[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-92 - 57 candidates

I am proposing cluster RECENT-92 for review and voting by the
Editorial Board.

Name: RECENT-92
Description: Candidates announced between 4/11/2002 and 4/30/2002
Size: 57

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve




Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0042
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: SGI:20020402-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P
Reference: XF:irix-xfs-dos(8839)
Reference: URL:http://www.iss.net/security_center/static/8839.php
Reference: BID:4511
Reference: URL:http://www.securityfocus.com/bid/4511

Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows
local users to cause a denial of service (hang) by creating a file
that is not properly processed by XFS.

Analysis
----------------
ED_PRI CAN-2002-0042 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0538
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0538
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html
Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
Reference: XF:raptor-firewall-ftp-bounce(8847)
Reference: URL:http://www.iss.net/security_center/static/8847.php
Reference: BID:4522
Reference: URL:h ttp://www.securityfocus.com/bid/4522

FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0
rewrites an FTP server's "FTP PORT" responses in a way that allows
remote attackers to redirect FTP data connections to arbitrary ports,
a variant of the "FTP bounce" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0538 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0542
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0542
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below
Reference: URL:http://online.securityfocus.com/archive/1/267089
Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101855467811695&w=2
Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail
Reference: XF:openbsd-mail-root-privileges(8818)
Reference: URL:http://www.iss.net/security_center/static/8818.php
Reference: BID:4495
Reference: URL:http://www.securityfocus.com/bid/4495

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in
a message even when it is not in interactive mode, which could allow
local users to gain root privileges via calls to mail in cron.

Analysis
----------------
ED_PRI CAN-2002-0542 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0571
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0571
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html
Reference: CIAC:M-071
Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
Reference: XF:oracle-ansi-sql-bypass-acl(8855)
Reference: URL:http://www.iss.net/security_center/static/8855.php
Reference: BID:4523
Reference: URL:http://www.securityfocus.com/bid/4523

Oracle Oracle9i database server 9.0.1.x allows local users to access
restricted data via a SQL query using ANSI outer join syntax.

Analysis
----------------
ED_PRI CAN-2002-0571 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0572
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0572
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020423 cheers
Reference: URL:http://online.securityfocus.com/archive/1/269102
Reference: BUGTRAQ:20020422 Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
Reference: URL:http://online.securityfocus.com/archive/1/268970
Reference: VULNWATCH:20020422 [VulnWatch] Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0033.html
Reference: FREEBSD:FreeBSD-SA-02:23
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc
Reference: BID:4568
Reference: URL:http://www.securityfocus.com/bid/4568

FreeBSD 4.5 and earlier, and possibly other BSA-based operating
systems, allows local users to write to or read from restricted files
by closing the file descriptors 0 (standard input), 1 (standard
output), or 2 (standard error), which may then be reused by a called
setuid process that intended to perform I/O on normal files.

Analysis
----------------
ED_PRI CAN-2002-0572 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0573
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0573
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://online.securityfocus.com/archive/1/270268
Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
Reference: CERT:CA-2002-10
Reference: URL:http://www.cert.org/advisories/CA-2002-10.html
Reference: CERT-VN:VU#638099
Reference: URL:http://www.kb.cert.org/vuls/id/638099
Reference: XF:solaris-rwall-format-string(8971)
Reference: URL:http://www.iss.net/security_center/static/8971.php
Reference: BID:4639
Reference: URL:http://www.securityfocus.com/bid/4639

Format string vulnerability in RPC wall daemon (rpc.rwalld) for
Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary
code via format strings in a message that is not properly provided to
the syslog function when the wall command cannot be executed.

Analysis
----------------
ED_PRI CAN-2002-0573 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0574
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0574
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:21
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc
Reference: BID:4539
Reference: URL:http://www.securityfocus.com/bid/4539

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to
cause a denial of service (memory exhaustion) via ICMP echo packets
that trigger a bug in ip_output() in which the reference count for a
routing table entry is not decremented, which prevents the entry from
being removed.

Analysis
----------------
ED_PRI CAN-2002-0574 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0575
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0575
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token)
Reference: URL:http://online.securityfocus.com/archive/1/269701
Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html
Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html
Reference: CALDERA:CSSA-2002-022.2
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt
Reference: BID:4560
Reference: URL:http://www.securityfocus.com/bid/4560
Reference: XF:openssh-sshd-kerberos-bo(8896)
Reference: URL:http://www.iss.net/security_center/static/8896.php

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with
Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing
enabled, allows remote and local authenticated users to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-0575 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0576
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0576
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/268263
Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Reference: BID:4542
Reference: URL:http://www.securityfocus.com/bid/4542
Reference: XF:coldfusion-dos-device-path-disclosure(8866)
Reference: URL:http://www.iss.net/security_center/static/8866.php

ColdFusion 5.0 and earlier on Windows systems allows remote attackers
to determine the absolute pathname of .cfm or .dbm files via an HTTP
request that contains an MS-DOS device name such as NUL, which leaks
the pathname in an error message.

Analysis
----------------
ED_PRI CAN-2002-0576 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0598
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://online.securityfocus.com/archive/1/268581
Reference: VULNWATCH:20020419 [VulnWatch] KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0030.html
Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html
Reference: XF:fscan-banner-format-string(8895)
Reference: URL:http://www.iss.net/security_center/static/8895.php
Reference: BID:4549
Reference: URL:http://www.securityfocus.com/bid/4549

Format string vulnerability in Foundstone FScan 1.12 with banner
grabbing enabled allows remote attackers to execute arbitrary code on
the scanning system via format string specifiers in the server banner.

Analysis
----------------
ED_PRI CAN-2002-0598 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: in an advisory dated April 24, 2002, Foundstone
states "Using FScan with banner selected via the -b command line
switch could cause a problem if the banner received from the remote
host contained C-style printf format specifiers e.g. percent symbols
that matched string or numeric format specifiers."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0599
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0599
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004
Reference: BID:4618
Reference: URL:http://www.securityfocus.com/bid/4618
Reference: XF:blahzdns-auth-bypass(8951)
Reference: URL:http://www.iss.net/security_center/static/8951.php

Blahz-DNS 0.2 and earlier allows remote attackers to bypass
authentication and modify configuration by directly requesting CGI
programs such as dostuff.php instead of going through the login
screen.

Analysis
----------------
ED_PRI CAN-2002-0599 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the fix for 0.25 says "Fixed the ability to bypass
login security by sending commands directly to the backend php files."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0601
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0601
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://www.iss.net/security_center/alerts/advise116.php
Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html
Reference: BID:4649
Reference: URL:http://www.securityfocus.com/bid/4649

ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers
to cause a denial of service (crash) via malformed DHCP packets that
cause RealSecure to dereference a null pointer.

Analysis
----------------
ED_PRI CAN-2002-0601 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0610
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0610
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: CIAC:M-075
Reference: URL:http://www.ciac.org/ciac/bulletins/m-075.shtml
Reference: HP:HPSBMP0204-014
Reference: URL:http://online.securityfocus.com/advisories/4082
Reference: BID:4652
Reference: URL:http://www.securityfocus.com/bid/4652
Reference: XF:hp-mpeix-ftp-access(8990)
Reference: URL:http://www.iss.net/security_center/static/8990.php

Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not
properly validate certain FTP commands, which allows attackers to gain
privileges.

Analysis
----------------
ED_PRI CAN-2002-0610 1
Vendor Acknowledgement: yes advisory

ABSTRACTION/INCLUSION: this advisory is too vague to know what type of
vulnerability it is fixing, and whether this is a duplicate of other
more detailed reports of FTP server vulnerabilities. However, CD:VAGUE
does suggest that the issue should at least be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0613
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0613
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html
Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz
Reference: BID:4617
Reference: URL:http://www.securityfocus.com/bid/4617
Reference: XF:dnstools-auth-bypass(8948)
Reference: URL:http://www.iss.net/security_center/static/8948.php

dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote
attackers to bypass authentication and gain privileges by setting the
user_logged_in or user_dnstools_administrator parameters.

Analysis
----------------
ED_PRI CAN-2002-0613 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog.txt for Release 2.0 Beta 5 includes an
entry dated 2002-04-27 which states: "Fixed major security hole in URL
spoofing. No longer trusts the variables $is_logged_in or
$user_dnstools_administrator."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0539
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0539
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html
Reference: BUGTRAQ:20020417 Demarc Security Update Advisory
Reference: URL:http://online.securityfocus.com/archive/1/267941
Reference: XF:puresecure-sql-injection(8854)
Reference: URL:http://www.iss.net/security_center/static/8854.php
Reference: BID:4520
Reference: URL:http://www.securityfocus.com/bid/4520

Demarc PureSecure 1.05 allows remote attackers to gain administrative
privileges via a SQL injection attack in a session ID that is stored
in the s_key cookie.

Analysis
----------------
ED_PRI CAN-2002-0539 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0553
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0553
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html
Reference: XF:sunshop-new-cust-css(8840)
Reference: URL:http://www.iss.net/security_center/static/8840.php
Reference: BID:4506
Reference: URL:http://www.securityfocus.com/bid/4506

Cross-site scripting vulnerability in SunShop 2.5 and earlier allows
remote attackers to gain administrative privileges to SunShop by
injecting the script into fields during new customer registration.

Analysis
----------------
ED_PRI CAN-2002-0553 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: An e-mail inquiry sent to support@turnkeywebtools.com
on June 3, 2002.  A response was sent within an hour, saying "a patch
was released before that vulnerability was released.  If you upgrade
to 2.6 you will have no worries."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0375
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0375
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020509
Category: SF
Reference: VULN-DEV:20020417 Smalls holes on 5 products #1
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101908986415768&w=2
Reference: BUGTRAQ:20020510 Fix available for Sgdynamo
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107488402057&w=2

Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows
remote attackers to execute arbitrary Javascript via a URL with the
script in the HTNAME parameter.

Analysis
----------------
ED_PRI CAN-2002-0375 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0389
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0389
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020523
Category: SF
Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101902003314968&w=2
Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103

Pipermail in Mailman stores private mail messages with predictable
filenames in a world-executable directory, which allows local users to
read private mailing list archives

Analysis
----------------
ED_PRI CAN-2002-0389 3
Vendor Acknowledgement: no disputed

INCLUSION: In a response to the bug report, the vendor says "I'm not
inclined to fix this, since this arrangement is crucial to the web
security of private archives."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0518
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0518
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: FREEBSD:FreeBSD-SA-02:20
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc
Reference: XF:bsd-syncache-inpcb-dos(8875)
Reference: URL:http://www.iss.net/security_center/static/8875.php
Reference: BID:4524
Reference: URL:http://www.securityfocus.com/bid/4524

The SYN cache (syncache) and SYN cookie (syncookie) mechanism in
FreeBSD 4.5 and earlier allows remote attackers to cause a denial of
service (crash) (a) via a SYN packet that is accepted using syncookies
that causes a null pointer to be referenced for the socket's TCP
options, or (b) by killing and restarting a process that listens on
the same socket, which does not properly clear the old inpcb pointer
on restart.

Analysis
----------------
ED_PRI CAN-2002-0518 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0525
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0525
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 Inn (Inter Net News) security problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html
Reference: BID:4501
Reference: URL:http://www.securityfocus.com/bid/4501
Reference: XF:inn-rnews-inews-format-string(8834)
Reference: URL:http://www.iss.net/security_center/static/8834.php

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3
and earlier allow local users and remote malicious NNTP servers to
gain privileges via format string specifiers in NTTP responses.

Analysis
----------------
ED_PRI CAN-2002-0525 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0526
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0526
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 Inn (Inter Net News) security problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html

Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier,
related to insecure open() calls.

Analysis
----------------
ED_PRI CAN-2002-0526 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

INCLUSION: the discloser alludes to "unsecure open() calls" but
provides no other details. There is no mention of security issues from
the vendor.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0529
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0529
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: CF
Reference: BUGTRAQ:20020414 Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0169.html
Reference: BID:4518
Reference: URL:http://www.securityfocus.com/bid/4518
Reference: XF:macos-photosmart-weak-permissions(8856)
Reference: URL:http://www.iss.net/security_center/static/8856.php

HP Photosmart printer driver for Mac OS X installs the
hp_imaging_connectivity program and the hp_imaging_connectivity.app
directory with world-writable permissions, which allows local users to
gain privileges of other Photosmart users by replacing
hp_imaging_connectivity with a Trojan horse.

Analysis
----------------
ED_PRI CAN-2002-0529 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0534
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0534
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard
Reference: URL:http://online.securityfocus.com/archive/1/267936
Reference: XF:postboard-bbcode-dos(8883)
Reference: URL:http://www.iss.net/security_center/static/8883.php
Reference: BID:4562
Reference: URL:http://www.securityfocus.com/bid/4562

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to
cause a denial of service (CPU consumption) and corrupt the database
via null \0 characters within [code] tags.

Analysis
----------------
ED_PRI CAN-2002-0534 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

ABSTRACTION: CD:SF-CODEBASE suggests that if the same issue is in
multiple products that stem from the same codebase, then the issue
should be combined. In this case, the same issue appears in both phpBB
and PostBoard. While the discloser of the PostBoard issue says that it
looks like the code was cut-and-pasted from phpBB, there is no
independent evidence that the two products are linked (e.g., there are
no vendor statements to this effect). So, the two issues have been
SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0535
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0535
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020416 Multiple Vulnerabilities in PostBoard
Reference: URL:http://online.securityfocus.com/archive/1/267936
Reference: BID:4559
Reference: URL:http://www.securityfocus.com/bid/4559
Reference: XF:postboard-img-css(8881)
Reference: URL:http://www.iss.net/security_center/static/8881.php

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier
allows remote attackers to execute script as other users via (1) an
[IMG] tag when BBCode is enabled, or (2) in a topic title.

Analysis
----------------
ED_PRI CAN-2002-0535 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0537
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0537
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 SWS Vuln (small but important to those using it.)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html
Reference: XF:sws-insecure-admin-page(8849)
Reference: URL:http://www.iss.net/security_center/static/8849.php
Reference: BID:4503
Reference: URL:http://www.securityfocus.com/bid/4503

The admin.html file in StepWeb Search Engine (SWS) 2.5 stores
passwords in links to manager.pl, which allows remote attackers who
can access the admin.html file to gain administrative privileges to
SWS.

Analysis
----------------
ED_PRI CAN-2002-0537 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0540
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0540
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020419 Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html
Reference: BUGTRAQ:20020413 Nortel CVX 1800s will dump all local user names and passwords  via SNMP
Reference: URL:http://online.securityfocus.com/archive/1/267627
Reference: XF:nortel-default-snmp-string(8848)
Reference: URL:http://www.iss.net/security_center/static/8848.php
Reference: BID:4507
Reference: URL:http://www.securityfocus.com/bid/4507

Nortel CVX 1800 is installed with a default "public" community string,
which allows remote attackers to read usernames and passwords and
modify the CVX configuration.

Analysis
----------------
ED_PRI CAN-2002-0540 3
Vendor Acknowledgement: yes followup
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0541
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0541
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 iXsecurity.20020328.tivoli_tsm_dsmsvc.a
Reference: URL:http://online.securityfocus.com/archive/1/267143
Reference: BUGTRAQ:20020411 iXsecurity.20020327.tivoli_tsm_dsmcad.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0126.html
Reference: AIXAPAR:IC33211
Reference: CONFIRM:http://www.tivoli.com/support/storage_mgr/flash_httpport.html
Reference: AIXAPAR:IC33212
Reference: BID:4500
Reference: URL:http://www.securityfocus.com/bid/4500
Reference: BID:4492
Reference: URL:http://www.securityfocus.com/bid/4492
Reference: XF:tivoli-storagemanager-client-bo(8817)
Reference: URL:http://www.iss.net/security_center/static/8817.php
Reference: XF:tivoli-storagemanager-login-bo(8825)
Reference: URL:http://www.iss.net/security_center/static/8825.php

Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage
Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2
and 5.1, allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a long HTTP GET request to
port 1580 or port 1581.

Analysis
----------------
ED_PRI CAN-2002-0541 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

ABSTRACTION: CD:SF-EXEC suggests that if multiple executables in the
same package by the same vendor have the same issue, then they should
be MERGED. The client and server are both part of the TSM package.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0552
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0552
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020414 Vulnerabilities in the Melange Chat Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0157.html
Reference: BUGTRAQ:20020416 Melange Chat POC DOS
Reference: URL:http://online.securityfocus.com/archive/1/267932
Reference: BID:4510
Reference: URL:http://www.securityfocus.com/bid/4510
Reference: XF:melange-chat-config-bo(8845)
Reference: URL:http://www.iss.net/security_center/static/8845.php
Reference: XF:melange-chat-yell-bo(8842)
Reference: URL:http://www.iss.net/security_center/static/8842.php
Reference: BID:4508
Reference: URL:http://www.securityfocus.com/bid/4508
Reference: BID:4509
Reference: URL:http://www.securityfocus.com/bid/4509
Reference: XF:melange-chat-filename-bo(8846)
Reference: URL:http://www.iss.net/security_center/static/8846.php

Multiple buffer overflows in Melange Chat server 2.02 allow remote or
local attackers to cause a denial of service (crash) and possibly
execute arbitrary code via (1) a long argument in the /yell command,
(2) long lines in the /etc/melange.conf configuration file, (3) long
file names, or possibly other attacks.

Analysis
----------------
ED_PRI CAN-2002-0552 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ACCURACY: while the /yell argument can be triggered remotely, it is
not clear whether the other overflows can be exploited by anybody
other than the user who starts Melange. According to the Makefile.in
for the server in the 2.0.2 beta code, the melange binary is not
installed setuid or setgid, and /etc/melange.conf is not installed
group- or world-writable. It should also be noted that the discloser
provides a number of patches, some of which may be for remote
overflows that were not specifically mentioned by the discloser.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0554
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0554
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 IBM Informix Web DataBlade: SQL injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html
Reference: BID:4496
Reference: URL:http://www.securityfocus.com/bid/4496
Reference: XF:informix-wdm-sql-injection(8826)
Reference: URL:http://www.iss.net/security_center/static/8826.php

webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers
to bypass user access levels or read arbitrary files via a SQL
injection attack in an HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0554 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0555
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0555
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category: SF
Reference: BUGTRAQ:20020411 IBM Informix Web DataBlade: Auto-decoding HTML entities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0137.html
Reference: BID:4498
Reference: URL:http://www.securityfocus.com/bid/4498
Reference: XF:informix-wbm-sql-decoding(8827)
Reference: URL:http://www.iss.net/security_center/static/8827.php

IBM Informix Web DataBlade 4.12 unescapes user input even if an
application has escaped it, which could allow remote attackers to
execute SQL code in a web form even when the developer has attempted
to escape it.

Analysis
----------------
ED_PRI CAN-2002-0555 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0577
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0577
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: HP:HPSBUX0204-191
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0023.html
Reference: BID:4582
Reference: URL:http://www.securityfocus.com/bid/4582
Reference: XF:hpux-passwd-dos(8939)
Reference: URL:http://www.iss.net/security_center/static/8939.php

Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users
to corrupt the password file and cause a denial of service.

Analysis
----------------
ED_PRI CAN-2002-0577 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0579
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0579
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4552
Reference: URL:http://www.securityfocus.com/bid/4552
Reference: XF:xpede-insecure-admin-scripts(8900)
Reference: URL:http://www.iss.net/security_center/static/8900.php

WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as
an Xpede administrator via a direct HTTP request to the
/admin/adminproc.asp script, which does not prompt for a password.

Analysis
----------------
ED_PRI CAN-2002-0579 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0580
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0580
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4553
Reference: URL:http://www.securityfocus.com/bid/4553
Reference: XF:xpede-datasource-reveal-account(8902)
Reference: URL:http://www.iss.net/security_center/static/8902.php

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database
username via a request to datasource.asp, which leaks the username in
a form and allows the attacker to more easily conduct brute force
password guessing attacks.

Analysis
----------------
ED_PRI CAN-2002-0580 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0581
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0581
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4555
Reference: URL:http://www.securityfocus.com/bid/4555
Reference: XF:xpede-sprc-sql-injection(8903)
Reference: URL:http://www.iss.net/security_center/static/8903.php

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary
SQL commands and read, modify, or steal credentials from the database
via the Qry parameter in the sprc.asp script.

Analysis
----------------
ED_PRI CAN-2002-0581 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0582
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0582
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4554
Reference: URL:http://www.securityfocus.com/bid/4554
Reference: XF:xpede-expense-directory-permissions(8905)
Reference: URL:http://www.iss.net/security_center/static/8905.php

WorkforceROI Xpede 4.1 stores temporary expense claim reports in a
world-readable and indexable /reports/temp directory, which allows
remote attackers to read the reports by accessing the directory.

Analysis
----------------
ED_PRI CAN-2002-0582 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests SPLITTING items of different types. If
the "indexable and readable /reports/temp" problem were fixed, the
system would still be vulnerable to the "brute force guessing" attack.
So, these issues are treated as separate items, even though they are
closely related.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0583
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0583
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4554
Reference: URL:http://www.securityfocus.com/bid/4554
Reference: XF:xpede-expense-directory-permissions(8905)
Reference: URL:http://www.iss.net/security_center/static/8905.php

WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric
characters) for temporary expense claim reports in the /reports/temp
directory, which allows remote attackers to read the reports via a
brute force attack.

Analysis
----------------
ED_PRI CAN-2002-0583 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests SPLITTING items of different types. If
the "indexable and readable /reports/temp" problem were fixed, the
system would still be vulnerable to the "brute force guessing" attack.
So, these issues are treated as separate items, even though they are
closely related.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0584
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0584
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Xpede many vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html
Reference: BID:4556
Reference: URL:http://www.securityfocus.com/bid/4556
Reference: XF:xpede-timesheet-disclosure(8907)
Reference: URL:http://www.iss.net/security_center/static/8907.php

WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets
by modifying the TSN ID parameter to the ts_app_process.asp script,
which is easily guessable because it is incremented by 1 for each new
timesheet.

Analysis
----------------
ED_PRI CAN-2002-0584 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0586
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0586
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
Reference: BID:4535
Reference: URL:http://www.securityfocus.com/bid/4535
Reference: XF:aolserver-dbproxy-format-string(8860)
Reference: URL:http://www.iss.net/security_center/static/8860.php

Format string vulnerability in Ns_PdLog function for the external
database driver proxy daemon library (libnspd.a) of AOLServer 3.0
through 3.4.2 allows remote attackers to execute arbitrary code via
the Error or Notice parameters.

Analysis
----------------
ED_PRI CAN-2002-0586 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0587
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0587
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
Reference: CONFIRM:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152

Buffer overflow in Ns_PdLog function for the external database driver
proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows
remote attackers to cause a denial of service or execute arbitrary
code via the Error or Notice parameters.

Analysis
----------------
ED_PRI CAN-2002-0587 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

INCLUSION: the original posters specifically state that they found "a
format string and a buffer overflow vulnerability." The patch to log.c
clearly indicates a fix for an overflow (vsprintf changed to
vsnprintf).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0588
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0588
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
Reference: URL:http://online.securityfocus.com/archive/1/268231
Reference: CONFIRM:http://orbit-net.net:8001/php/pvote/
Reference: XF:pvote-add-delete-polls(8877)
Reference: URL:http://www.iss.net/security_center/static/8877.php
Reference: BID:4540
Reference: URL:http://www.securityfocus.com/bid/4540

PVote before 1.9 does not authenticate users for restricted
operations, which allows remote attackers to add or delete polls by
modifying parameters to (1) add.php or (2) del.php.

Analysis
----------------
ED_PRI CAN-2002-0588 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: the change log for 1.9 includes an item dated
Thursday, 18 April 2002, which says "Major security bugfixes thanks to
[the Bugtraq poster.]"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0589
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0589
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020418 [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
Reference: URL:http://online.securityfocus.com/archive/1/268231
Reference: CONFIRM:http://orbit-net.net:8001/php/pvote/
Reference: XF:pvote-change-admin-password(8878)
Reference: URL:http://www.iss.net/security_center/static/8878.php
Reference: BID:4541
Reference: URL:http://www.securityfocus.com/bid/4541

PVote before 1.9 allows remote attackers to change the administrative
password and gain privileges by directly calling ch_info.php with the
newpass and confirm parameters both set to the new password.

Analysis
----------------
ED_PRI CAN-2002-0589 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: the change log for 1.9 includes an item dated
Thursday, 18 April 2002, which says "Major security bugfixes thanks to
[the Bugtraq poster.]"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0590
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0590
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html
Reference: BID:4548
Reference: URL:http://www.securityfocus.com/bid/4548
Reference: XF:incredibb-html-css(8879)
Reference: URL:http://www.iss.net/security_center/static/8879.php

Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows
remote attackers to execute arbitrary script and steal cookies as
other IcrediBB users via the (1) title or (2) body of posts.

Analysis
----------------
ED_PRI CAN-2002-0590 3
Vendor Acknowledgement:
Content Decisions: EX-BETA

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0591
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0591
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 AIM's 'Direct Connection' feature could lead to arbitrary file creation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0203.html
Reference: BID:4526
Reference: URL:http://www.securityfocus.com/bid/4526
Reference: XF:aim-direct-connection-files(8870)
Reference: URL:http://www.iss.net/security_center/static/8870.php

Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8
beta and earlier allows remote attackers to create arbitrary files and
execute commands via a Direct Connection with an IMG tag with a SRC
attribute that specifies the target filename.

Analysis
----------------
ED_PRI CAN-2002-0591 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0592
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0592
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020421 AIM Remote File Transfer/Direct Connection Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/269006
Reference: BID:4574
Reference: URL:http://www.securityfocus.com/bid/4574

AOL Instant Messenger (AIM) allows remote attackers to steal files
that are being transferred to other clients by connecting to port 4443
(Direct Connection) or port 5190 (file transfer) before the intended
user.

Analysis
----------------
ED_PRI CAN-2002-0592 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0593
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0593
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: BID:4637
Reference: URL:http://www.securityfocus.com/bid/4637

Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a long channel name in an IRC URI.

Analysis
----------------
ED_PRI CAN-2002-0593 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-CLIENT-DOS

ABSTRACTION: the problem as indicated by the Bugtraq poster could be
due to something other than an exploitable overflow. If the bug merely
causes a client crash, then CD:EX-CLIENT-DOS suggests that it should
not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0594
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0594
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: BID:4640
Reference: URL:http://www.securityfocus.com/bid/4640

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to
determine the existence of files on the client system via a LINK
element in a Cascading Style Sheet (CSS) page that causes an HTTP
redirect.

Analysis
----------------
ED_PRI CAN-2002-0594 3
Vendor Acknowledgement: yes advisory
Content Decisions: EX-CLIENT-DOS

ABSTRACTION: the problem as indicated by the Bugtraq poster could be
due to something other than an exploitable overflow. If the bug merely
causes a client crash, then CD:EX-CLIENT-DOS suggests that it should
not be included in CVE.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0595
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0595
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
Reference: XF:webtrends-long-string-bo(8864)
Reference: URL:http://www.iss.net/security_center/static/8864.php
Reference: BID:4531
Reference: URL:http://www.securityfocus.com/bid/4531

Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends
Reporting Center 4.0d allows remote attackers to execute arbitrary
code via a long HTTP GET request to the /reports/ directory.

Analysis
----------------
ED_PRI CAN-2002-0595 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0596
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0596
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020416 Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0207.html
Reference: XF:webtrends-profile-path-disclosure(8865)
Reference: URL:http://www.iss.net/security_center/static/8865.php

WebTrends Reporting Center 4.0d allows remote attackers to determine
the realt path of the web server via a GET request to get_od_toc.pl
with an empty Profile parameter, which leaks the pathname in an error
message.

Analysis
----------------
ED_PRI CAN-2002-0596 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0597
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0597
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/268066
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html
Reference: XF:win2k-lanman-dos(8867)
Reference: URL:http://www.iss.net/security_center/static/8867.php
Reference: BID:4532
Reference: URL:http://www.securityfocus.com/bid/4532

LANMAN service on Microsoft Windows 2000 allows remote attackers to
cause a denial of service (CPU/memory exhaustion) via a stream of
malformed data to microsoft-ds port 445.

Analysis
----------------
ED_PRI CAN-2002-0597 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: a number of data sources suggest that KB article
Q320751 addresses this issue, but it could not be found on the
Microsoft web site as of 20020610.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0600
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0600
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020424 A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0339.html
Reference: XF:kerberos4-ftp-client-overflow(8938)
Reference: URL:http://www.iss.net/security_center/static/8938.php
Reference: BID:4592
Reference: URL:http://online.securityfocus.com/bid/4592

Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote
malicious servers to execute arbitrary code on the client via a long
response to a passive (PASV) mode request.

Analysis
----------------
ED_PRI CAN-2002-0600 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0606
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0606
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020429 3CDaemon DoS exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html
Reference: BID:4638
Reference: URL:http://www.securityfocus.com/bid/4638
Reference: XF:3cdaemon-ftp-bo(8970)
Reference: URL:http://www.iss.net/security_center/static/8970.php

Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via long commands such as login.

Analysis
----------------
ED_PRI CAN-2002-0606 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0607
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0607
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020419 Snitz Forums 2000 remote SQL query manipulation vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html
Reference: CONFIRM:http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770
Reference: XF:snitz-members-sql-injection(8898)
Reference: URL:http://www.iss.net/security_center/static/8898.php
Reference: BID:4558
Reference: URL:http://www.securityfocus.com/bid/4558

members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows
remote attackers to execute arbitrary code via a SQL injection attack
on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4)
LastName, or (5) INITIAL.

Analysis
----------------
ED_PRI CAN-2002-0607 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

ACKNPOWLEDGEMENT: in an online security forum, the vendor includes an
item dated April 23, 2002, which states "There is a security bug in
members.asp," offering a patch that clearly deals with clearing SQL
injection attacks. ACCURACY: the parameters besides M_NAME were
inferred from the vendor patch.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0608
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0608
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020422 Matu FTP remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0310.html
Reference: XF:matu-ftp-long-string-bo(8911)
Reference: URL:http://www.iss.net/security_center/static/8911.php
Reference: BID:4572
Reference: URL:http://www.securityfocus.com/bid/4572

Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to
execute arbitrary code via a long "220" banner.

Analysis
----------------
ED_PRI CAN-2002-0608 3
Vendor Acknowledgement: unknown foreign

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0609
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0609
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: HP:HPSBMP0204-013
Reference: URL:http://online.securityfocus.com/advisories/4047
Reference: XF:hp-mpeix-ip-dos(8901)
Reference: URL:http://www.iss.net/security_center/static/8901.php
Reference: BID:4536
Reference: URL:http://www.securityfocus.com/bid/4536

Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a
denial of service (system failure with "SA1457 out of
i_port_timeout.fix_up_message_frame") via malformed IP packets.

Analysis
----------------
ED_PRI CAN-2002-0609 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0611
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0611
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: VULN-DEV:20020416 FileSeek cgi script advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
Reference: XF:fileseek-cgi-directory-traversal(8858)
Reference: URL:http://www.iss.net/security_center/static/8858.php

Directory traversal vulnerability in FileSeek.cgi allows remote
attackers to read arbitrary files via a ....// (modified dot dot) in
the (1) head or (2) foot parameters, which are not properly filtered.

Analysis
----------------
ED_PRI CAN-2002-0611 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0612
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0612
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: VULN-DEV:20020416 FileSeek cgi script advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0132.html
Reference: XF:fileseek-cgi-command-execution(8857)
Reference: URL:http://www.iss.net/security_center/static/8857.php

FileSeek.cgi allows remote attackers to execute arbitrary commands via
shell metacharacters in the (1) head or (2) foot parameters.

Analysis
----------------
ED_PRI CAN-2002-0612 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0614
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0614
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020426 PHP-Survey Database Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0383.html
Reference: BID:4612
Reference: URL:http://www.securityfocus.com/bid/4612
Reference: XF:phpsurvey-global-reveal-info(8950)
Reference: URL:http://www.iss.net/security_center/static/8950.php

PHP-Survey 20000615 and earlier stores the global.inc file under the
web root, which allows remote attackers to obtain sensitive
information, including database credentials, if .inc files are not
preprocessed by the server.

Analysis
----------------
ED_PRI CAN-2002-0614 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007