[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-93 - 45 candidates

I am proposing cluster RECENT-93 for review and voting by the
Editorial Board.

Name: RECENT-93
Description: Candidates announced between 5/1/2002 and 6/6/2002
Size: 45

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0032
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference: URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#172315
Reference: URL:http://www.kb.cert.org/vuls/id/172315
Reference: BID:4838
Reference: URL:http://www.securityfocus.com/bid/4838

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to
execute arbitrary script as other users via the addview parameter of a
ymsgr URI.

Analysis
----------------
ED_PRI CAN-2002-0032 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0033
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html
Reference: CERT:CA-2002-11
Reference: URL:http://www.cert.org/advisories/CA-2002-11.html
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Reference: CERT-VN:VU#635811
Reference: URL:http://www.kb.cert.org/vuls/id/635811
Reference: BID:4674
Reference: URL:http://www.securityfocus.com/bid/4674

Heap overflow in cfsd_calloc function of Solaris cachefsd allows
remote attackers to execute arbitrary code via a request with a long
directory and cache name.

Analysis
----------------
ED_PRI CAN-2002-0033 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020318
Category: SF
Reference: REDHAT:RHSA-2002:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html

fetchmail email client before 5.9.10 does not properly limit the
maximum number of messages available, which allows a remote IMAP
server to overwrite memory via a message count that exceeds the
boundaries of an array.

Analysis
----------------
ED_PRI CAN-2002-0146 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0155
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020319
Category: SF
Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2
Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: MS:MS02-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-022.asp
Reference: CERT:CA-2002-13
Reference: URL:http://www.cert.org/advisories/CA-2002-13.html

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN
Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6,
allows remote attackers to execute arbitrary code via a long ResDLL
parameter in the MSNChat OCX.

Analysis
----------------
ED_PRI CAN-2002-0155 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0157
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0157
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020325
Category: SF
Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0
Reference: BID:4373
Reference: URL:http://www.securityfocus.com/bid/4373
Reference: REDHAT:RHSA-2002:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary
files via a symlink attack on the .nautilus-metafile.xml metadata
file.

Analysis
----------------
ED_PRI CAN-2002-0157 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020411
Category: CF
Reference: REDHAT:RHSA-2002:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is
installed with an insecure option enabled, which could allow users to
overwrite files outside of the current directory from an untrusted
document by using a full pathname as an element identifier.

Analysis
----------------
ED_PRI CAN-2002-0169 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0174
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020411
Category: SF
Reference: SGI:20020501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I

nsd on SGI IRIX before 6.5.11 allows local users to overwrite
arbitrary files and gain root privileges via a symlink attack on the
nsd.dump file.

Analysis
----------------
ED_PRI CAN-2002-0174 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to
execute arbitrary code via malformed Content-Disposition and
Content-Type header fields that cause the application for the spoofed
file type to pass the file back to the operating system for handling
rather than raise an error message, aka the second variant of the
"Content Disposition" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0188 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0190
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0190
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers
to execute arbitrary code under fewer security restrictions via a
malformed web page that requires NetBIOS connectivity, aka "Zone
Spoofing through Malformed Web Page" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0190 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0191
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0191
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp
Reference: XF:ie-css-read-files (8740)
Reference: URL:http://www.iss.net/security_center/static/8740.php
Reference: BID:4411
Reference: URL:http://online.securityfocus.com/bid/4411

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers
to view arbitrary files that contain the "{" character via script
containing the cssText property of the stylesheet object, aka "Local
Information Disclosure through HTML Object" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0191 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0192
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0192
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

Microsoft Internet Explorer 5.01 and 6.0 allows remote attackers to
execute arbitrary code by modifying the Content-Disposition and
Content-Type header fields to cause the application for the spoofed
file type to pass the file back to the operating system for handling
rather than raise an error message, aka the first variant of the
"Content Disposition" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0192 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0193
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to
execute arbitrary code via malformed Content-Disposition and
Content-Type header fields that cause the application for the spoofed
file type to pass the file back to the operating system for handling
rather than raise an error message, aka the first variant of the
"Content Disposition" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0193 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0355
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0355
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020503-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I
Reference: BID:4682
Reference: URL:http://www.securityfocus.com/bid/4682
Reference: XF:irix-netstat-file-existence(9023)
Reference: URL:http://www.iss.net/security_center/static/9023.php

netstat in SGI IRIX before 6.5.12 allows local users to determine the
existence of files on the system, even if the users do not have the
appropriate permissions.

Analysis
----------------
ED_PRI CAN-2002-0355 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0356
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0356
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020504-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX
6.5.10 and earlier allows local users to gain root privileges by
overwriting critical system files.

Analysis
----------------
ED_PRI CAN-2002-0356 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P

Vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX
6.5.15 and earlier allows local users to gain root privileges.

Analysis
----------------
ED_PRI CAN-2002-0357 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0358
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: SGI:20020602-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I

MediaMail and MedialMail Pro in SGI IRIX 6.5.16 and earlier allows
local users to force the program to dump core via certain arguments,
which could allow the users to read sensitive data or gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0358 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0368
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020508
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS02-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-025.asp

The Store Service in Microsoft Exchange 2000 allows remote attackers
to cause a denial of service (CPU consumption) via a mail message with
a malformed RFC message attribute, aka "Malformed Mail Attribute can
Cause Exchange 2000 to Exhaust CPU Resources."

Analysis
----------------
ED_PRI CAN-2002-0368 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0369
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0369
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: MS:MS02-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-026.asp

Buffer overflow in ASP.NET Worker Process allows remote attackers to
cause a denial of service (restart) and possibly execute arbitrary
code via a routine that processes cookies while in StateServer mode.

Analysis
----------------
ED_PRI CAN-2002-0369 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0374
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020508
Category: SF
Reference: BUGTRAQ:20020506 ldap vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102070762606525&w=2
Reference: VULNWATCH:20020506 [VulnWatch] ldap vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
Reference: REDHAT:RHSA-2002:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html

Format string vulnerability in the logging function for the pam_ldap
PAM LDAP module before version 144 allows attackers to execute
arbitrary code via format strings in the configuration file name.

Analysis
----------------
ED_PRI CAN-2002-0374 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0377
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0377
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020514
Category: SF
Reference: BUGTRAQ:20020512 Gaim abritary Email Reading
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog

Gaim 0.57 stores sensitive information in world-readable and
group-writable files in the /tmp directory, which allows local users
to access MSN web email accounts of other users who run Gaim by
reading authentication information from the files.

Analysis
----------------
ED_PRI CAN-2002-0377 1
Vendor Acknowledgement: yes

ACKNOWLEDGEMENT: The Change Log for Gaim version 0.58, dated May 13,
says "Tempfiles used for secure MSN/HotMail login (added in 0.57) are
now themselves created securely."  In addition to a statement on the
vendor's News page, dated May 14, regarding "the fix to the recent
BugTraq posting about Gaim," this is sufficient acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0379
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020517
Category: SF
Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2
Reference: REDHAT:RHSA-2002:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html

Buffer overflow in University of Washington imap server (uw-imapd)
imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy
RFC 1730 support, and imapd 2000.287 and earlier, allows remote
authenticated users to execute code via long mailbox attribute
requests.

Analysis
----------------
ED_PRI CAN-2002-0379 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0380
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020517
Category: SF
Reference: REDHAT:RHSA-2001:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html

Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers
to cause a denial of service and possibly execute arbitrary code via
an NFS packet.

Analysis
----------------
ED_PRI CAN-2002-0380 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0388
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0388
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020523
Category: SF/CF/MP/SA/AN/unknown
Reference: CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow
remote attackers to execute script via (1) the admin login page, or
(2) the Pipermail index summaries.

Analysis
----------------
ED_PRI CAN-2002-0388 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0400
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CERT:CA-2002-15
Reference: URL:http://www.cert.org/advisories/CA-2002-15.html
Reference: CERT-VN:VU#739123
Reference: URL:http://www.kb.cert.org/vuls/id/739123
Reference: REDHAT:RHSA-2002:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html
Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of
service (shutdown) via a malformed DNS packet that triggers an error
condition that is not properly handled when the rdataset parameter to
the dns_message_findtype() function in message.c is not NULL.

Analysis
----------------
ED_PRI CAN-2002-0400 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0401
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: BID:4806
Reference: URL:http://online.securityfocus.com/bid/4806

SMB dissector in Ethereal before 0.9.3 allows remote attackers to
cause a denial of service (crash) or execute arbitrary code via
malformed packets that cause Ethereal to dereference a NULL pointer.

Analysis
----------------
ED_PRI CAN-2002-0401 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0402
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: BID:4805
Reference: URL:http://online.securityfocus.com/bid/4805

Buffer overflow in X11 dissector in Ethereal before 0.9.3 allows
remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code while Ethereal is parsing keysyms.

Analysis
----------------
ED_PRI CAN-2002-0402 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0403
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: BID:4807
Reference: URL:http://online.securityfocus.com/bid/4807

DNS dissector in Ethereal before 0.9.3 allows remote attackers to
cause a denial of service (CPU consumption) via a malformed packet
that causes Ethereal to enter an infinite loop.

Analysis
----------------
ED_PRI CAN-2002-0403 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0404
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020603
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2
Reference: BID:4808
Reference: URL:http://online.securityfocus.com/bid/4808

Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote
attackers to cause a denial of service (memory consumption).

Analysis
----------------
ED_PRI CAN-2002-0404 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0605
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0605
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2
Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2
Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html
Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
Reference: XF:flash-activex-movie-bo(8993)
Reference: URL:http://www.iss.net/security_center/static/8993.php
Reference: BID:4664
Reference: URL:http://online.securityfocus.com/bid/4664

Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23
(6,0,23,0) allows remote attackers to execute arbitrary code via a
long movie parameter.

Analysis
----------------
ED_PRI CAN-2002-0605 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: in an online advisory dated May 6, 2002, Macromedia
states "Macromedia has verified a vulnerability in the parameter
handling of the Macromedia Flash Player ActiveX control, version
6,0,23,0" and includes a reference to the discloser's original
advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0393
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0393
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web
interface allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a long administration password.

Analysis
----------------
ED_PRI CAN-2002-0393 2
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0394
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0394
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords,
which makes it easier for attackers to conduct a brute force guessing
attack due to the smaller space of possible passwords.

Analysis
----------------
ED_PRI CAN-2002-0394 2
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0395
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF/CF/MP/SA/AN/unknown
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be
disabled and makes it easier for remote attackers to crack the
administration password via brute force methods.

Analysis
----------------
ED_PRI CAN-2002-0395 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0396
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

The web management server for Red-M 1050 (Bluetooth Access Point) does
not use session-based credentials to authenticate users, which allows
attackers to connect to the server from the same IP address as a user
who has already established a session.

Analysis
----------------
ED_PRI CAN-2002-0396 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0397
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address,
and other information in UDP packets to a broadcast address, which
allows any system on the network to obtain potentially sensitive
information about the Access Point device by monitoring UDP port 8887.

Analysis
----------------
ED_PRI CAN-2002-0397 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0398
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020530
Category: SF
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt

Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to
cause a denial of service and possibly execute arbitrary code via a
long user name.

Analysis
----------------
ED_PRI CAN-2002-0398 2
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0031
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0031
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020116
Category: SF
Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference: URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#137115
Reference: URL:http://www.kb.cert.org/vuls/id/137115
Reference: BID:4837
Reference: URL:http://www.securityfocus.com/bid/4837

Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows
remote attackers to execute arbitrary code via a ymsgr URI with long
arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview,
or (6) addfriend.

Analysis
----------------
ED_PRI CAN-2002-0031 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0189
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0189
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020420
Category: SF
Reference: MS:MS02-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp

Cross-site scripting vulnerability in Internet Explorer 6.0 allows
remote attackers to execute scripts in the Local Computer zone via a
URL that exploits a local HTML resource file, aka the "Cross-Site
Scripting in Local HTML Resource" vulnerability.

Analysis
----------------
ED_PRI CAN-2002-0189 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0360
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020502
Category: SF
Reference: VULNWATCH:20020520 [VulnWatch] eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2
Reference: BUGTRAQ:20020520 eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2
Reference: MISC:http://www.eSecurityOnline.com/advisories/eSO5063.asp

Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote
attackers to execute arbitrary code via a long filename argument to
the gettransbitmap CGI program.

Analysis
----------------
ED_PRI CAN-2002-0360 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0362
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020506
Category: SF
Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2
Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2
Reference: BID:4677
Reference: URL:http://www.securityfocus.com/bid/4677

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows
remote attackers to execute arbitrary code via a long AddExternalApp
request and a TLV type greater than 0x2711.

Analysis
----------------
ED_PRI CAN-2002-0362 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0405
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0405
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020607
Category:
Reference: BUGTRAQ:20020527 Problems with various windows FTP servers
Reference: URL:http://online.securityfocus.com/archive/1/274279
Reference: XF:broker-ftp-dot-bo(6673)
Reference: URL:http://xforce.iss.net/static/6673.php
Reference: BID:4864
Reference: URL:http://online.securityfocus.com/bid/4864

Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows
remote attackers to cause a denial of service and possibly execute
arbitrary code via a CWD command with a large number of . (dot)
characters.

Analysis
----------------
ED_PRI CAN-2002-0405 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

ABSTRACTION: This looks very similar to CAN-2001-0688 which is also an
overflow in CWD, but there are some key differences: (a) the ". ." CWD
issue appears in 5.9.5.0 and must be executed a series of times, and
(b) the "......" CWD issue appears in 5.0/evaluation.  Since the
attack vectors are slightly different, and the versions are also
different, then CD:SF-LOC suggests that these issues should be SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0578
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0578
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020502 iXsecurity.20020404.4d_webserver.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0013.html
Reference: BID:4665
Reference: URL:http://www.securityfocus.com/bid/4665

Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause
a denial of service and possibly execute arbitrary code via an HTTP
request with Basic Authentication containing a long (1) user name or
(2) password.

Analysis
----------------
ED_PRI CAN-2002-0578 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0585
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0585
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: HP:HPSBUX0205-192
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0034.html
Reference: BID:4680
Reference: URL:http://www.securityfocus.com/bid/4680

Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches
allows attackers to cause a denial of service.

Analysis
----------------
ED_PRI CAN-2002-0585 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION: there is a possibility that this is the same issue as
CVE-1999-1118, but the HP advisory does not provide enough details to
be certain. In addition, CVE-1999-1118 was announced 4 years before
the HP advisory.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0602
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0602
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference: CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-pptp-dos(8986)
Reference: BID:4658
Reference: BID:4657
Reference: XF:snapgear-vpn-http-dos(8985)

Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to
cause a denial of service (crash) via a large number of connections to
(1) the HTTP web management port, or (2) the PPTP port.

Analysis
----------------
ED_PRI CAN-2002-0602 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC, SF-EXEC

ACKNOWLEDGEMENT: the vendor's online release notes includes an item
dated March 8, 2002, which states "Miscellaneous security and
useability fixes with thanks to Peter Grundl and Andreas Sandor of
KPMG Denmark [the original Bugtraq posters]." ABSTRACTION: CD:SF-LOC
and CD:SF-EXEC suggest MERGING problems of the same type that appear
in the same version. Since the same basic issue appears in both HTTP
and PPTP (50+ connections cause DoS), these issues have been MERGED.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0603
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0603
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference: CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-ipsec-dos(8987)
Reference: URL:http://www.iss.net/security_center/static/8987.php
Reference: BID:4659
Reference: URL:http://online.securityfocus.com/bid/4659

Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a
denial of service (IPSEC crash) via a zero length packet to UDP port
500.

Analysis
----------------
ED_PRI CAN-2002-0603 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor's online release notes includes an item
dated March 8, 2002, which states "Miscellaneous security and
useability fixes with thanks to Peter Grundl and Andreas Sandor of
KPMG Denmark [the original Bugtraq posters]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0604
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0604
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020611
Assigned: 20020611
Category: SF
Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2
Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html
Reference: CONFIRM:http://www.snapgear.com/releases.html
Reference: XF:snapgear-vpn-ipoptions-dos(8988)
Reference: URL:http://www.iss.net/security_center/static/8988.php
Reference: BID:4660
Reference: URL:http://online.securityfocus.com/bid/4660

Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to
cause a denial of service (crash) via a large number of packets with
malformed IP options.

Analysis
----------------
ED_PRI CAN-2002-0604 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor's online release notes includes an item
dated March 8, 2002, which states "Miscellaneous security and
useability fixes with thanks to Peter Grundl and Andreas Sandor of
KPMG Denmark [the original Bugtraq posters]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007