[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-86 - 53 candidates

I am proposing cluster RECENT-86 for review and voting by the
Editorial Board.

Name: RECENT-86
Description: Candidates announced between 2/6/2002 and 2/18/2002
Size: 53

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0241
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0241
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml
Reference: XF:ciscosecure-nds-authentication(8106)
Reference: URL:http://www.iss.net/security_center/static/8106.php
Reference: BID:4048
Reference: URL:http://www.securityfocus.com/bid/4048

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1
does not check the Expired or Disabled state of users in the Novell
Directory Services (NDS), which could allow those users to
authenticate to the server.

Analysis
----------------
ED_PRI CAN-2002-0241 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0246
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0246
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code
Reference: URL:http://online.securityfocus.com/archive/1/255414
Reference: CALDERA:CSSA-2002-SCO.3
Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
Reference: BID:4060
Reference: URL:http://online.securityfocus.com/bid/4060
Reference: XF:unixware-msg-catalog-format-string(8113)
Reference: URL:http://www.iss.net/security_center/static/8113.php

Format string vulnerability in the message catalog library functions
in UnixWare 7.1.1 allows local users to gain privileges by modifying
the LC_MESSAGE environment variable to read other message catalogs
containing format strings from setuid programs such as vxprint.

Analysis
----------------
ED_PRI CAN-2002-0246 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0250
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0250
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2
Reference: HP:HPSBUX0202-185
Reference: URL:http://online.securityfocus.com/advisories/3870
Reference: BID:4062
Reference: URL:http://www.securityfocus.com/bid/4062
Reference: XF:hp-advancestack-bypass-auth(8124)
Reference: URL:http://www.iss.net/security_center/static/8124.php

Web configuration utility in HP AdvanceStack hubs J3200A through
J3210A with firmware version A.03.07 and earlier, allows unauthorized
users to bypass authentication via a direct HTTP request to the
web_access.html file, which allows the user to change the switch's
configuration and modify the administrator password.

Analysis
----------------
ED_PRI CAN-2002-0250 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020211 Vulnerability in Sawmill for  Solaris v. 6.2.14
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346206921270&w=2
Reference: CONFIRM:http://www.sawmill.net/version_history.html
Reference: BID:4077
Reference: URL:http://www.securityfocus.com/bid/4077
Reference: XF:sawmill-admin-password-insecure(8173)
Reference: URL:http://www.iss.net/security_center/static/8173.php

Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file
with world-writable permissions, which allows local users to gain
privileges by modifying the file.

Analysis
----------------
ED_PRI CAN-2002-0265 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: in the release notes, in the section titled "Version
6.2.15, shipped February 10, 2002," the vendor states: "Fixed a
security flaw in which the AdminPassword file was created with
incorrect permissions (666 instead of 600)"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0267
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0267
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363233905645&w=2
Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html
Reference: BID:4097
Reference: URL:http://online.securityfocus.com/bid/4097

preferences.php in Simple Internet Publishing System (SIPS) before
0.3.1 allows remote attackers to gain administrative privileges via a
linebreak in the "theme" field followed by the Status::admin command,
which causes the Status line to be entered into the password file.

Analysis
----------------
ED_PRI CAN-2002-0267 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0274
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0274
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362618118598&w=2
Reference: CONFIRM:http://www.exim.org/pipermail/exim-announce/2002q1/000053.html

Exim 3.34 and earlier may allow local users to gain privileges via a
buffer overflow in long -C (configuration file) and other command line
arguments.

Analysis
----------------
ED_PRI CAN-2002-0274 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: A post to the Exim-announce mailing list on February
19th refers to problems "raised by the bugtraq posting last week."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0276
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0276
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101370874219511&w=2
Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history
Reference: BID:4104
Reference: URL:http://online.securityfocus.com/bid/4104

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier,
when running on networks with an MTU greater than 2000, allows remote
attackers to execute arbitrary code via large packets.

Analysis
----------------
ED_PRI CAN-2002-0276 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the entry for version 0.6.4 in the vendor's history
file states "Fixed the possibility of remote exploitation on interface
with MTU > 1500"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0287
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0287
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101389284625019&w=2
Reference: CONFIRM:http://www.powie.de/news/index.php
Reference: BID:4114
Reference: URL:http://online.securityfocus.com/bid/4114

pforum 1.14 and earlier does no explicitly enable PHP magic quotes,
which allows remote attackers to bypass authentication and gain
administrator privileges via an SQL injection attack when the PHP
server is not configured to use magic quotes by default.

Analysis
----------------
ED_PRI CAN-2002-0287 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: While the comment on the News page is in German, it
is clear that the vendor's statement on 20020214 constitutes
sufficient acknowledgement, even when viewed using basic translation
software: "Hiermit m?chte ich alle User des PFORUM auf eine schwere
Sicherheitsl?cke aufmerksam machen... Diese Sicherheitsl?cke tritt nur
auf, wenn auf den entsprechenden Webserver in der PHP.INI
magic_quotes_gpc = Off sind."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0290
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0290
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101413521417638&w=2
Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
Reference: BID:4124
Reference: URL:http://online.securityfocus.com/bid/4124

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows
remote attackers to execute arbitrary code via a long group argument.

Analysis
----------------
ED_PRI CAN-2002-0290 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the "webnews/manuals/update.htm" file in the WebNews
distribution has an entry dated February 21, which states: "Fixed:
Buffer Overflow Vulnerability reported by NGSSoftware Insight Security
Research."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0251
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0251
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020206 -Possible- licq D.o.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301254432079&w=2
Reference: BUGTRAQ:20020208 RE: -Possible- licq D.o.S
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318594420200&w=2
Reference: BID:4036
Reference: URL:http://www.securityfocus.com/bid/4036
Reference: XF:licq-static-bo(8107)
Reference: URL:http://www.iss.net/security_center/static/8107.php

Buffer overflow in licq 1.0.4 and earlier allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via a long string of format string characters such as "%d".

Analysis
----------------
ED_PRI CAN-2002-0251 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0239
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0239
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 another hanterm exploit
Reference: URL:http://online.securityfocus.com/archive/1/255168
Reference: BUGTRAQ:20020207 Overflow Vulnerabilities in hanterm
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310874106455&w=2
Reference: DEBIAN:DSA-112
Reference: URL:http://www.debian.org/security/2002/dsa-112
Reference: XF:hanterm-command-line-bo(8109)
Reference: URL:http://www.iss.net/security_center/static/8109.php
Reference: BID:4050
Reference: URL:http://online.securityfocus.com/bid/4050

Buffer overflow in hanterm 3.3.1 and earlier allows local users to
execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or
(3) -hfn argument.

Analysis
----------------
ED_PRI CAN-2002-0239 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0240
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0240
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 PHP Advisory #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311746611160&w=2
Reference: BID:4057
Reference: URL:http://www.securityfocus.com/bid/4057
Reference: XF:apache-php-options-information(8119)
Reference: URL:http://www.iss.net/security_center/static/8119.php

PHP, when installed with Apache and configured to search for index.php
as a default web page, allows remote attackers to obtain the full
pathname of the server via the HTTP OPTIONS method, which reveals the
pathname in the resulting error message.

Analysis
----------------
ED_PRI CAN-2002-0240 3
Vendor Acknowledgement:
Content Decisions: DESIGN-REAL-PATH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0242
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0242
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2

Cross-site scripting vulnerability in Internet Explorer 6 earlier
allows remote attackers to execute arbitrary script via an Extended
HTML Form, whose output from the remote server is not properly
cleansed.

Analysis
----------------
ED_PRI CAN-2002-0242 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0243
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0243
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101309907709138&w=2

Cross-site scripting vulnerability in Opera 6.0 and earlier allows
remote attackers to execute arbitrary script via an Extended HTML
Form, whose output from the remote server is not properly cleansed.

Analysis
----------------
ED_PRI CAN-2002-0243 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0244
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0244
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 AtheOS: escaping from a chroot jail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310622531303&w=2

Directory traversal vulnerability in chroot function in AtheOS 0.3.7
allows attackers to escape the jail via a .. (dot dot) in the pathname
argument to chdir.

Analysis
----------------
ED_PRI CAN-2002-0244 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0245
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0245
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101310812804716&w=2
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F
Reference: BID:4049
Reference: URL:http://online.securityfocus.com/bid/4049
Reference: XF:lotus-domino-reveal-information(8160)
Reference: URL:http://www.iss.net/security_center/static/8160.php

Lotus Domino server 5.0.8 with NoBanner enabled allows remote
attackers to (1) determine the physical path of the server via a
request for a nonexistent file with a .pl (Perl) extension, which
leaks the pathname in the error message, or (2) make any request that
causes an HTTP 500 error, which leaks the server's version name in the
HTTP error message.

Analysis
----------------
ED_PRI CAN-2002-0245 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0247
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0247
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: DEBIAN:DSA-108
Reference: URL:http://www.debian.org/security/2002/dsa-108
Reference: BID:4054
Reference: URL:http://online.securityfocus.com/bid/4054
Reference: XF:wmtv-local-bo(8111)
Reference: URL:http://www.iss.net/security_center/static/8111.php

Buffer overflows in wmtv 0.6.5 and earlier may allow local users to
gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0247 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests distinguishing between different types
of problems. Therefore the buffer overflow and symlink problems in
wmtv are separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0248
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0248
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: DEBIAN:DSA-108
Reference: URL:http://www.debian.org/security/2002/dsa-108
Reference: BID:4052
Reference: URL:http://online.securityfocus.com/bid/4052
Reference: XF:wmtv-config-file-symlink(8110)
Reference: URL:http://www.iss.net/security_center/static/8110.php

wmtv 0.6.5 and earlier allows local users to modify arbitrary files
via a symlink attack on a configuration file.

Analysis
----------------
ED_PRI CAN-2002-0248 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests distinguishing between different types
of problems. Therefore the buffer overflow and symlink problems in
wmtv are separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0249
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0249
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 Security Advisory - #1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101311698909691&w=2
Reference: XF:php-123-path-information(8121)
Reference: URL:http://www.iss.net/security_center/static/8121.php
Reference: BID:4056
Reference: URL:http://www.securityfocus.com/bid/4056

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone
CGI module, allows remote attackers to obtain the physical path of the
php.exe via a request with malformed arguments such as /123, which
leaks the pathname in the error message.

Analysis
----------------
ED_PRI CAN-2002-0249 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

INCLUSION: CD:EX-BETA suggests that issues that occur only in beta
software should be excluded from CVE, unless the software is
"permanent" beta or has received wide distribution. It is not known
whether this issue affects non-beta versions, or if this beta version
received wide distribution.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0252
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0252
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020208 [SPSadvisory#46]Apple QuickTime Player "Content-Type" Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320742616105&w=2
Reference: XF:quicktime-content-header-bo(8126)
Reference: URL:http://www.iss.net/security_center/static/8126.php
Reference: BID:4064
Reference: URL:http://www.securityfocus.com/bid/4064

Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote
web servers to execute arbitrary code via a response containing a long
Content-Type MIME header.

Analysis
----------------
ED_PRI CAN-2002-0252 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0253
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0253
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020207 Advisory #3 - PHP & JSP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318944130790&w=2
Reference: BID:4063
Reference: URL:http://online.securityfocus.com/bid/4063
Reference: XF:php-slash-path-information(8122)
Reference: URL:http://www.iss.net/security_center/static/8122.php

PHP, when not configured with the "display_errors = Off" setting in
php.ini, allows remote attackers to obtain the physical path for an
include file via a trailing slash in a request to a directly
accessible PHP program, which modifies the base path, causes the
include directive to fail, and produces an error message that contains
the path.

Analysis
----------------
ED_PRI CAN-2002-0253 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0254
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0254
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020208 -possible- Bufferoverflow in ICQ 2001b
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101320492009565&w=2

ICQ 2001b Build 3659 allows remote attackers to cause a denial of
service (crash) via a malformed picture that contains large height and
width values, which causes the crash when viewed in Userdetails.

Analysis
----------------
ED_PRI CAN-2002-0254 3
Vendor Acknowledgement:
Content Decisions: EX-BETA, EX-CLIENT-DOS

INCLUSION: CD:EX-BETA suggests that issues for software that is in
"permanent beta" should be included in CVE. CD:EX-CLIENT-DOS suggests
that a DoS in a client should not be included in CVE, if the DoS can
be recovered from by merely restarting the client. The original
Bugtraq post indicates a scenario in which, if the file is saved to
disk, it may prevent ICQ from restarting correctly. Thus the DoS would
extend to other (attempted) restarts of the client, and this item
should be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0255
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0255
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020208 arescom 800 authentification flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101323620111951&w=2
Reference: XF:netdsl-telnet-bypass-authentication(8125)
Reference: URL:http://www.iss.net/security_center/static/8125.php
Reference: BID:4066
Reference: URL:http://www.securityfocus.com/bid/4066

The default configuration of Arescom NetDSL 800 does not require
authentication, which allows remote attackers to cause a denial of
service or reconfigure the router.

Analysis
----------------
ED_PRI CAN-2002-0255 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0256
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0256
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 Arescom NetDSL-1000 telnetd DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328827420630&w=2
Reference: BID:4067
Reference: URL:http://www.securityfocus.com/bid/4067
Reference: XF:netdsl-telnet-dos(8123)
Reference: URL:http://www.iss.net/security_center/static/8123.php

The telnet port in Arescom NetDSL 1000 router allows remote attackers
to cause a denial of service via a series of connections with long
strings, which causes a large number of login failures and causes the
telnet service to stop.

Analysis
----------------
ED_PRI CAN-2002-0256 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0257
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0257
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328880521775&w=2
Reference: CONFIRM:http://www.netcreations.addr.com/dcforum/DCForumID2/126.html
Reference: XF:makebid-description-css(8161)
Reference: URL:http://www.iss.net/security_center/static/8161.php
Reference: BID:4069
Reference: URL:http://www.securityfocus.com/bid/4069

Cross-site scripting vulnerability in auction.pl of MakeBid Auction
Deluxe 3.30 allows remote attackers to obtain information from other
users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4)
searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9)
ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Analysis
----------------
ED_PRI CAN-2002-0257 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0258
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0258
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 Security Issue in Icewarp
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101328887821909&w=2

Merak Mail IceWarp Web Mail uses a static identifier as a user session
ID that does not change across sessions, which could allow remote
attackers with access to the ID to gain privileges as that user, e.g.
by extracting the ID from the user's answer or forward URLs.

Analysis
----------------
ED_PRI CAN-2002-0258 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0259
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0259
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference: CONFIRM:http://www.instantservers.com/releases.html
Reference: XF:miniportal-plaintext-information(8170)
Reference: URL:http://www.iss.net/security_center/static/8170.php
Reference: BID:4076
Reference: URL:http://www.securityfocus.com/bid/4076

InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and
account data in plaintext in (1) .pwd files in the miniportal/apache
directory, or (2) mplog.txt, which could allow local users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-0259 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC, DESIGN-WEAK-ENCRYPTION

ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the
change log entry dated "Version 1.1.6: 02-01-2002" has a "security
fixes:" section that includes "passwords stored in encrypted format."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0260
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0260
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference: CONFIRM:http://www.instantservers.com/releases.html
Reference: BID:4073
Reference: URL:http://www.securityfocus.com/bid/4073
Reference: XF:miniportal-ftp-login-bo(8172)
Reference: URL:http://www.iss.net/security_center/static/8172.php

Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows
remote attackers to execute arbitrary code via a long login name,
which is not properly handled by the logging utility.

Analysis
----------------
ED_PRI CAN-2002-0260 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the
change log entry dated "Version 1.1.6: 02-01-2002" has a "security
fixes:" section that includes "FTP logging buffer overflow condition
fixed."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0261
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0261
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020209 InstantServers MiniPortal Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101329397901071&w=2
Reference: CONFIRM:http://www.instantservers.com/releases.html
Reference: BID:4075
Reference: URL:http://www.securityfocus.com/bid/4075
Reference: XF:miniportal-ftp-directory-traversal(8171)
Reference: URL:http://www.iss.net/security_center/static/8171.php

Directory traversal vulnerability in InstantServers MiniPortal 1.1.5
and earlier allows remote authenticated users to read arbitrary files
via a ... (modified dot dot) in the GET command.

Analysis
----------------
ED_PRI CAN-2002-0261 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: In the releases web page on the vendor web site, the
change log entry dated "Version 1.1.6: 02-01-2002" has a "security
fixes:" section that includes "FTP server now disallows 'cd /.../'"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0262
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0262
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020210 Sybex E-Trainer Directory Traversal Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101344812311216&w=2
Reference: BID:4071
Reference: URL:http://online.securityfocus.com/bid/4071
Reference: XF:sybex-etrainer-directory-traversal(8175)
Reference: URL:http://www.iss.net/security_center/static/8175.php

Directory traversal vulnerability in netget for Sybex E-Trainer web
server allows remote attackers to read arbitrary files via a .. (dot
dot) in the file parameter.

Analysis
----------------
ED_PRI CAN-2002-0262 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0263
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0263
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020211 EasyBoard 2000 Remote Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101345069220199&w=2
Reference: XF:ezboard-bbs-contenttype-bo(8162)
Reference: URL:http://www.iss.net/security_center/static/8162.php
Reference: BID:4068
Reference: URL:http://www.securityfocus.com/bid/4068

Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote
attackers to execute arbitrary code via a long boundary value in a
multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or
(3) ezadmin.cgi.

Analysis
----------------
ED_PRI CAN-2002-0263 3
Vendor Acknowledgement: unknown foreign
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0264
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0264
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020211 PowerFTP Personal FTP Server Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101361745222207&w=2
Reference: BID:4074
Reference: URL:http://www.securityfocus.com/bid/4074

PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive
account information in plaintext in the ftpserver.ini file, which
allows attackers with access to the file to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0264 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0266
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0266
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020211 Re: texis(CGI) Path Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346478229431&w=2
Reference: BUGTRAQ:20020206 texis(CGI) Path Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301228031165&w=2
Reference: XF:texis-cgi-information-disclosure(8103)
Reference: URL:http://www.iss.net/security_center/static/8103.php
Reference: BID:4035
Reference: URL:http://online.securityfocus.com/bid/4035

Thunderstone Texis CGI script allows remote attackers to obtain the
full path of the web root via a request for a nonexistent file, which
generates an error message that includes the full pathname.

Analysis
----------------
ED_PRI CAN-2002-0266 3
Vendor Acknowledgement: yes followup
Content Decisions: DESIGN-REAL-PATH

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0268
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0268
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 Identix BioLogon 3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366270807034&w=2
Reference: BID:4101
Reference: URL:http://online.securityfocus.com/bid/4101

Identix BioLogon 3 allows users with physical access to the system to
gain administrative privileges by using CTRL-ALT-DEL and running a
"Browse" function, which runs Explorer with SYSTEM privileges.

Analysis
----------------
ED_PRI CAN-2002-0268 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0269
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0269
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2

Internet Explorer 5.x and 6 interprets an object as an HTML document
even when its MIME Content-Type is text/plain, which could allow
remote attackers to execute arbitrary script in documents that the
user does not expect, possibly through web applications that use a
text/plain type to prevent cross-site scripting attacks.

Analysis
----------------
ED_PRI CAN-2002-0269 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0270
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0270
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: CF
Reference: BUGTRAQ:20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363764421623&w=2

Opera, when configured with the "Determine action by MIME type" option
disabled, interprets an object as an HTML document even when its MIME
Content-Type is text/plain, which could allow remote attackers to
execute arbitrary script in documents that the user does not expect,
possibly through web applications that use a text/plain type to
prevent cross-site scripting attacks.

Analysis
----------------
ED_PRI CAN-2002-0270 3
Vendor Acknowledgement:
Content Decisions: CF

INCLUSION: If this configuration issue is explicitly allowed through
Opera's design, and it is not a default behavior, then perhaps this
item should not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0271
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0271
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 RUS-CERT Advisory 2002-02:01: Temporary file handling in GNAT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101353440624007&w=2
Reference: BID:4086
Reference: URL:http://online.securityfocus.com/bid/4086

Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows
local users to modify files of other users via a symlink attack on
temporary files.

Analysis
----------------
ED_PRI CAN-2002-0271 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 Re: mpg321
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366518310823&w=2
Reference: VULN-DEV:20020212 mpg321
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101355590918475&w=2
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=79237
Reference: BID:4091
Reference: URL:http://online.securityfocus.com/bid/4091

Buffer overflows in mpg321 before 0.2.9 allows local and possibly
remote attackers to execute arbitrary code via a long URL to (1) a
command line option, (2) an HTTP request, or (3) an FTP request.

Analysis
----------------
ED_PRI CAN-2002-0272 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0273
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0273
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 NetWin CWMail.exe Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362100602008&w=2
Reference: BID:4093
Reference: URL:http://online.securityfocus.com/bid/4093

Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote
authenticated users to execute arbitrary code via a long item
parameter.

Analysis
----------------
ED_PRI CAN-2002-0273 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0275
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0275
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101363946626951&w=2
Reference: BID:4099
Reference: URL:http://online.securityfocus.com/bid/4099

Falcon web server 2.0.0.1020 and earlier allows remote attackers to
bypass authentication and read restricted files via an extra / (slash)
in the requested URL.

Analysis
----------------
ED_PRI CAN-2002-0275 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0277
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0277
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020214 Add2it Mailman command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2
Reference: CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml

Add2it Mailman Free 1.73 and earlier allows remote attackers to
execute arbitrary commands via shell metacharacters in the list
parameter.

Analysis
----------------
ED_PRI CAN-2002-0277 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC says to SPLIT between issues of different
types. The directory traversal and shell metacharacter problems are of
different types, so separate items are created for them.
ACKNOWLEDGEMENT: in the history file for version 1.80, the vendor
states: "Security problem fixed: Now it is impossible to write to or
execute files on a server that are outside the Add2it Mailman Free
directory."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0278
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0278
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020214 Add2it Mailman command execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101371994219708&w=2
Reference: CONFIRM:http://www.add2it.com/scripts/mailman-free-history.shtml

Directory traversal vulnerability in Add2it Mailman Free 1.73 and
earlier allows remote attackers to modify arbitrary files via a ..
(dot dot) in the list parameter.

Analysis
----------------
ED_PRI CAN-2002-0278 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC says to SPLIT between issues of different
types. The directory traversal and shell metacharacter problems are of
different types, so separate items are created for them.
ACKNOWLEDGEMENT: in the history file for version 1.80, the vendor
states: "Security problem fixed: Now it is impossible to write to or
execute files on a server that are outside the Add2it Mailman Free
directory."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0279
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0279
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: HP:HPSBUX0202-183
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101372194225046&w=2
Reference: BID:4094
Reference: URL:http://online.securityfocus.com/bid/4094

The kernel in HP-UX 11.11 does not properly provide arguments for
setrlimit, which could allow local attackers to cause a denial of
service (kernel panic) and possibly gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0279 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

It is uncertain how severe the vulnerability is; the advisory states
both "Possible denial of service" and "servers could be locally
compromised."
INCLUSION: CD:VAGUE states that even if an advisory from a vendor is
vague, it should be included in CVE, because it fixes *some* issue for
which there is high confidence that the issue is real.
ABSTRACTION: the advisory is so vague that it is not completely clear
whether it is addressing the same setrlimit vulnerability as in
HP:HPSBUX0107-156. However, since HP has released different advisories
*and* the problem described in HP:HPSBUX0107-156 only affects HP-UX
11.00 and earlier, then CD:SF-LOC suggests that the issues should
remain SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0280
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0280
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020215 codeblue remote root
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101392671306875&w=2
Reference: MISC:http://freshmeat.net/releases/71514/

Buffer overflow in CodeBlue 4 and earlier, and possibly other
versions, allows remote attackers to execute arbitrary code via a long
string in an SMTP reply.

Analysis
----------------
ED_PRI CAN-2002-0280 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: it is unclear whether the vendor fixed this issue or
not. The change log for version 4.2, dated 20020304, says "Minor
security fixes," which doesn't seem like a description for a remote
root problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0281
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0281
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020215 [ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379217032525&w=2
Reference: MISC:http://www.dcp-portal.com/contents.php?id=18
Reference: BID:4112
Reference: URL:http://online.securityfocus.com/bid/4112

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier
allows remote attackers to gain privileges of other portal users by
providing Javascript in the job information field to user_update.php.

Analysis
----------------
ED_PRI CAN-2002-0281 3
Vendor Acknowledgement: unknown foreign
Content Decisions: DCP PORTAL DCPPORTAL

ACKNOWLEDGEMENT: an apparent change log on the vendor's page includes
mention of the person who sent the post, but it is in a foreign
language (Turkish?), so it cannot be certain whether this contains
acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0282
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0282
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101494497608620&w=2
Reference: BUGTRAQ:20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101379160830631&w=2
Reference: CONFIRM:http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1
Reference: BID:4113
Reference: URL:http://online.securityfocus.com/bid/4113
Reference: XF:dcpportal-language-path-disclosure(8310)
Reference: URL:http://www.iss.net/security_center/static/8310.php

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the
physical path of the server via (1) a direct request to add_user.php,
or via an invalid new_language parameter in (2) contents.php, (3)
categories.php, or (4) files.php, which leaks the path in an error
message.

Analysis
----------------
ED_PRI CAN-2002-0282 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC, VAGUE

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type in
the same version. All the listed issues are of the type "information
leak in error message." According to the poster, this problem and "all
the bugs stated [previously?]" were fixed in 4.5.1, so they appeared
in the same versions.
ACKNOWLEDGEMENT: the vendor's change log page includes an entry dated
2/26/02, which states: "Bug fixes. These bugs reported by Ahmet Sabri
ALPER PCLife System Security Editor," i.e. the person who disclosed
the vulnerability.  While it is clear that the vendor fixed at least
one of the above bugs, it is not certain whether the vendor addressed
both ARL02-A02 and ARL02-A04, as the phrase "these bugs" could have
applied solely to ARL02-A04.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0283
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0283
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020215 Windows XP Remote DOS attacks with SYN Flag. Make CPU 100%
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408718030099&w=2

Windows XP with port 445 open allows remote attackers to cause a
denial of service (CPU consumption) via a flood of TCP SYN packets
containing possibly malformed data.

Analysis
----------------
ED_PRI CAN-2002-0283 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0284
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0284
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020215 winamp and wma Song Licenses
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408781031527&w=2

Winamp 2.78 and 2.77, when opening a wma file that requires a license,
sends the full path of the Temporary Internet Files directory to the
web page that is processing the license, which could allow malicious
web servers to obtain the pathname.

Analysis
----------------
ED_PRI CAN-2002-0284 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0285
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0285
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020212 Outlook will see non-existing attachments
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362077701164&w=2
Reference: BID:4092
Reference: URL:http://online.securityfocus.com/bid/4092

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR")
in a message header as if it were a valid carriage return/line feed
combination (CR/LF), which could allow remote attackers to bypass
virus protection and or other filtering mechanisms via a mail message
with headers that only contain the CR, which causes Outlook to create
separate headers.

Analysis
----------------
ED_PRI CAN-2002-0285 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0286
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0286
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020216 SiteNews remote add user exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101388393808699&w=2
Reference: BID:4046
Reference: URL:http://online.securityfocus.com/bid/4046

The GetPassword function in function.php of SiteNews 0.10 and 0.11
allows remote attackers to gain privileges and add users by providing
a non-existent user name and the MD5 checksum for an empty password to
add_user.php, which causes GetPassword to produce and compare a blank
password for the non-existent user.

Analysis
----------------
ED_PRI CAN-2002-0286 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0288
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0288
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2
Reference: BID:4117
Reference: URL:http://online.securityfocus.com/bid/4117

Directory traversal vulnerability in Phusion web server 1.0 allows
remote attackers to read arbitrary files via a ... (triple dot dot) in
the HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0288 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0289
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0289
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020217 Phusion-Webserver-v1.0-Bugs&Exploits-Remotes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101408906001958&w=2
Reference: BID:4118
Reference: URL:http://online.securityfocus.com/bid/4118
Reference: BID:4119
Reference: URL:http://online.securityfocus.com/bid/4119

Buffer overflow in Phusion web server 1.0 allows remote attackers to
cause a denial of service and execute arbitrary code via a long HTTP
request.

Analysis
----------------
ED_PRI CAN-2002-0289 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0291
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0291
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020218 Dino's Webserver v1.2 DoS, possible overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101415416513746&w=2
Reference: XF:dino-log-tag-bo(8233)
Reference: URL:http://www.iss.net/security_center/static/8233.php
Reference: BID:4123
Reference: URL:http://online.securityfocus.com/bid/4123

Dino's Webserver 1.2 allows remote attackers to cause a denial of
service (CPU consumption) and possibly execute arbitrary code via
several large HTTP requests within a short time.

Analysis
----------------
ED_PRI CAN-2002-0291 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007