allows local users to cause a denial of service via an infinite loop for modeless dialogs showModelessDialog, which causes CPU usage while the focus for the dialog is not released. Analysis ---------------- ED_PRI CAN-2002-0101 3 Vendor Acknowledgement: unknown Content Decisions: EX-CLIENT-DOS INCLUSION: CD:EX-CLIENT-DOS states that a client-side DoS that only affects the client should not be included in CVE. In this case, it was reported that the CPU consumption increases significantly, so the scope of the DoS is not limited to the client alone. In addition, if the dialog for the focus is not released, then the user may need to reboot to "fix" the client, and the scope of the attack is again beyond that of just IE. Therefore, this item should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0102 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0102 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf Reference: BID:3760 Reference: URL:http://online.securityfocus.com/bid/3760 Reference: BID:3762 Reference: URL:http://online.securityfocus.com/bid/3762 Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. Analysis ---------------- ED_PRI CAN-2002-0102 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: CD:SF-LOC and CD:SF-EXEC suggest merging problems of the same type in the same version, so the null character and . character problems are combined. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0103 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0103 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041510727937&w=2 Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache2.pdf Reference: BID:3761 Reference: URL:http://online.securityfocus.com/bid/3761 Reference: BID:3764 Reference: URL:http://online.securityfocus.com/bid/3764 An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml. Analysis ---------------- ED_PRI CAN-2002-0103 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0104 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0104 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020107 Aftpd core dump vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101041333323486&w=2 Reference: BID:3806 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3806 Reference: XF:aftpd-crash-core-dump(7832) Reference: URL:http://www.iss.net/security_center/static/7832.php AFTPD 5.4.4 allows remote attackers to gain sensitive information via a CD (CWD) ~ (tilde) command, which causes a core dump. Analysis ---------------- ED_PRI CAN-2002-0104 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0105 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0105 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 CDE bug in Unixware 7.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101060400802428&w=2 Reference: BID:3818 Reference: URL:http://www.securityfocus.com/bid/3818 Reference: XF:unixware-dtlogin-log-symlink(7864) Reference: URL:http://www.iss.net/security_center/static/7864.php CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable. Analysis ---------------- ED_PRI CAN-2002-0105 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0106 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 KPMG-2002003: Bea Weblogic DOS-device Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101050440629269&w=2 Reference: BID:3816 Reference: URL:http://www.securityfocus.com/bid/3816 Reference: XF:weblogic-dos-jsp-dos(7808) Reference: URL:http://www.iss.net/security_center/static/7808.php BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. Analysis ---------------- ED_PRI CAN-2002-0106 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0108 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 Allaire Forums Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/249026 Reference: BID:3827 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3827 Reference: XF:allaire-forums-message-spoofing(7841) Reference: URL:http://www.iss.net/security_center/static/7841.php Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. Analysis ---------------- ED_PRI CAN-2002-0108 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0109 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020106 Linksys 'routers', SNMP issues Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101039288111680&w=2 Reference: BID:3795 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3795 Reference: BID:3797 Reference: URL:http://online.securityfocus.com/bid/3797 Reference: XF:linksys-etherfast-default-snmp(7827) Reference: URL:http://www.iss.net/security_center/static/7827.php Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. Analysis ---------------- ED_PRI CAN-2002-0109 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0110 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0110 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020109 MiraMail 1.04 can give POP account access and details Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101063476715154&w=2 Reference: BID:3843 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3843 Reference: XF:miramail-plaintext-auth-info(7855) Reference: URL:http://www.iss.net/security_center/static/7855.php Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file. Analysis ---------------- ED_PRI CAN-2002-0110 3 Vendor Acknowledgement: yes via-email Content Decisions: DESIGN-NO-ENCRYPTION ACKNOWLEDGEMENT: inquiry sent to support@nevrona.com on 3/11/2002. On 3/12/2002, tech@nevrona.com replied "The latest release, 1.05, is now available which encypts all sensitive data in the configuration files... Regardless of the low security risk, Nevrona Designs has taken this seriously and has changed the software to encrypt password information in the 1.05 release." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0112 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062172226812&w=2 Reference: NTBUGTRAQ:20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101062823505486&w=2 Reference: BUGTRAQ:20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution) Reference: URL:http://online.securityfocus.com/archive/1/249734 Reference: BID:3838 Reference: URL:http://online.securityfocus.com/bid/3838 Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL. Analysis ---------------- ED_PRI CAN-2002-0112 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0113 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Legato Vulnerable Reference: URL:http://online.securityfocus.com/archive/1/249420 Reference: BID:3840 Reference: URL:http://online.securityfocus.com/bid/3840 Reference: XF:legato-nsrd-log-permissions(7897) Reference: URL:http://www.iss.net/security_center/static/7897.php Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. Analysis ---------------- ED_PRI CAN-2002-0113 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests creating separate items for problems of different types. There are 2 different issues identified in the post: lack of encryption of a password, and weak permissions. Addressing one problem doesn't fix the other. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0114 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0114 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Legato Vulnerable Reference: URL:http://online.securityfocus.com/archive/1/249420 Reference: BID:3842 Reference: URL:http://online.securityfocus.com/bid/3842 Reference: XF:legato-nsrd-log-plaintext(7898) Reference: URL:http://www.iss.net/security_center/static/7898.php Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. Analysis ---------------- ED_PRI CAN-2002-0114 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC, DESIGN-NO-ENCRYPTION ABSTRACTION: CD:SF-LOC suggests creating separate items for problems of different types. There are 2 different issues identified in the post: lack of encryption of a password, and weak permissions. Addressing one problem doesn't fix the other. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0116 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Handspring Visor D.O.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101069677929208&w=2 Reference: BUGTRAQ:20020110 Re: Handspring Visor D.O.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101070523119956&w=2 Reference: BID:3847 Reference: URL:http://online.securityfocus.com/bid/3847 Reference: XF:palmos-nmap-dos(7865) Reference: URL:http://www.iss.net/security_center/static/7865.php Palm OS 3.5h and possibly other versions, as used in Handspring Visor and Xircom products, allows remote attackers to cause a denial of service via a TCP connect scan, e.g. from nmap. Analysis ---------------- ED_PRI CAN-2002-0116 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0117 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Reference: URL:http://online.securityfocus.com/archive/1/249031 Reference: BID:3828 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828 Reference: XF:yabb-encoded-css(7840) Reference: URL:http://www.iss.net/security_center/static/7840.php Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0117 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0118 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Reference: URL:http://online.securityfocus.com/archive/1/249031 Reference: BID:3829 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3829 Reference: XF:ultimatebb-encoded-css(7838) Reference: URL:http://www.iss.net/security_center/static/7838.php Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Analysis ---------------- ED_PRI CAN-2002-0118 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0119 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020111 Bug in alcatel speed touch home adsl modem Reference: URL:http://online.securityfocus.com/archive/1/249746 Reference: BID:3851 Reference: URL:http://online.securityfocus.com/bid/3851 Reference: XF:alcatel-speedtouch-nmap-dos(7893) Reference: URL:http://www.iss.net/security_center/static/7893.php Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection. Analysis ---------------- ED_PRI CAN-2002-0119 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0120 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X Reference: URL:http://online.securityfocus.com/archive/1/250093 Reference: BID:3863 Reference: URL:http://online.securityfocus.com/bid/3863 Reference: XF:palm-macos-backup-permissions(7937) Reference: URL:http://www.iss.net/security_center/static/7937.php Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information. Analysis ---------------- ED_PRI CAN-2002-0120 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0121 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020113 PHP 4.x session spoofing Reference: URL:http://online.securityfocus.com/archive/1/250196 Reference: BID:3873 Reference: URL:http://online.securityfocus.com/bid/3873 Reference: php-session-temp-disclosure(7908) Reference: URL:http://www.iss.net/security_center/static/7908.php PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. Analysis ---------------- ED_PRI CAN-2002-0121 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0122 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Siemens Mobie SMS Exceptional Character Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250115 Reference: BID:3870 Reference: URL:http://online.securityfocus.com/bid/3870 Reference: XF:siemens-invalid-sms-dos(7902) Reference: URL:http://www.iss.net/security_center/static/7902.php Siemens 3568i WAP mobile phones allows remote attackers to cause a denial of service (crash) via an SMS message containing unusual characters. Analysis ---------------- ED_PRI CAN-2002-0122 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0124 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250231 Reference: BID:3872 Reference: URL:http://online.securityfocus.com/bid/3872 Reference: XF:ws4d-dot-directory-traversal(7878) Reference: URL:http://www.iss.net/security_center/static/7878.php MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. Analysis ---------------- ED_PRI CAN-2002-0124 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: inquiry sent to support@mdg.com on 3/11/2002. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0125 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0125 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Clanlib overflow / Super Methane Brothers overflow Reference: URL:http://online.securityfocus.com/archive/1/250414 Reference: BID:3877 Reference: URL:http://online.securityfocus.com/bid/3877 Reference: XF:clanlib-long-env-bo(7905) Reference: URL:http://www.iss.net/security_center/static/7905.php Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. Analysis ---------------- ED_PRI CAN-2002-0125 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0126 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020115 BlackMoon FTPd Buffer Overflow Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250543 Reference: BID:3884 Reference: URL:http://online.securityfocus.com/bid/3884 Reference: MISC:http://members.rogers.com/blackmoon2k/pages/news_page.html Reference: XF:blackmoon-ftpd-static-bo(7895) Reference: URL:http://www.iss.net/security_center/static/7895.php Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote attackers to execute arbitrary code via a long argument to (1) USER, (2) PASS, or (3) CWD. Analysis ---------------- ED_PRI CAN-2002-0126 3 Vendor Acknowledgement: unknown vague Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor news page includes an item dated Tuesday January 15th 2002, highlighted in red, which states "This fix is highly recommended if you are actively using any of the previous versions." This is the only item in red on the page, and it does line up closely with the release date of the Bugtraq post. However, it is not clear whether the person being credited for the problem is affiliated with the poster, and with the lack of details, it is uncertain whether the vendor is truly acknowledging this issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0127 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020115 Vulnerability Netgear RP-114 Router - nmap causes DOS Reference: URL:http://online.securityfocus.com/archive/1/250405 Reference: BID:3876 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3876 Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. Analysis ---------------- ED_PRI CAN-2002-0127 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0129 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: VULN-DEV:20020116 efax Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101114350330912&w=2 Reference: BUGTRAQ:20020116 Re: efax Reference: URL:http://online.securityfocus.com/archive/1/250837 Reference: BID:3895 Reference: URL:http://online.securityfocus.com/bid/3895 Reference: XF:efax-d-read-files(7921) Reference: URL:http://www.iss.net/security_center/static/7921.php efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. Analysis ---------------- ED_PRI CAN-2002-0129 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0130 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020116 Re: efax Reference: URL:http://online.securityfocus.com/archive/1/250799 Reference: VULN-DEV:20020117 Re: efax - Exploitation info Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101133782204289&w=2 Reference: BID:3894 Reference: URL:http://online.securityfocus.com/bid/3894 Reference: XF:efax-x-bo(7920) Reference: URL:http://www.iss.net/security_center/static/7920.php Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument. Analysis ---------------- ED_PRI CAN-2002-0130 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0131 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: Reference: BUGTRAQ:20020115 Serious privacy leak in Python for Windows Reference: URL:http://marc.theaimsgroup.com/?t=101113015900001&r=1&w=2 Reference: BID:3893 Reference: URL:http://online.securityfocus.com/bid/3893 Reference: XF:activepython-activex-read-files(7910) Reference: URL:http://www.iss.net/security_center/static/7910.php ActivePython ActiveX control for Python, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script. Analysis ---------------- ED_PRI CAN-2002-0131 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0132 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020116 Chinput Buffer Overflow Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250815 Reference: BID:3896 Reference: URL:http://online.securityfocus.com/bid/3896 Reference: XF:chinput-long-env-bo(7911) Reference: URL:http://www.iss.net/security_center/static/7911.php Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable. Analysis ---------------- ED_PRI CAN-2002-0132 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0133 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0133 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020117 Avirt Proxy Buffer Overflow Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/251055 Reference: BUGTRAQ:20020121 [resend] Avirt Gateway Telnet Vulnerability (and more?) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828092&w=2 Reference: BUGTRAQ:20020220 Avirt 4.2 question Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2 Reference: BUGTRAQ:20020212 Avirt Gateway 4.2 remote buffer overflow: proof of concept Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366658112809&w=2 Reference: BID:3904 Reference: URL:http://online.securityfocus.com/bid/3904 Reference: BID:3905 Reference: URL:http://online.securityfocus.com/bid/3905 Reference: XF:avirt-http-proxy-bo(7916) Reference: URL:http://www.iss.net/security_center/static/7916.php Reference: XF:avirt-telnet-proxy-bo(7918) Reference: URL:http://www.iss.net/security_center/static/7918.php Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy. Analysis ---------------- ED_PRI CAN-2002-0133 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: CD-SF-EXEC suggests merging problems of the same type that appear in different executables of the same package and version. Both the HTTP proxy and telnet proxy are in the same package (Gateway Suite) and version (4.2), so they are combined. CD:SF-LOC suggests splitting problems of different types, so the "dos prompt" problem is given a separate identifier from the "proxy overflow" problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0134 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0134 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020117 Avirt Gateway Suite Remote SYSTEM Level Compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101131669102843&w=2 Reference: BUGTRAQ:20020220 Avirt 4.2 question Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101424723728817&w=2 Reference: BID:3901 Reference: URL:http://online.securityfocus.com/bid/3901 Reference: XF:avirt-gateway-telnet-access(7915) Reference: URL:http://www.iss.net/security_center/static/7915.php Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. Analysis ---------------- ED_PRI CAN-2002-0134 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC CD:SF-LOC suggests splitting problems of different types, so the "dos prompt" problem is given a separate identifier from the "proxy overflow" problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0135 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020118 Timbuktu 6.0.1 and Older DoS Advisory Reference: URL:http://online.securityfocus.com/archive/1/251582 Reference: BID:3918 Reference: URL:http://online.securityfocus.com/bid/3918 Reference: XF:timbuktu-multiple-conn-dos(7935) Reference: URL:http://www.iss.net/security_center/static/7935.php Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420). Analysis ---------------- ED_PRI CAN-2002-0135 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0136 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020115 IE FORM DOS Reference: URL:http://online.securityfocus.com/archive/1/250592 Reference: BID:3892 Reference: URL:http://online.securityfocus.com/bid/3892 Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. Analysis ---------------- ED_PRI CAN-2002-0136 3 Vendor Acknowledgement: unknown Content Decisions: EX-CLIENT-DOS INCLUSION: CD:EX-CLIENT-DOS states that if a client-side DoS that can be fixed by restarting an application, and the scope is limited to the client only, that the problem should be excluded from CVE. However, in this case, it has been reported that the DoS can extend to the operating system itself, including a system halt. This also appears to work in Netscape, to some extent. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0137 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020112 cdrdao insecure filehandling Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2 Reference: BID:3865 Reference: URL:http://online.securityfocus.com/bid/3865 CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. Analysis ---------------- ED_PRI CAN-2002-0137 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0138 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020112 cdrdao insecure filehandling Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101102759631000&w=2 Reference: BUGTRAQ:20020115 Re: cdrdao insecure filehandling Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101111688819855&w=2 CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. Analysis ---------------- ED_PRI CAN-2002-0138 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0140 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020120 dnrd 2.10 dos Reference: URL:http://online.securityfocus.com/archive/1/251619 Reference: BID:3928 Reference: URL:http://online.securityfocus.com/bid/3928 Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions. Analysis ---------------- ED_PRI CAN-2002-0140 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0141 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020120 Maelstrom 1.4.3 abartity file overwrite Reference: URL:http://online.securityfocus.com/archive/1/251419 Reference: BID:3911 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3911 Reference: XF:maelstrom-tmp-symlink(7939) Reference: URL:http://www.iss.net/security_center/static/7939.php Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file. Analysis ---------------- ED_PRI CAN-2002-0141 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0142 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/250126 Reference: BUGTRAQ:20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101164598828093&w=2 Reference: NTBUGTRAQ:20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101102275316307&w=2 Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753 Reference: BID:3866 Reference: URL:http://online.securityfocus.com/bid/3866 Reference: XF:pi3web-long-parameter-bo(7880) Reference: URL:http://www.iss.net/security_center/static/7880.php CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. Analysis ---------------- ED_PRI CAN-2002-0142 3 Vendor Acknowledgement: yes patch Content Decisions: EX-BETA INCLUSION: CD:EX-BETA suggests that problems in beta software should be excluded from CVE unless the software has reached wide distribution, or if the software is in "permanent" beta. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0144 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020121 security vulnerability in chuid Reference: URL:http://online.securityfocus.com/archive/1/251763 Reference: BID:3937 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3937 Reference: XF:chuid-unauthorized-ownership-change(7976) Reference: URL:http://www.iss.net/security_center/static/7976.php Directory traversal vulnerability in chuid 1.2 and earlier allows remote attackers to change the ownership of files outside of the upload directory via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2002-0144 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests separating between different types of problems. The Bugtraq poster (who is also the vendor) states that there are 2 bugs, and the first is a .. problem, implying that the 2nd bug is *not* a .. problem. Thus the 2 issues should be separated. (A look at the source code further clarifies this distinction.) Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0145 Final-Decision: Interim-Decision: Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020121 security vulnerability in chuid Reference: URL:http://online.securityfocus.com/archive/1/251763 Reference: BID:3937 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3937 chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. Analysis ---------------- ED_PRI CAN-2002-0145 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests separating between different types of problems. The Bugtraq poster (who is also the vendor) states that there are 2 bugs, and the first is a .. problem, implying that the 2nd bug is *not* a .. problem. Thus the 2 issues should be separated. (A look at the source code further clarifies this distinction.) Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
