|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-86 - 53 candidates
I am proposing cluster RECENT-86 for review and voting by the Editorial Board. Name: RECENT-86 Description: Candidates announced between 2/6/2002 and 2/18/2002 Size: 53 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0241 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0241 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml Reference: XF:ciscosecure-nds-authentication(8106) Reference: URL:http://www.iss.net/security_center/static/8106.php Reference: BID:4048 Reference: URL:http://www.securityfocus.com/bid/4048 NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. Analysis ---------------- ED_PRI CAN-2002-0241 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0246 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code Reference: URL:http://online.securityfocus.com/archive/1/255414 Reference: CALDERA:CSSA-2002-SCO.3 Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt Reference: BID:4060 Reference: URL:http://online.securityfocus.com/bid/4060 Reference: XF:unixware-msg-catalog-format-string(8113) Reference: URL:http://www.iss.net/security_center/static/8113.php Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. Analysis ---------------- ED_PRI CAN-2002-0246 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0250 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0250 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2 Reference: HP:HPSBUX0202-185 Reference: URL:http://online.securityfocus.com/advisories/3870 Reference: BID:4062 Reference: URL:http://www.securityfocus.com/bid/4062 Reference: XF:hp-advancestack-bypass-auth(8124) Reference: URL:http://www.iss.net/security_center/static/8124.php Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. Analysis ---------------- ED_PRI CAN-2002-0250 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0265 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020211 Vulnerability in Sawmill for Solaris v. 6.2.14 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346206921270&w=2 Reference: CONFIRM:http://www.sawmill.net/version_history.html Reference: BID:4077 Reference: URL:http://www.securityfocus.com/bid/4077 Reference: XF:sawmill-admin-password-insecure(8173) Reference: URL:http://www.iss.net/security_center/static/8173.php Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. Analysis ---------------- ED_PRI CAN-2002-0265 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: in the release notes, in the section titled "Version 6.2.15, shipped February 10, 2002," the vendor states: "Fixed a security flaw in which the AdminPassword file was created with incorrect permissions (666 instead of 600)" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0267 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363233905645&w=2 Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html Reference: BID:4097 Reference: URL:http://online.securityfocus.com/bid/4097 preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. Analysis ---------------- ED_PRI CAN-2002-0267 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0274 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0274 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362618118598&w=2 Reference: CONFIRM:http://www.exim.org/pipermail/exim-announce/2002q1/000053.html Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments. Analysis ---------------- ED_PRI CAN-2002-0274 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: A post to the Exim-announce mailing list on February 19th refers to problems "raised by the bugtraq posting last week." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0276 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101370874219511&w=2 Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history Reference: BID:4104 Reference: URL:http://online.securityfocus.com/bid/4104 Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets. Analysis ---------------- ED_PRI CAN-2002-0276 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the entry for version 0.6.4 in the vendor's history file states "Fixed the possibility of remote exploitation on interface with MTU > 1500" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0287 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2 Reference: CONFIRM:http://www.powie.de/news/index.php Reference: BID:4114 Reference: URL:http://online.securityfocus.com/bid/4114 pforum 1.14 and earlier does no explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. Analysis ---------------- ED_PRI CAN-2002-0287 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: While the comment on the News page is in German, it is clear that the vendor's statement on 20020214 constitutes sufficient acknowledgement, even when viewed using basic translation software: "Hiermit m?chte ich alle User des PFORUM auf eine schwere Sicherheitsl?cke aufmerksam machen... Diese Sicherheitsl?cke tritt nur auf, wenn auf den entsprechenden Webserver in der PHP.INI magic_quotes_gpc = Off sind." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0290 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413521417638&w=2 Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z Reference: BID:4124 Reference: URL:http://online.securityfocus.com/bid/4124 Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. Analysis ---------------- ED_PRI CAN-2002-0290 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the "webnews/manuals/update.htm" file in the WebNews distribution has an entry dated February 21, which states: "Fixed: Buffer Overflow Vulnerability reported by NGSSoftware Insight Security Research." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0251 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020206 -Possible- licq D.o.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301254432079&w=2 Reference: BUGTRAQ:20020208 RE: -Possible- licq D.o.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318594420200&w=2 Reference: BID:4036 Reference: URL:http://www.securityfocus.com/bid/4036 Reference: XF:licq-static-bo(8107) Reference: URL:http://www.iss.net/security_center/static/8107.php Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". Analysis ---------------- ED_PRI CAN-2002-0251 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0239 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 another hanterm exploit Reference: URL:http://online.securityfocus.com/archive/1/255168 Reference: BUGTRAQ:20020207 Overflow Vulnerabilities in hanterm Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310874106455&w=2 Reference: DEBIAN:DSA-112 Reference: URL:http://www.debian.org/security/2002/dsa-112 Reference: XF:hanterm-command-line-bo(8109) Reference: URL:http://www.iss.net/security_center/static/8109.php Reference: BID:4050 Reference: URL:http://online.securityfocus.com/bid/4050 Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. Analysis ---------------- ED_PRI CAN-2002-0239 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0240 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 PHP Advisory #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311746611160&w=2 Reference: BID:4057 Reference: URL:http://www.securityfocus.com/bid/4057 Reference: XF:apache-php-options-information(8119) Reference: URL:http://www.iss.net/security_center/static/8119.php PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. Analysis ---------------- ED_PRI CAN-2002-0240 3 Vendor Acknowledgement: Content Decisions: DESIGN-REAL-PATH Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0242 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0242 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2 Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Analysis ---------------- ED_PRI CAN-2002-0242 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0243 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0243 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2 Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. Analysis ---------------- ED_PRI CAN-2002-0243 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0244 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 AtheOS: escaping from a chroot jail Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310622531303&w=2 Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. Analysis ---------------- ED_PRI CAN-2002-0244 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0245 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F Reference: BID:4049 Reference: URL:http://online.securityfocus.com/bid/4049 Reference: XF:lotus-domino-reveal-information(8160) Reference: URL:http://www.iss.net/security_center/static/8160.php Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message. Analysis ---------------- ED_PRI CAN-2002-0245 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0247 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: DEBIAN:DSA-108 Reference: URL:http://www.debian.org/security/2002/dsa-108 Reference: BID:4054 Reference: URL:http://online.securityfocus.com/bid/4054 Reference: XF:wmtv-local-bo(8111) Reference: URL:http://www.iss.net/security_center/static/8111.php Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0247 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests distinguishing between different types of problems. Therefore the buffer overflow and symlink problems in wmtv are separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0248 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: DEBIAN:DSA-108 Reference: URL:http://www.debian.org/security/2002/dsa-108 Reference: BID:4052 Reference: URL:http://online.securityfocus.com/bid/4052 Reference: XF:wmtv-config-file-symlink(8110) Reference: URL:http://www.iss.net/security_center/static/8110.php wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. Analysis ---------------- ED_PRI CAN-2002-0248 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests distinguishing between different types of problems. Therefore the buffer overflow and symlink problems in wmtv are separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0249 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 Security Advisory - #1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311698909691&w=2 Reference: XF:php-123-path-information(8121) Reference: URL:http://www.iss.net/security_center/static/8121.php Reference: BID:4056 Reference: URL:http://www.securityfocus.com/bid/4056 PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. Analysis ---------------- ED_PRI CAN-2002-0249 3 Vendor Acknowledgement: Content Decisions: EX-BETA INCLUSION: CD:EX-BETA suggests that issues that occur only in beta software should be excluded from CVE, unless the software is "permanent" beta or has received wide distribution. It is not known whether this issue affects non-beta versions, or if this beta version received wide distribution. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0252 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020208 [SPSadvisory#46]Apple QuickTime Player "Content-Type" Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320742616105&w=2 Reference: XF:quicktime-content-header-bo(8126) Reference: URL:http://www.iss.net/security_center/static/8126.php Reference: BID:4064 Reference: URL:http://www.securityfocus.com/bid/4064 Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. Analysis ---------------- ED_PRI CAN-2002-0252 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0253 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020207 Advisory #3 - PHP & JSP Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318944130790&w=2 Reference: BID:4063 Reference: URL:http://online.securityfocus.com/bid/4063 Reference: XF:php-slash-path-information(8122) Reference: URL:http://www.iss.net/security_center/static/8122.php PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path. Analysis ---------------- ED_PRI CAN-2002-0253 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0254 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020208 -possible- Bufferoverflow in ICQ 2001b Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320492009565&w=2 ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. Analysis ---------------- ED_PRI CAN-2002-0254 3 Vendor Acknowledgement: Content Decisions: EX-BETA, EX-CLIENT-DOS INCLUSION: CD:EX-BETA suggests that issues for software that is in "permanent beta" should be included in CVE. CD:EX-CLIENT-DOS suggests that a DoS in a client should not be included in CVE, if the DoS can be recovered from by merely restarting the client. The original Bugtraq post indicates a scenario in which, if the file is saved to disk, it may prevent ICQ from restarting correctly. Thus the DoS would extend to other (attempted) restarts of the client, and this item should be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0255 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020208 arescom 800 authentification flaw Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101323620111951&w=2 Reference: XF:netdsl-telnet-bypass-authentication(8125) Reference: URL:http://www.iss.net/security_center/static/8125.php Reference: BID:4066 Reference: URL:http://www.securityfocus.com/bid/4066 The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. Analysis ---------------- ED_PRI CAN-2002-0255 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0256 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 Arescom NetDSL-1000 telnetd DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328827420630&w=2 Reference: BID:4067 Reference: URL:http://www.securityfocus.com/bid/4067 Reference: XF:netdsl-telnet-dos(8123) Reference: URL:http://www.iss.net/security_center/static/8123.php The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop. Analysis ---------------- ED_PRI CAN-2002-0256 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0257 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328880521775&w=2 Reference: CONFIRM:http://www.netcreations.addr.com/dcforum/DCForumID2/126.html Reference: XF:makebid-description-css(8161) Reference: URL:http://www.iss.net/security_center/static/8161.php Reference: BID:4069 Reference: URL:http://www.securityfocus.com/bid/4069 Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. Analysis ---------------- ED_PRI CAN-2002-0257 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0258 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 Security Issue in Icewarp Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328887821909&w=2 Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. Analysis ---------------- ED_PRI CAN-2002-0258 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0259 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0259 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2 Reference: CONFIRM:http://www.instantservers.com/releases.html Reference: XF:miniportal-plaintext-information(8170) Reference: URL:http://www.iss.net/security_center/static/8170.php Reference: BID:4076 Reference: URL:http://www.securityfocus.com/bid/4076 InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0259 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC, DESIGN-WEAK-ENCRYPTION ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the change log entry dated "Version 1.1.6: 02-01-2002" has a "security fixes:" section that includes "passwords stored in encrypted format." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0260 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2 Reference: CONFIRM:http://www.instantservers.com/releases.html Reference: BID:4073 Reference: URL:http://www.securityfocus.com/bid/4073 Reference: XF:miniportal-ftp-login-bo(8172) Reference: URL:http://www.iss.net/security_center/static/8172.php Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility. Analysis ---------------- ED_PRI CAN-2002-0260 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the change log entry dated "Version 1.1.6: 02-01-2002" has a "security fixes:" section that includes "FTP logging buffer overflow condition fixed." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0261 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0261 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2 Reference: CONFIRM:http://www.instantservers.com/releases.html Reference: BID:4075 Reference: URL:http://www.securityfocus.com/bid/4075 Reference: XF:miniportal-ftp-directory-traversal(8171) Reference: URL:http://www.iss.net/security_center/static/8171.php Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command. Analysis ---------------- ED_PRI CAN-2002-0261 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the change log entry dated "Version 1.1.6: 02-01-2002" has a "security fixes:" section that includes "FTP server now disallows 'cd /.../'" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0262 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0262 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020210 Sybex E-Trainer Directory Traversal Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101344812311216&w=2 Reference: BID:4071 Reference: URL:http://online.securityfocus.com/bid/4071 Reference: XF:sybex-etrainer-directory-traversal(8175) Reference: URL:http://www.iss.net/security_center/static/8175.php Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Analysis ---------------- ED_PRI CAN-2002-0262 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0263 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020211 EasyBoard 2000 Remote Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101345069220199&w=2 Reference: XF:ezboard-bbs-contenttype-bo(8162) Reference: URL:http://www.iss.net/security_center/static/8162.php Reference: BID:4068 Reference: URL:http://www.securityfocus.com/bid/4068 Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi. Analysis ---------------- ED_PRI CAN-2002-0263 3 Vendor Acknowledgement: unknown foreign Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0264 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020211 PowerFTP Personal FTP Server Multiple Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101361745222207&w=2 Reference: BID:4074 Reference: URL:http://www.securityfocus.com/bid/4074 PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0264 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0266 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020211 Re: texis(CGI) Path Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346478229431&w=2 Reference: BUGTRAQ:20020206 texis(CGI) Path Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301228031165&w=2 Reference: XF:texis-cgi-information-disclosure(8103) Reference: URL:http://www.iss.net/security_center/static/8103.php Reference: BID:4035 Reference: URL:http://online.securityfocus.com/bid/4035 Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. Analysis ---------------- ED_PRI CAN-2002-0266 3 Vendor Acknowledgement: yes followup Content Decisions: DESIGN-REAL-PATH Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0268 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 Identix BioLogon 3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366270807034&w=2 Reference: BID:4101 Reference: URL:http://online.securityfocus.com/bid/4101 Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. Analysis ---------------- ED_PRI CAN-2002-0268 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0269 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0269 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2 Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. Analysis ---------------- ED_PRI CAN-2002-0269 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0270 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2 Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. Analysis ---------------- ED_PRI CAN-2002-0270 3 Vendor Acknowledgement: Content Decisions: CF INCLUSION: If this configuration issue is explicitly allowed through Opera's design, and it is not a default behavior, then perhaps this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0271 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101353440624007&w=2 Reference: BID:4086 Reference: URL:http://online.securityfocus.com/bid/4086 Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2002-0271 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0272 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Re: mpg321 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366518310823&w=2 Reference: VULN-DEV:20020212 mpg321 Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101355590918475&w=2 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=79237 Reference: BID:4091 Reference: URL:http://online.securityfocus.com/bid/4091 Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request. Analysis ---------------- ED_PRI CAN-2002-0272 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0273 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 NetWin CWMail.exe Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362100602008&w=2 Reference: BID:4093 Reference: URL:http://online.securityfocus.com/bid/4093 Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. Analysis ---------------- ED_PRI CAN-2002-0273 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2 Reference: BID:4099 Reference: URL:http://online.securityfocus.com/bid/4099 Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Analysis ---------------- ED_PRI CAN-2002-0275 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0277 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020214 Add2it Mailman command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2 Reference: CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter. Analysis ---------------- ED_PRI CAN-2002-0277 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC says to SPLIT between issues of different types. The directory traversal and shell metacharacter problems are of different types, so separate items are created for them. ACKNOWLEDGEMENT: in the history file for version 1.80, the vendor states: "Security problem fixed: Now it is impossible to write to or execute files on a server that are outside the Add2it Mailman Free directory." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0278 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020214 Add2it Mailman command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2 Reference: CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter. Analysis ---------------- ED_PRI CAN-2002-0278 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC says to SPLIT between issues of different types. The directory traversal and shell metacharacter problems are of different types, so separate items are created for them. ACKNOWLEDGEMENT: in the history file for version 1.80, the vendor states: "Security problem fixed: Now it is impossible to write to or execute files on a server that are outside the Add2it Mailman Free directory." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0279 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: HP:HPSBUX0202-183 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101372194225046&w=2 Reference: BID:4094 Reference: URL:http://online.securityfocus.com/bid/4094 The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges. Analysis ---------------- ED_PRI CAN-2002-0279 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC It is uncertain how severe the vulnerability is; the advisory states both "Possible denial of service" and "servers could be locally compromised." INCLUSION: CD:VAGUE states that even if an advisory from a vendor is vague, it should be included in CVE, because it fixes *some* issue for which there is high confidence that the issue is real. ABSTRACTION: the advisory is so vague that it is not completely clear whether it is addressing the same setrlimit vulnerability as in HP:HPSBUX0107-156. However, since HP has released different advisories *and* the problem described in HP:HPSBUX0107-156 only affects HP-UX 11.00 and earlier, then CD:SF-LOC suggests that the issues should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0280 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0280 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020215 codeblue remote root Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101392671306875&w=2 Reference: MISC:http://freshmeat.net/releases/71514/ Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply. Analysis ---------------- ED_PRI CAN-2002-0280 3 Vendor Acknowledgement: unknown vague ACKNOWLEDGEMENT: it is unclear whether the vendor fixed this issue or not. The change log for version 4.2, dated 20020304, says "Minor security fixes," which doesn't seem like a description for a remote root problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0281 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0281 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020215 [ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379217032525&w=2 Reference: MISC:http://www.dcp-portal.com/contents.php?id=18 Reference: BID:4112 Reference: URL:http://online.securityfocus.com/bid/4112 Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. Analysis ---------------- ED_PRI CAN-2002-0281 3 Vendor Acknowledgement: unknown foreign Content Decisions: DCP PORTAL DCPPORTAL ACKNOWLEDGEMENT: an apparent change log on the vendor's page includes mention of the person who sent the post, but it is in a foreign language (Turkish?), so it cannot be certain whether this contains acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0282 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494497608620&w=2 Reference: BUGTRAQ:20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379160830631&w=2 Reference: CONFIRM:http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1 Reference: BID:4113 Reference: URL:http://online.securityfocus.com/bid/4113 Reference: XF:dcpportal-language-path-disclosure(8310) Reference: URL:http://www.iss.net/security_center/static/8310.php DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. Analysis ---------------- ED_PRI CAN-2002-0282 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC, VAGUE ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in the same version. All the listed issues are of the type "information leak in error message." According to the poster, this problem and "all the bugs stated [previously?]" were fixed in 4.5.1, so they appeared in the same versions. ACKNOWLEDGEMENT: the vendor's change log page includes an entry dated 2/26/02, which states: "Bug fixes. These bugs reported by Ahmet Sabri ALPER PCLife System Security Editor," i.e. the person who disclosed the vulnerability. While it is clear that the vendor fixed at least one of the above bugs, it is not certain whether the vendor addressed both ARL02-A02 and ARL02-A04, as the phrase "these bugs" could have applied solely to ARL02-A04. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0283 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020215 Windows XP Remote DOS attacks with SYN Flag. Make CPU 100% Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408718030099&w=2 Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. Analysis ---------------- ED_PRI CAN-2002-0283 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0284 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020215 winamp and wma Song Licenses Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408781031527&w=2 Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. Analysis ---------------- ED_PRI CAN-2002-0284 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0285 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020212 Outlook will see non-existing attachments Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362077701164&w=2 Reference: BID:4092 Reference: URL:http://online.securityfocus.com/bid/4092 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. Analysis ---------------- ED_PRI CAN-2002-0285 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0286 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0286 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020216 SiteNews remote add user exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101388393808699&w=2 Reference: BID:4046 Reference: URL:http://online.securityfocus.com/bid/4046 The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. Analysis ---------------- ED_PRI CAN-2002-0286 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0288 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2 Reference: BID:4117 Reference: URL:http://online.securityfocus.com/bid/4117 Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request. Analysis ---------------- ED_PRI CAN-2002-0288 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0289 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2 Reference: BID:4118 Reference: URL:http://online.securityfocus.com/bid/4118 Reference: BID:4119 Reference: URL:http://online.securityfocus.com/bid/4119 Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request. Analysis ---------------- ED_PRI CAN-2002-0289 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0291 Final-Decision: Interim-Decision: Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020218 Dino's Webserver v1.2 DoS, possible overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415416513746&w=2 Reference: XF:dino-log-tag-bo(8233) Reference: URL:http://www.iss.net/security_center/static/8233.php Reference: BID:4123 Reference: URL:http://online.securityfocus.com/bid/4123 Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. Analysis ---------------- ED_PRI CAN-2002-0291 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
