|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-93 - 45 candidates
I am proposing cluster RECENT-93 for review and voting by the Editorial Board. Name: RECENT-93 Description: Candidates announced between 5/1/2002 and 6/6/2002 Size: 45 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0032 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274223 Reference: CERT:CA-2002-16 Reference: URL:http://www.cert.org/advisories/CA-2002-16.html Reference: CERT-VN:VU#172315 Reference: URL:http://www.kb.cert.org/vuls/id/172315 Reference: BID:4838 Reference: URL:http://www.securityfocus.com/bid/4838 Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. Analysis ---------------- ED_PRI CAN-2002-0032 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0033 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0033 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html Reference: CERT:CA-2002-11 Reference: URL:http://www.cert.org/advisories/CA-2002-11.html Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309 Reference: CERT-VN:VU#635811 Reference: URL:http://www.kb.cert.org/vuls/id/635811 Reference: BID:4674 Reference: URL:http://www.securityfocus.com/bid/4674 Heap overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name. Analysis ---------------- ED_PRI CAN-2002-0033 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0146 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020318 Category: SF Reference: REDHAT:RHSA-2002:047 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. Analysis ---------------- ED_PRI CAN-2002-0146 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0155 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2 Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow Reference: MS:MS02-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-022.asp Reference: CERT:CA-2002-13 Reference: URL:http://www.cert.org/advisories/CA-2002-13.html Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. Analysis ---------------- ED_PRI CAN-2002-0155 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0157 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020325 Category: SF Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0 Reference: BID:4373 Reference: URL:http://www.securityfocus.com/bid/4373 Reference: REDHAT:RHSA-2002:064 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file. Analysis ---------------- ED_PRI CAN-2002-0157 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0169 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020411 Category: CF Reference: REDHAT:RHSA-2002:062 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier. Analysis ---------------- ED_PRI CAN-2002-0169 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0174 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020411 Category: SF Reference: SGI:20020501-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. Analysis ---------------- ED_PRI CAN-2002-0174 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0188 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0188 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0190 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0190 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0190 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0191 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2 Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Reference: XF:ie-css-read-files (8740) Reference: URL:http://www.iss.net/security_center/static/8740.php Reference: BID:4411 Reference: URL:http://online.securityfocus.com/bid/4411 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0191 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0192 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Microsoft Internet Explorer 5.01 and 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields to cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0192 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0193 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0193 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0355 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0355 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020503-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I Reference: BID:4682 Reference: URL:http://www.securityfocus.com/bid/4682 Reference: XF:irix-netstat-file-existence(9023) Reference: URL:http://www.iss.net/security_center/static/9023.php netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. Analysis ---------------- ED_PRI CAN-2002-0355 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0356 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0356 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020504-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. Analysis ---------------- ED_PRI CAN-2002-0356 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0357 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0357 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020601-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P Vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2002-0357 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0358 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0358 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: SGI:20020602-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I MediaMail and MedialMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. Analysis ---------------- ED_PRI CAN-2002-0358 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0368 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020508 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-025.asp The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." Analysis ---------------- ED_PRI CAN-2002-0368 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0369 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0369 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020508 Category: SF Reference: MS:MS02-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-026.asp Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode. Analysis ---------------- ED_PRI CAN-2002-0369 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0374 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0374 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020508 Category: SF Reference: BUGTRAQ:20020506 ldap vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102070762606525&w=2 Reference: VULNWATCH:20020506 [VulnWatch] ldap vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html Reference: REDHAT:RHSA-2002:084 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name. Analysis ---------------- ED_PRI CAN-2002-0374 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0377 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0377 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020514 Category: SF Reference: BUGTRAQ:20020512 Gaim abritary Email Reading Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2 Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. Analysis ---------------- ED_PRI CAN-2002-0377 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: The Change Log for Gaim version 0.58, dated May 13, says "Tempfiles used for secure MSN/HotMail login (added in 0.57) are now themselves created securely." In addition to a statement on the vendor's News page, dated May 14, regarding "the fix to the recent BugTraq posting about Gaim," this is sufficient acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0379 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020517 Category: SF Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2 Reference: REDHAT:RHSA-2002:092 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute code via long mailbox attribute requests. Analysis ---------------- ED_PRI CAN-2002-0379 1 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0380 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020517 Category: SF Reference: REDHAT:RHSA-2001:089 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Analysis ---------------- ED_PRI CAN-2002-0380 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0388 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0388 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020523 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. Analysis ---------------- ED_PRI CAN-2002-0388 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0400 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0400 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CERT:CA-2002-15 Reference: URL:http://www.cert.org/advisories/CA-2002-15.html Reference: CERT-VN:VU#739123 Reference: URL:http://www.kb.cert.org/vuls/id/739123 Reference: REDHAT:RHSA-2002:105 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL. Analysis ---------------- ED_PRI CAN-2002-0400 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0401 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0401 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: BID:4806 Reference: URL:http://online.securityfocus.com/bid/4806 SMB dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer. Analysis ---------------- ED_PRI CAN-2002-0401 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0402 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: BID:4805 Reference: URL:http://online.securityfocus.com/bid/4805 Buffer overflow in X11 dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms. Analysis ---------------- ED_PRI CAN-2002-0402 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0403 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: BID:4807 Reference: URL:http://online.securityfocus.com/bid/4807 DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop. Analysis ---------------- ED_PRI CAN-2002-0403 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0404 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0404 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020603 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html Reference: DEBIAN:DSA-130 Reference: URL:http://www.debian.org/security/2002/dsa-130 Reference: BUGTRAQ:20020529 Potential security issues in Ethereal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2 Reference: BID:4808 Reference: URL:http://online.securityfocus.com/bid/4808 Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption). Analysis ---------------- ED_PRI CAN-2002-0404 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0605 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0605 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2 Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2 Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm Reference: XF:flash-activex-movie-bo(8993) Reference: URL:http://www.iss.net/security_center/static/8993.php Reference: BID:4664 Reference: URL:http://online.securityfocus.com/bid/4664 Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter. Analysis ---------------- ED_PRI CAN-2002-0605 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: in an online advisory dated May 6, 2002, Macromedia states "Macromedia has verified a vulnerability in the parameter handling of the Macromedia Flash Player ActiveX control, version 6,0,23,0" and includes a reference to the discloser's original advisory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0393 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0393 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password. Analysis ---------------- ED_PRI CAN-2002-0393 2 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0394 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords. Analysis ---------------- ED_PRI CAN-2002-0394 2 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0395 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0395 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Analysis ---------------- ED_PRI CAN-2002-0395 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0396 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0396 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. Analysis ---------------- ED_PRI CAN-2002-0396 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0397 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0397 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. Analysis ---------------- ED_PRI CAN-2002-0397 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0398 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0398 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020530 Category: SF Reference: ATSTAKE:A060502-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. Analysis ---------------- ED_PRI CAN-2002-0398 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0031 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities Reference: URL:http://online.securityfocus.com/archive/1/274223 Reference: CERT:CA-2002-16 Reference: URL:http://www.cert.org/advisories/CA-2002-16.html Reference: CERT-VN:VU#137115 Reference: URL:http://www.kb.cert.org/vuls/id/137115 Reference: BID:4837 Reference: URL:http://www.securityfocus.com/bid/4837 Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. Analysis ---------------- ED_PRI CAN-2002-0031 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0189 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020420 Category: SF Reference: MS:MS02-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-023.asp Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. Analysis ---------------- ED_PRI CAN-2002-0189 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0360 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0360 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020502 Category: SF Reference: VULNWATCH:20020520 [VulnWatch] eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2 Reference: BUGTRAQ:20020520 eSecurityOnline advisory 5063 - Sun AnswerBook2 gettransbitmap buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2 Reference: MISC:http://www.eSecurityOnline.com/advisories/eSO5063.asp Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program. Analysis ---------------- ED_PRI CAN-2002-0360 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0362 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020506 Category: SF Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2 Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2 Reference: BID:4677 Reference: URL:http://www.securityfocus.com/bid/4677 Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Analysis ---------------- ED_PRI CAN-2002-0362 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0405 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020607 Category: Reference: BUGTRAQ:20020527 Problems with various windows FTP servers Reference: URL:http://online.securityfocus.com/archive/1/274279 Reference: XF:broker-ftp-dot-bo(6673) Reference: URL:http://xforce.iss.net/static/6673.php Reference: BID:4864 Reference: URL:http://online.securityfocus.com/bid/4864 Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters. Analysis ---------------- ED_PRI CAN-2002-0405 3 Vendor Acknowledgement: Content Decisions: SF-LOC ABSTRACTION: This looks very similar to CAN-2001-0688 which is also an overflow in CWD, but there are some key differences: (a) the ". ." CWD issue appears in 5.9.5.0 and must be executed a series of times, and (b) the "......" CWD issue appears in 5.0/evaluation. Since the attack vectors are slightly different, and the versions are also different, then CD:SF-LOC suggests that these issues should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0578 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0578 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020502 iXsecurity.20020404.4d_webserver.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0013.html Reference: BID:4665 Reference: URL:http://www.securityfocus.com/bid/4665 Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. Analysis ---------------- ED_PRI CAN-2002-0578 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0585 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0585 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: HP:HPSBUX0205-192 Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q2/0034.html Reference: BID:4680 Reference: URL:http://www.securityfocus.com/bid/4680 Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0585 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: there is a possibility that this is the same issue as CVE-1999-1118, but the HP advisory does not provide enough details to be certain. In addition, CVE-1999-1118 was announced 4 years before the HP advisory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0602 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0602 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2 Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html Reference: CONFIRM:http://www.snapgear.com/releases.html Reference: XF:snapgear-vpn-pptp-dos(8986) Reference: BID:4658 Reference: BID:4657 Reference: XF:snapgear-vpn-http-dos(8985) Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. Analysis ---------------- ED_PRI CAN-2002-0602 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC, SF-EXEC ACKNOWLEDGEMENT: the vendor's online release notes includes an item dated March 8, 2002, which states "Miscellaneous security and useability fixes with thanks to Peter Grundl and Andreas Sandor of KPMG Denmark [the original Bugtraq posters]." ABSTRACTION: CD:SF-LOC and CD:SF-EXEC suggest MERGING problems of the same type that appear in the same version. Since the same basic issue appears in both HTTP and PPTP (50+ connections cause DoS), these issues have been MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0603 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0603 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2 Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html Reference: CONFIRM:http://www.snapgear.com/releases.html Reference: XF:snapgear-vpn-ipsec-dos(8987) Reference: URL:http://www.iss.net/security_center/static/8987.php Reference: BID:4659 Reference: URL:http://online.securityfocus.com/bid/4659 Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500. Analysis ---------------- ED_PRI CAN-2002-0603 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor's online release notes includes an item dated March 8, 2002, which states "Miscellaneous security and useability fixes with thanks to Peter Grundl and Andreas Sandor of KPMG Denmark [the original Bugtraq posters]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0604 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0604 Final-Decision: Interim-Decision: Modified: Proposed: 20020611 Assigned: 20020611 Category: SF Reference: BUGTRAQ:20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2 Reference: VULNWATCH:20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html Reference: CONFIRM:http://www.snapgear.com/releases.html Reference: XF:snapgear-vpn-ipoptions-dos(8988) Reference: URL:http://www.iss.net/security_center/static/8988.php Reference: BID:4660 Reference: URL:http://online.securityfocus.com/bid/4660 Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options. Analysis ---------------- ED_PRI CAN-2002-0604 3 Vendor Acknowledgement: yes changelog Content Decisions: SF-LOC ACKNOWLEDGEMENT: the vendor's online release notes includes an item dated March 8, 2002, which states "Miscellaneous security and useability fixes with thanks to Peter Grundl and Andreas Sandor of KPMG Denmark [the original Bugtraq posters]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
