[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-88 - 54 candidates



I am proposing cluster RECENT-88 for review and voting by the
Editorial Board.

Name: RECENT-88
Description: Candidates (mostly) reserved between 3/1/2002 and 4/30/2002
Size: 54

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve





Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0017
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0017
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020111
Category: SF
Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Reference: URL:http://www.iss.net/security_center/alerts/advise113.php
Reference: SGI:20020201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m
allows remote attackers to execute arbitrary code via an SNMP request.

Analysis
----------------
ED_PRI CAN-2002-0017 1
Vendor Acknowledgement: yes advisory

ABSTRACTION: while this issue may appear to be the same as
CAN-2002-0012 or CAN-2002-0013, it is addressed by a different patch,
so CD:SF-LOC suggests keeping this SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0040
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0040
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020116
Category: SF
Reference: SGI:20020306-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P

Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to
cause privileged applications to dump core via the HOSTALIASES
environment variable, which might allow the users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0040 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020202
Category: SF
Reference: BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)
Reference: URL:http://online.securityfocus.com/archive/1/244329
Reference: MS:MS02-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-016.asp

Windows 2000 allows local users to prevent the application of new
group policy settings by opening Group Policy files with
exclusive-read access.

Analysis
----------------
ED_PRI CAN-2002-0051 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020219
Category: CF
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html

Funk Software Proxy Host 3.x is installed with insecure permissions
for the registry and the file system.

Analysis
----------------
ED_PRI CAN-2002-0064 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020219
Category: SF
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html

Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host
password, which allows local users to gain privileges by recovering
the passwords from the PHOST.INI file or the Windows registry.

Analysis
----------------
ED_PRI CAN-2002-0065 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0066
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0066
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020219
Category: SF
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that
does not require authentication and is installed with insecure access
control, which allows local and possibly remote users to use the Proxy
Host's configuration utilities and gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0066 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: ATSTAKE:A041002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt
Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2
Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Buffer overflow in the ism.dll ISAPI extension that implements HTR
scripting in Internet Information Server (IIS) 4.0 and 5.0 allows
attackers to cause a denial of service or execute arbitrary code via
HTR requests with long variable names.

Analysis
----------------
ED_PRI CAN-2002-0071 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET
for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not
properly handle the error condition when a long URL is provided, which
allows remote attackers to cause a denial of service (crash) when the
URL parser accesses a null pointer.

Analysis
----------------
ED_PRI CAN-2002-0072 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and
5.1 allows attackers who have established an FTP session to cause
a denial of service via a specially crafted status request.

Analysis
----------------
ED_PRI CAN-2002-0073 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0074
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Cross-site scripting vulnerability in Help File search facility for
Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote
attackers to embed scripts into another user's session.

Analysis
----------------
ED_PRI CAN-2002-0074 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0075
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0075
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Cross-site scripting vulnerability for Internet Information Server
(IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary
script as other web users via the error message used in a URL redirect
(""302 Object Moved") message.

Analysis
----------------
ED_PRI CAN-2002-0075 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0076
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
Reference: SUN:00218
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218

Java Runtime Environment (JRE) Bytecode Verifier allows remote
attackers to escape the Java sandbox and execute commands via an
applet containing an illegal cast operation, as seen in (1) Microsoft
VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x,
(2) Netscape 6.2.1 and earlier, and possibly other implementations
that use vulnerable versions of SDK or JDK, aka a variant of the
"Virtual Machine Verifier" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0076 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: MS:MS02-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp

The zone determination function in Microsoft Internet Explorer 5.5 and
6.0 allows remote attackers to run scripts in the Local Computer zone
by embedding the script in a cookie, aka the "Cookie-based Script
Execution" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0078 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0079
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0079
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Buffer overflow in the chunked encoding transfer mechanism in Internet
Information Server (IIS) 4.0 and 5.0 Active Server Pages allows
attackers to cause a denial of service or execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0079 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0147
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0147
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Buffer overflow in the ASP data transfer mechanism in Internet
Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to
cause a denial of service or execute code, aka "Microsoft-discovered
variant of Chunked Encoding buffer overrun."

Analysis
----------------
ED_PRI CAN-2002-0147 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0148
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0148
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Cross-site scripting vulnerability in Internet Information Server
(IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary
script as other users via an HTTP error page.

Analysis
----------------
ED_PRI CAN-2002-0148 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0149
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0
and 5.1 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via long file names.

Analysis
----------------
ED_PRI CAN-2002-0149 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1
allows remote attackers to spoof the safety check for HTTP headers and
cause a denial of service or execute arbitrary code via HTTP header
field values.

Analysis
----------------
ED_PRI CAN-2002-0150 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0151
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793727306282&w=2
Reference: VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: MS:MS02-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-017.asp

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows
operating systems allows local users to cause a denial of service or
possibly gain SYSTEM privileges via a long UNC request.

Analysis
----------------
ED_PRI CAN-2002-0151 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2
Reference: MS:MS02-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp

Buffer overflow in various Microsoft applications for Macintosh allows
remote attackers to cause a denial of service (crash) or execute
arbitrary code by invoking the file:// directive with a large number
of / characters, which affects Internet Explorer 5.1, Outlook Express
5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and
98, and Excel v. X and 2001 for Macintosh.

Analysis
----------------
ED_PRI CAN-2002-0152 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass
security checks and invoke local AppleScripts within a specific HTML
element, aka the "Local Applescript Invocation" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0153 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020305 Another Sql Server 7 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101535353331625&w=2
Reference: BUGTRAQ:20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS02-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-020.asp

Buffer overflows in extended stored procedures for Microsoft SQL
Server 7.0 and 2000 allow remote attackers to cause a denial of
service or execute arbitrary code via a database query with certain
long arguments.

Analysis
----------------
ED_PRI CAN-2002-0154 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0159
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0159
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020327
Category: SF
Reference: BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

Format string vulnerability in the administration function in Cisco
Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and
3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN
module only (denial of service of administration function) or execute
arbitrary code via format strings in the URL to port 2002

Analysis
----------------
ED_PRI CAN-2002-0159 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0160
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0160
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020327
Category: SF
Reference: BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786689128667&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml

The administration function in Cisco Secure Access Control Server
(ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40),
allows remote attackers to read HTML, Java class, and image files
outside the web root via a ..\.. (modified ..) in the URL to port
2002.

Analysis
----------------
ED_PRI CAN-2002-0160 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0163
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0163
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020328
Category: SF
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Reference: FREEBSD:FreeBSD-SA-02:19
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101717809709222
Reference: MANDRAKE:MDKSA-2002:027
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php

Heap overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until
March 12, 2002 distributions, allows remote attackers to cause a
denial of service, and possibly execute arbitrary code, via compressed
DNS responses.

Analysis
----------------
ED_PRI CAN-2002-0163 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0164
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020402
Category: SF
Reference: CALDERA:CSSA-2002-009.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-009.0.txt

Vulnerability in the MIT-SHM extension of the X server on Linux allows
local users to read and write arbitrary shared memory, possibly to
cause a denial of service or gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0164 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020409
Category: SF
Reference: DEBIAN:DSA-125
Reference: URL:http://www.debian.org/security/2002/dsa-125

Cross-site scripting vulnerability in analog before 5.22 allows remote
attackers to execute Javascript via an HTTP request containing the
script, which is entered into a web logfile and not properly filtered
by analog during display.

Analysis
----------------
ED_PRI CAN-2002-0166 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020410
Category: SF
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: BID:4339
Reference: URL:http://online.securityfocus.com/bid/4339

Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted
images, which could allow attackers to cause a denial of service
(crash) and possibly execute arbitrary code via certain weaknesses of
NetPBM.

Analysis
----------------
ED_PRI CAN-2002-0167 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0168
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0168
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020410
Category: SF
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: BID:4336
Reference: URL:http://online.securityfocus.com/bid/4336

Vulnerability in Imlib before 1.9.13 allows attackers to cause a
denial of service (crash) and possibly execute arbitrary code by
manipulating arguments that are passed to malloc, which results in a
heap corruption.

Analysis
----------------
ED_PRI CAN-2002-0168 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2
Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/

Zope 2.2.0 through 2.5.1 does not properly verify the access for
objects with proxy roles, which could allow some users to access
documents in violation of the intended configuration.

Analysis
----------------
ED_PRI CAN-2002-0170 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0171
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: SGI:20020406-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P

IRISconsole 2.0 may allow users to log into the icadmin account with
an incorrect password in some circumstances, which could allow users
to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0171 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0172
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0172
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: CF
Reference: SGI:20020408-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with
insecure default permissions (644), which could allow a local user to
cause a denial of service (traffic disruption).

Analysis
----------------
ED_PRI CAN-2002-0172 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0173
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0173
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020411
Category: SF
Reference: SGI:20020409-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart
Software package on SGI IRIX 6.5.10 and earlier may allow local users
to gain root privileges.

Analysis
----------------
ED_PRI CAN-2002-0173 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020415
Category: SF
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: BID:4326
Reference: URL:http://online.securityfocus.com/bid/4326

libsafe 2.0-11 and earlier allows attackers to bypass protection
against format string vulnerabilities via format strings that use the
"'" and "I" characters, which are implemented in libc but not libsafe.

Analysis
----------------
ED_PRI CAN-2002-0175 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0176
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0176
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020415
Category: SF
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: BID:4327
Reference: URL:http://online.securityfocus.com/bid/4327

The printf wrappers in libsafe 2.0-11 and earlier do not properly
handle argument indexing specifiers, which could allow attackers to
exploit certain function calls through arguments that are not verified
by libsafe.

Analysis
----------------
ED_PRI CAN-2002-0176 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0179
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020417
Category: SF
Reference: DEBIAN:DSA-127
Reference: URL:http://www.debian.org/security/2002/dsa-127

Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows
remote attackers to execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0179 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0180
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020417
Category: SF
Reference: BUGTRAQ:20020415 Remote buffer overflow in Webalizer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673&w=2
Reference: CONFIRM:http://www.mrunix.net/webalizer/news.html

Buffer overflow in Webalizer 2.01-06, when configured to use reverse
DNS lookups, allows remote attackers to execute arbitrary code by
connecting to the monitored web server from an IP address that
resolves to a long hostname.

Analysis
----------------
ED_PRI CAN-2002-0180 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020417
Category: SF
Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2
Reference: DEBIAN:DSA-126
Reference: URL:http://www.debian.org/security/2002/dsa-126
Reference: CALDERA:CSSA-2002-016.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.0.txt

Cross-site scripting vulnerability in Horde before 1.2.8 and IMP
before 2.2.8 allows remote attackers to execute script and steal
cookies from other users.

Analysis
----------------
ED_PRI CAN-2002-0181 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020419
Category: SF
Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2
Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2
Reference: MANDRAKE:MDKSA-2002:028
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
Reference: DEBIAN:DSA-128
Reference: URL:http://www.debian.org/security/2002/dsa-128
Reference: REDHAT:RHSA-2002:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html
Reference: REDHAT:RHSA-2002:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html
Reference: ENGARDE:ESA-20020429-010
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html
Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2
Reference: CONECTIVA:CLA-2002:475
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
Reference: TRUSTIX:TSLSA-2002-0046
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2

Heap overflow in sudo before 1.6.6 may allow local users to gain root
privileges via special characters in the -p (prompt) argument, which
are not properly expanded.

Analysis
----------------
ED_PRI CAN-2002-0184 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1056
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1056
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020426
Category: SF
Reference: MS:MS02-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-021.asp
Reference: BID:4397
Reference: URL:http://online.securityfocus.com/bid/4397
Reference: BUGTRAQ:20020331 More Office XP Problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101760380418890&w=2

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word
as the email editor, does not block scripts that are used while
editing email messages in HTML or Rich Text Format (RTF), which could
allow remote attackers to execute arbitrary scripts via an email that
the user forwards or replies to.

Analysis
----------------
ED_PRI CAN-2002-1056 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0037
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0037
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020116
Category: SF

Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass
the intended Reader and Author access list for a document's object via
a Notes API call that directly accesses the object.

Analysis
----------------
ED_PRI CAN-2002-0037 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0039
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0039
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020116
Category: SF
Reference: SGI:20020306-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P

rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier
versions, allows remote attackers to cause a denial of service (crash)
via malformed RPC packets with invalid lengths.

Analysis
----------------
ED_PRI CAN-2002-0039 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION: while this advisory is clear about the cause of the
problem, HP:HPSBUX0110-169 (CAN-2001-1124) also discusses a DoS of a
core dump from malformed RPC requests.  However, that advisory is so
vague that it is not entirely clear whether it's addressing the same
vulnerability or not.  CD:VAGUE suggests that vague advisories (in
this case, the one from HP) should get their own candidate when there
is uncertainty due to vagueness.  However, in this case, offline
consultation with SGI demonstrates that CAN-2002-0039 and
CAN-2001-1124 are indeed the same issue.  Therefore they should be
merged.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0041
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0041
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020116
Category: SF
Reference: SGI:20020401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020401-01-P

Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly
earlier versions, allows local and remote attackers to cause a core
dump.

Analysis
----------------
ED_PRI CAN-2002-0041 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0077
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0077
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020221
Category: SF
Reference: BUGTRAQ:20020113 Internet Explorer Pop-Up OBJECT Tag Bug
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101103188711920&w=2
Reference: MS:MS02-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked
on an HTML page with the codebase property as part of Local Computer
zone, which allows remote attackers to invoke executables present on
the local system through objects such as the popup object, aka the
"Local Executable Invocation via Object tag" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0077 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0158
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0158
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020327
Category: SF
Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2
Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to
gain root privileges via a long -co (color database) command line
argument.

Analysis
----------------
ED_PRI CAN-2002-0158 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0162
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0162
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020328
Category: SF
Reference: BUGTRAQ:20020327 Root compromise through LogWatch 2.1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101724766216872
Reference: VULN-DEV:20020327 Root compromise through LogWatch 2.1.1
Reference: URL:http://online.securityfocus.com/archive/82/264233
Reference: CONFIRM:http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html
Reference: REDHAT:RHSA-2002:053
Reference: REDHAT:RHSA-2002:054

LogWatch before 2.5 allows local users to execute arbitrary code via a
symlink attack on the logwatch temporary file.

Analysis
----------------
ED_PRI CAN-2002-0162 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that when one vulnerability appears in
a different version than another, that there should be separate CVE
items, even if the problems are of the same type.  CAN-2002-0165
appears in 2.5; CAN-2002-0162 does not.  Therefore these items should
remain split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0165
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0165
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020404
Category: SF
Reference: BUGTRAQ:20020403 LogWatch 2.5 still vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787227513000&w=2
Reference: REDHAT:RHSA-2002:053
Reference: REDHAT:RHSA-2002:054

LogWatch 2.5 allows local users to gain root privileges via a symlink
attack, a different vulnerability than CAN-2002-0162.

Analysis
----------------
ED_PRI CAN-2002-0165 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that when one vulnerability appears in
a different version than another, that there should be separate CVE
items, even if the problems are of the same type.  CAN-2002-0165
appears in 2.5; CAN-2002-0162 does not.  Therefore these items should
remain split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020416
Category: SF
Reference: BUGTRAQ:20020402 icecast 1.3.11 remote shell/root exploit - #temp
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101780890326179&w=2
Reference: BUGTRAQ:20020403 Icecast temp patch (OR: Patches?  We DO need stinkin' patches!!@$!)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786838300906&w=2
Reference: BUGTRAQ:20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793704306035&w=2
Reference: CONFIRM:http://www.xiph.org/archives/icecast/2616.html
Reference: BID:4415
Reference: URL:http://online.securityfocus.com/bid/4415

Buffer overflows in icecast 1.3.11 and earlier allows remote attackers
to execute arbitrary code via a long HTTP GET request from an MP3
client.

Analysis
----------------
ED_PRI CAN-2002-0177 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: a post to a vendor mailing list includesd the
statement "Fix security exploit (icx.c)" - and icx.c is the exploit
provided in the Bugtraq post.

ABSTRACTION: the vendor patches indicate that multiple issues of the
same type (buffer overflow) may exist, so CD:SF-LOC recommends
combining them.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020419
Category: SF/CF/MP/SA/AN/unknown
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html

mod_python version 2.7.6 and earlier allows a module indirectly
imported by a published module to then be accessed via the publisher,
which allows remote attackers to call possibly dangerous functions
from the imported module.

Analysis
----------------
ED_PRI CAN-2002-0185 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0350
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0350
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020301 DoS on HP ProCurve 4000M switch (possibly others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101500123900612&w=2
Reference: BID:4212
Reference: URL:http://online.securityfocus.com/bid/4212
Reference: XF:hp-procurve-portscan-dos(8329)
Reference: URL:http://www.iss.net/security_center/static/8329.php

HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows
remote attackers to cause a denial of service via a port scan of the
management IP address, which disables the telnet service.

Analysis
----------------
ED_PRI CAN-2002-0350 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0351
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0351
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: DEBIAN:DSA-116
Reference: URL:http://www.debian.org/security/2002/dsa-116
Reference: XF:cfs-bo(8330)
Reference: URL:http://www.iss.net/security_center/static/8330.php
Reference: BID:4219
Reference: URL:http://online.securityfocus.com/bid/4219

Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x
before 1.4.1-5, allow remote attackers to cause a denial of service
and possibly execute arbitrary code.

Analysis
----------------
ED_PRI CAN-2002-0351 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0352
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0352
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020302 Phorum Discussion Board Security Bug (Email Disclosure)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101508207206900&w=2
Reference: BID:4226
Reference: URL:http://online.securityfocus.com/bid/4226
Reference: XF:phorum-admin-users-information(8344)
Reference: URL:http://www.iss.net/security_center/static/8344.php

Phorum 3.3.2 allows remote attackers to determine the email addresses
of the 10 most active users via a direct HTTP request to the stats.php
program, which does not require authentication.

Analysis
----------------
ED_PRI CAN-2002-0352 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0353
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0353
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF/CF/MP/SA/AN/unknown
Reference: CONECTIVA:CLA-2002:474
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00003.html

The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers
to cause a denial of service (crash) via a certain malformed packet,
which causes Ethereal to allocate memory incorrectly, possibly due to
zero-length fields.

Analysis
----------------
ED_PRI CAN-2002-0353 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0354
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0354
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020502
Assigned: 20020501
Category: SF
Reference: BUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102017952204097&w=2
Reference: NTBUGTRAQ:20020430 Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102020343728766&w=2

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7
allows remote attackers to read arbitrary files and list directories
on a client system by opening a URL that redirects the browser to the
file on the client, then reading the result using the responseText
property.

Analysis
----------------
ED_PRI CAN-2002-0354 3
Vendor Acknowledgement: yes
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007