[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PROPOSAL] Cluster RECENT-84 - 40 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster RECENT-84 - 40 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Fri, 15 Mar 2002 01:22:02 -0500 (EST)
Delivery-Date: Fri Mar 15 01:22:07 2002
Sender: owner-cve-editorial-board-list@lists.mitre.org
I am proposing cluster RECENT-84 for review and voting by the
Editorial Board.

Name: RECENT-84
Description: Reserved candidates announced between 1/30/2002 and 3/11/2002
Size: 40

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-001.asp

In Microsoft Windows NT and Windows 2000, a trusting domain that
receives authorization information from a trusted domain does not
verify that the trusted domain is authoritative for all listed SIDs,
which could allows remote attackers to gain Domain Administrator
privileges on the trusting domain by injecting SIDs from untrusted
domains into the authorization data that comes from from the trusted
domain.

Analysis
----------------
ED_PRI CAN-2002-0018 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0020
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0020
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-004.asp
Reference: BID:4061
Reference: URL:http://www.securityfocus.com/bid/4061
Reference: XF:ms-telnet-option-bo(8094)
Reference: URL:http://www.iss.net/security_center/static/8094.php

Buffer overflow in telnet server in Windows 2000 and Interix 2.2
allows remote attackers to execute arbitrary code via malformed
protocol options.

Analysis
----------------
ED_PRI CAN-2002-0020 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0021
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0021
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-002.asp

Network Product Identification (PID) Checker in Microsoft Office v. X
for Mac allows remote attackers to cause a denial of service (crash)
via a malformed product announcement.

Analysis
----------------
ED_PRI CAN-2002-0021 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0022
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0022
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: CERT:CA-2002-04
Reference: URL:http://www.cert.org/advisories/CA-2002-04.html
Reference: XF:ie-html-directive-bo(8116)
Reference: URL:http://www.iss.net/security_center/static/8116.php

Buffer overflow in the implementation of an HTML directive in
mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to
execute arbitrary code via a web page that specifies embedded ActiveX
controls in a way that causes 2 Unicode strings to be concatenated.

Analysis
----------------
ED_PRI CAN-2002-0022 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0023
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0023
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: BUGTRAQ:20020101 IE GetObject() problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:3767
Reference: URL:http://www.securityfocus.com/bid/3767

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read
arbitrary files via malformed requests to the GetObject function,
which bypass some of GetObject's security checks.

Analysis
----------------
ED_PRI CAN-2002-0023 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an
attacker to use the Content-Disposition and Content-Type HTML header
fields to modify how the name of the file is displayed, which could
trick a user into believing that a file is safe to download.

Analysis
----------------
ED_PRI CAN-2002-0024 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0025
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0025
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the
Content-Type HTML header field, which allows remote attackers to
modify which application is used to process a document.

Analysis
----------------
ED_PRI CAN-2002-0025 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass
restrictions for executing scripts via an object that processes
asynchronous events after the initial security checks have been made.

Analysis
----------------
ED_PRI CAN-2002-0026 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020114
Category: SF
Reference: BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
Reference: URL:http://www.securityfocus.com/archive/1/246522
Reference: MS:MS02-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp
Reference: BID:3721
Reference: URL:http://www.securityfocus.com/bid/3721

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain
files and spoof the URL in the address bar by using the Document.open
function to pass information between two frames from different
domains, a new variant of the "Frame Domain Verification"
vulnerability described in MS:MS01-058/CAN-2001-0874.

Analysis
----------------
ED_PRI CAN-2002-0027 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0049
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0049
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: CF
Reference: MS:MS02-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-003.asp
Reference: BID:4053
Reference: URL:http://www.securityfocus.com/bid/4053

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group
privileges to the WinReg key, which could allow remote attackers to
read or modify registry keys.

Analysis
----------------
ED_PRI CAN-2002-0049 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0050
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0050
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MS:MS02-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-010.asp
Reference: BID:4157
Reference: URL:http://online.securityfocus.com/bid/4157

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce
Server 2000 allows remote attackers to execute arbitrary code via long
authentication data.

Analysis
----------------
ED_PRI CAN-2002-0050 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0052
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0052
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MS:MS02-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-009.asp
Reference: BID:4158
Reference: URL:http://online.securityfocus.com/bid/4158

Internet Explorer 6.0 and earlier does not properly handle VBScript in
certain domain security checks, which allows remote attackers to read
arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-0052 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0054
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0054
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MS:MS02-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-011.asp

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail
Connector (IMC) in Exchange Server 5.5 does not properly handle
responses to NTLM authentication, which allows remote attackers to
perform mail relaying via the server.

Analysis
----------------
ED_PRI CAN-2002-0054 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0055
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0055
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101558498401274&w=2
Reference: MS:MS02-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-012.asp

SMTP service in Microsoft Windows 2000, Windows XP Professional, and
Exchange 2000 to cause a denial of service via a command with a
malformed data transfer (BDAT) request.

Analysis
----------------
ED_PRI CAN-2002-0055 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020207
Category: SF
Reference: BUGTRAQ:20020311 security problem fixed in zlib 1.1.4
Reference: CERT:CA-2002-07
Reference: DEBIAN:DSA-122
Reference: BUGTRAQ:20020212 exploiting the zlib bug in openssh
Reference: VULNWATCH:20020212 exploiting the zlib bug in openssh
Reference: VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: REDHAT:RHSA-2002:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-027.html
Reference: SUSE:SuSE-SA:2002:010
Reference: SUSE:SuSE-SA:2002:011
Reference: ENGARDE:ESA-20020311-008
Reference: MANDRAKE:MDKSA-2002:022
Reference: MANDRAKE:MDKSA-2002:023
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Reference: BUGTRAQ:20020314 about zlib vulnerability
Reference: BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected
Reference: CERT-VN:VU#368819
Reference: URL:http://www.kb.cert.org/vuls/id/368819
Reference: BID:4267
Reference: URL:http://online.securityfocus.com/bid/4267

The decompression algorithm in zlib 1.1.3 and earlier, as used in many
different utilities and packages, causes inflateEnd to release certain
memory more than once (a "double free"), which may allow local and
remote attackers to execute arbitrary code via a block of malformed
compression data.

Analysis
----------------
ED_PRI CAN-2002-0059 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020213
Category: SF
Reference: BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483396412051&w=2
Reference: VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101486352429653&w=2
Reference: CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
Reference: REDHAT:RHSA-2002:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-028.html

IRC connection tracking helper module in the netfilter subsystem for
Linux 2.4.18-pre9 and earlier does not properly set the mask for
conntrack expectations for incoming DCC connections, which could allow
remote attackers to bypass intended firewall restrictions.

Analysis
----------------
ED_PRI CAN-2002-0060 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020213
Category: SF
Reference: REDHAT:RHSA-2002:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html
Reference: DEBIAN:DSA-113
Reference: URL:http://www.debian.org/security/2002/dsa-113

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package
which is based on it, allows local users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0062 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020217
Category: SF
Reference: CONFIRM:http://www.cups.org/relnotes.html
Reference: DEBIAN:DSA-110
Reference: URL:http://www.debian.org/security/2002/dsa-110
Reference: MANDRAKE:MDKSA-2002:015
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow
attackers to execute arbitrary code via long attribute names or
language values.

Analysis
----------------
ED_PRI CAN-2002-0063 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0067
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0067
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html

Squid 2.4 STABLE2 and earlier does not properly disable HTCP, even
when "htcp_port 0" is specified in squid.conf, which could allow
remote attackers to bypass intended access restrictions.

Analysis
----------------
ED_PRI CAN-2002-0067 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0068
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0068
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a
denial of service (core dump) and possible execute arbitrary code with
a malformed ftp:// URL.

Analysis
----------------
ED_PRI CAN-2002-0068 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0069
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0069
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020219
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: REDHAT:REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html

Memory leak in SNMP in Squid STABLE2 and earlier allows remote
attackers to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2002-0069 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0070
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0070
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020221
Category: SF
Reference: VULNWATCH:20020311 [VulnWatch] ADVISORY: Windows Shell Overflow
Reference: NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404
Reference: MS:MS02-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-014.asp

Buffer overflow in Windows Shell (used as the Windows Desktop) allows
local and possibly remote attackers to execute arbitrary code via a
custom URL handler that has not been removed for an application that
has been improperly uninstalled.

Analysis
----------------
ED_PRI CAN-2002-0070 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0080
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020221
Category: SF
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: MANDRAKE:MDKSA-2002:024
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3

rsync does not properly call setgroups before dropping privileges,
which could provide supplemental group privileges to local users, who
could then read certain files that would otherwise be disallowed.

Analysis
----------------
ED_PRI CAN-2002-0080 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0081
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020227
Category: SF
Reference: VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101468694824998&w=2
Reference: BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484705523351&w=2
Reference: NTBUGTRAQ:20020227 PHP remote vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101484975231922&w=2
Reference: CONFIRM:http://www.php.net/downloads.php
Reference: MISC:http://security.e-matters.de/advisories/012002.html
Reference: REDHAT:RHSA-2002:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html
Reference: DEBIAN:DSA-115
Reference: URL:http://www.debian.org/security/2002/dsa-115
Reference: CERT:CA-2002-05
Reference: URL:http://www.cert.org/advisories/CA-2002-05.html
Reference: CERT-VN:VU#297363
Reference: URL:http://www.kb.cert.org/vuls/id/297363
Reference: ENGARDE:ESA-20020301-006
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1924.html
Reference: HP:HPSBTL0203-028
Reference: URL:http://online.securityfocus.com/advisories/3911
Reference: CONECTIVA:CLA-2002:468
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
Reference: XF:php-file-upload-overflow(8281)
Reference: URL:http://www.iss.net/security_center/static/8281.php
Reference: BID:4183
Reference: URL:http://www.securityfocus.com/bid/4183

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6
and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote
attackers to execute arbitrary code via a multipart/form-data HTTP
POST request when file_uploads is enabled.

Analysis
----------------
ED_PRI CAN-2002-0081 1
Vendor Acknowledgement: yes advisory

ABSTRACTION: there is mixed overlap between these different versions,
in terms of the fixes provided.  One could argue that these are
different bugs in different versions, thus CD:SF-LOC would state that
these should be separated.  However, as of this writing there is a
need to make some candidate publicly available despite the lack of
full, clear details.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0082
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020301
Category: SF
Reference: BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available)
Reference: URL:http://online.securityfocus.com/archive/1/258646
Reference: BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101518491916936&w=2
Reference: BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101528358424306&w=2
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-01#security
Reference: BUGTRAQ:20020228 TSLSA-2002-0034 - apache
Reference: ENGARDE:ESA-20020301-005
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1923.html
Reference: CONECTIVA:CLA-2002:465
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
Reference: REDHAT:RHSA-2002:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-041.html
Reference: MANDRAKE:MDKSA-2002:020
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
Reference: REDHAT:RHSA-2002:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-042.html
Reference: BID:4189
Reference: URL:http://online.securityfocus.com/bid/4189
Reference: XF:apache-modssl-bo(8308)
Reference: URL:http://www.iss.net/security_center/static/8308.php

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and
Apache-SSL before 1.3.22+1.46, does not properly initialize memory
using the i2d_SSL_SESSION function, which allows remote attackers to
use a buffer overflow to execute arbitrary code via a large client
certificate that is signed by a trusted Certificate Authority (CA),
which produces a large serialized session.

Analysis
----------------
ED_PRI CAN-2002-0082 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0083
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
Reference: BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2
Reference: BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2
Reference: BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2
Reference: CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt
Reference: ENGARDE:ESA-20020307-007
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1937.html
Reference: SUSE:SuSE-SA:2002:009
Reference: URL:http://www.suse.de/de/support/security/2002_009_openssh_txt.html
Reference: CONECTIVA:CLA-2002:467
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Reference: DEBIAN:DSA-119
Reference: URL:http://www.debian.org/security/2002/dsa-119
Reference: REDHAT:RHSA-2002:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-043.html
Reference: CALDERA:CSSA-2002-SCO.11

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2
allows local users or remote malicious servers to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0083 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0092
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0092
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020308
Category: SF
Reference: VULN-DEV:20020220 Help needed with bufferoverflow in cvs
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101422243817321&w=2
Reference: VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101433077724524&w=2
Reference: DEBIAN:DSA-117
Reference: URL:http://www.debian.org/security/2002/dsa-117
Reference: REDHAT:RHSA-2002-026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html

CVS before 1.10.8 does not properly initialize a global variable,
which allows remote attackers to cause a denial of service (server
crash) via the diff capability.

Analysis
----------------
ED_PRI CAN-2002-0092 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0012
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020110
Category: SF
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: CERT:CA-2002-03
Reference: URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: ISS:20020212 PROTOS Remote SNMP Attack Tool
Reference: URL:http://www.iss.net/security_center/alerts/advise110.php
Reference: CERT-VN:VU#107186
Reference: URL:http://www.kb.cert.org/vuls/id/107186
Reference: REDHAT:RHSA-2001:163
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-163.html
Reference: CALDERA:CSSA-2002-SCO.4
Reference: SGI:20020201-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
Reference: MS:MS02-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp

Vulnerabilities in a large number of SNMP implementations allow
remote attackers to cause a denial of service or gain privileges via
SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test
suite.  NOTE: It is highly likely that this candidate will be SPLIT
into multiple candidates, one or more for each vendor.  This and other
SNMP-related candidates will be updated when more accurate information
is available.

Analysis
----------------
ED_PRI CAN-2002-0012 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0013
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020110
Category: SF
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: CERT:CA-2002-03
Reference: URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: ISS:20020212 PROTOS Remote SNMP Attack Tool
Reference: URL:http://www.iss.net/security_center/alerts/advise110.php
Reference: CERT-VN:VU#854306
Reference: URL:http://www.kb.cert.org/vuls/id/854306
Reference: REDHAT:RHSA-2001:163
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-163.html
Reference: CALDERA:CSSA-2002-SCO.4
Reference: SGI:20020201-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A
Reference: MS:MS02-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp

Vulnerabilities in the SNMPv1 request handling of a large number of
SNMP implementations allow remote attackers to cause a denial of
service or gain privileges via (1) GetRequest, (2) GetNextRequest, and
(3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test
suite.  NOTE: It is highly likely that this candidate will be SPLIT
into multiple candidates, one or more for each vendor.  This and other
SNMP-related candidates will be updated when more accurate information
is available.

Analysis
----------------
ED_PRI CAN-2002-0013 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0053
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0053
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012
Reference: MISC:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013
Reference: MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
Reference: MS:MS02-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-006.asp
Reference: CERT:CA-2002-03
Reference: URL:http://www.cert.org/advisories/CA-2002-03.html
Reference: CERT-VN:VU#854306
Reference: URL:http://www.kb.cert.org/vuls/id/854306
Reference: CERT-VN:VU#107186
Reference: URL:http://www.kb.cert.org/vuls/id/107186

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows
NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause
a denial of service or execute arbitrary code via a malformed
management request.  NOTE: this candidate may be split or merged with
other candidates.  This and other PROTOS-related candidates,
especially CAN-2002-0012 and CAN-2002-0013, will be updated when more
accurate information is available.

Analysis
----------------
ED_PRI CAN-2002-0053 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0056
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: MS:MS02-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-007.asp
Reference: BUGTRAQ:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101422555428036&w=2
Reference: VULN-DEV:20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101413924631329&w=2

Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to
execute arbitrary code via a long OLE DB provider name to (1)
OpenDataSource or (2) OpenRowset in an ad hoc connection.

Analysis
----------------
ED_PRI CAN-2002-0056 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020202
Category: SF
Reference: BUGTRAQ:20020305 Java HTTP proxy vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101534535304228&w=2
Reference: SUN:00216
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216
Reference: MS:MS02-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp

Vulnerability in Java Runtime Environment (JRE) allows remote
malicious web sites to hijack or sniff a web client's sessions, when
an HTTP proxy is being used, via a Java applet that redirects the
session to another server, as seen in (1) Netscape 6.0 through 6.1 and
4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in
Internet Explorer 4.x and 5.x, and possibly other implementations that
use vulnerable versions of SDK or JDK.

Analysis
----------------
ED_PRI CAN-2002-0058 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

ABSTRACTION: CD:SF-CODEBASE states that problems that stem from an
issue in the same codebase should be MERGED.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0084
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0084
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4198.asp

Buffer overflow in cachefsd in Solaris 2.6, 7, and 8 alows local users
to gain root privileges via a long mount argument.

Analysis
----------------
ED_PRI CAN-2002-0084 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of different types, in the
same executable, should be SPLIT.  The buffer overflow and DoS
problems are therefore SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0085
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0085
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4197.asp

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a
denial of service (crash) via an invalid procedure call in an RPC
request.

Analysis
----------------
ED_PRI CAN-2002-0085 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of different types, in the
same executable, should be SPLIT.  The buffer overflow and DoS
problems are therefore SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0086
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0086
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4126.asp
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4124.asp

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux
allows local users to gain root privileges via a long (1)
Notes_ExecDirectory or (2) PATH environment variable.

Analysis
----------------
ED_PRI CAN-2002-0086 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of the same type, in the
same version of a single executable, should be MERGED; problems of
different types should be SPLIT.  Thus the 2 overflows should be
MERGED, but they should be SPLIT from the file creation problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0087
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0087
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4125.asp

bindsock in Lotus Domino 5.07 on Solaris allows local users to create
arbitrary files via a symlink attack on temporary files.

Analysis
----------------
ED_PRI CAN-2002-0087 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of the same type, in the
same version of a single executable, should be MERGED; problems of
different types should be SPLIT.  Thus the 2 overflows should be
MERGED, but they should be SPLIT from the file creation problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0088
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0088
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO4123.asp

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local
users to gain root privileges via a long media installation path.

Analysis
----------------
ED_PRI CAN-2002-0088 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of the same type in the
same executable should be SPLIT if they appear in different versions.
The -d and PRODVERS overflows appear in Solaris 2.5 (and others),
whereas the long media path does NOT appear in Solaris 2.5.
Therefore, the long media path overflow should be SPLIT from the
-d/PRODVERS overflow.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0089
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0089
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO2397.asp

Buffer overflow in admintool in Solaris 2.5 through 8 allows local
users to gain root privileges via long arguments to (1) the -d command
line option, or (2) the PRODVERS argument in the .cdtoc file.

Analysis
----------------
ED_PRI CAN-2002-0089 3
Vendor Acknowledgement: yes patch
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC states that problems of the same type in the
same executable should be SPLIT if they appear in different versions.
The -d and PRODVERS overflows appear in Solaris 2.5 (and others),
whereas the long media path does NOT appear in Solaris 2.5.
Therefore, the long media path overflow should be SPLIT from the
-d/PRODVERS overflow.

CD:SF-LOC also states that problems of the same type, in the same
version, should be MERGED.  Therefore, the -d and PRODVERS overflows
should be in the same CVE item.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0090
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp

Buffer overflow in lbxproxy in Solaris 8 allows local users to execute
arbitrary code via a long display command line option.

Analysis
----------------
ED_PRI CAN-2002-0090 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0091
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0091
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020315
Assigned: 20020306
Category: SF
Reference: MISC:http://www.esecurityonline.com/advisories/eSO2408.asp

Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote
attackers to execute arbitrary commands via certain form fields.

Analysis
----------------
ED_PRI CAN-2002-0091 3
Vendor Acknowledgement: yes advisory/yes followup/yes changelog/yes/unknown discloser-claimed/unknown vague/unknown/no disputed/no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster RECENT-83 - 52 candidates
Next by Date: [BOARD] Mark Cox has joined the Editorial Board
Prev by thread: [PROPOSAL] Cluster RECENT-83 - 52 candidates
Next by thread: [BOARD] Mark Cox has joined the Editorial Board
Index(es):
- Date
- Thread