|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 191 candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-1080 CVE-1999-1080 CAN-1999-1362 CVE-1999-1362 CAN-2000-0060 CVE-2000-0060 CAN-2000-0072 CVE-2000-0072 CAN-2000-0087 CVE-2000-0087 CAN-2000-0976 CVE-2000-0976 CAN-2000-1166 CVE-2000-1166 CAN-2000-1193 CVE-2000-1193 CAN-2001-0508 CVE-2001-0508 CAN-2001-0550 CVE-2001-0550 CAN-2001-0553 CVE-2001-0553 CAN-2001-0726 CVE-2001-0726 CAN-2001-0727 CVE-2001-0727 CAN-2001-0731 CVE-2001-0731 CAN-2001-0769 CVE-2001-0769 CAN-2001-0770 CVE-2001-0770 CAN-2001-0797 CVE-2001-0797 CAN-2001-0869 CVE-2001-0869 CAN-2001-0872 CVE-2001-0872 CAN-2001-0884 CVE-2001-0884 CAN-2001-0886 CVE-2001-0886 CAN-2001-0887 CVE-2001-0887 CAN-2001-0888 CVE-2001-0888 CAN-2001-0889 CVE-2001-0889 CAN-2001-0894 CVE-2001-0894 CAN-2001-0895 CVE-2001-0895 CAN-2001-0896 CVE-2001-0896 CAN-2001-0899 CVE-2001-0899 CAN-2001-0900 CVE-2001-0900 CAN-2001-0901 CVE-2001-0901 CAN-2001-0905 CVE-2001-0905 CAN-2001-0906 CVE-2001-0906 CAN-2001-0912 CVE-2001-0912 CAN-2001-0917 CVE-2001-0917 CAN-2001-0918 CVE-2001-0918 CAN-2001-0920 CVE-2001-0920 CAN-2001-0929 CVE-2001-0929 CAN-2001-0936 CVE-2001-0936 CAN-2001-0939 CVE-2001-0939 CAN-2001-0940 CVE-2001-0940 CAN-2001-0946 CVE-2001-0946 CAN-2001-0961 CVE-2001-0961 CAN-2001-0962 CVE-2001-0962 CAN-2001-0977 CVE-2001-0977 CAN-2001-0981 CVE-2001-0981 CAN-2001-1002 CVE-2001-1002 CAN-2001-1022 CVE-2001-1022 CAN-2001-1027 CVE-2001-1027 CAN-2001-1030 CVE-2001-1030 CAN-2001-1032 CVE-2001-1032 CAN-2001-1043 CVE-2001-1043 CAN-2001-1046 CVE-2001-1046 CAN-2001-1053 CVE-2001-1053 CAN-2001-1062 CVE-2001-1062 CAN-2001-1071 CVE-2001-1071 CAN-2001-1072 CVE-2001-1072 CAN-2001-1074 CVE-2001-1074 CAN-2001-1079 CVE-2001-1079 CAN-2001-1083 CVE-2001-1083 CAN-2001-1084 CVE-2001-1084 CAN-2001-1085 CVE-2001-1085 CAN-2001-1088 CVE-2001-1088 CAN-2001-1089 CVE-2001-1089 CAN-2001-1095 CVE-2001-1095 CAN-2001-1096 CVE-2001-1096 CAN-2001-1099 CVE-2001-1099 CAN-2001-1100 CVE-2001-1100 CAN-2001-1108 CVE-2001-1108 CAN-2001-1113 CVE-2001-1113 CAN-2001-1116 CVE-2001-1116 CAN-2001-1117 CVE-2001-1117 CAN-2001-1118 CVE-2001-1118 CAN-2001-1119 CVE-2001-1119 CAN-2001-1121 CVE-2001-1121 CAN-2001-1130 CVE-2001-1130 CAN-2001-1132 CVE-2001-1132 CAN-2001-1141 CVE-2001-1141 CAN-2001-1144 CVE-2001-1144 CAN-2001-1146 CVE-2001-1146 CAN-2001-1147 CVE-2001-1147 CAN-2001-1149 CVE-2001-1149 CAN-2001-1153 CVE-2001-1153 CAN-2001-1155 CVE-2001-1155 CAN-2001-1158 CVE-2001-1158 CAN-2001-1160 CVE-2001-1160 CAN-2001-1161 CVE-2001-1161 CAN-2001-1162 CVE-2001-1162 CAN-2001-1166 CVE-2001-1166 CAN-2001-1172 CVE-2001-1172 CAN-2001-1174 CVE-2001-1174 CAN-2001-1175 CVE-2001-1175 CAN-2001-1176 CVE-2001-1176 CAN-2001-1177 CVE-2001-1177 CAN-2001-1180 CVE-2001-1180 CAN-2001-1183 CVE-2001-1183 CAN-2001-1185 CVE-2001-1185 CAN-2001-1193 CVE-2001-1193 CAN-2001-1199 CVE-2001-1199 CAN-2001-1201 CVE-2001-1201 CAN-2001-1203 CVE-2001-1203 CAN-2001-1215 CVE-2001-1215 CAN-2001-1227 CVE-2001-1227 CAN-2001-1231 CVE-2001-1231 CAN-2001-1234 CVE-2001-1234 CAN-2001-1235 CVE-2001-1235 CAN-2001-1236 CVE-2001-1236 CAN-2001-1237 CVE-2001-1237 CAN-2001-1240 CVE-2001-1240 CAN-2001-1246 CVE-2001-1246 CAN-2001-1247 CVE-2001-1247 CAN-2001-1252 CVE-2001-1252 CAN-2001-1266 CVE-2001-1266 CAN-2001-1276 CVE-2001-1276 CAN-2001-1277 CVE-2001-1277 CAN-2001-1295 CVE-2001-1295 CAN-2001-1297 CVE-2001-1297 CAN-2001-1299 CVE-2001-1299 CAN-2001-1322 CVE-2001-1322 CAN-2001-1342 CVE-2001-1342 CAN-2001-1345 CVE-2001-1345 CAN-2002-0002 CVE-2002-0002 CAN-2002-0003 CVE-2002-0003 CAN-2002-0004 CVE-2002-0004 CAN-2002-0007 CVE-2002-0007 CAN-2002-0018 CVE-2002-0018 CAN-2002-0020 CVE-2002-0020 CAN-2002-0021 CVE-2002-0021 CAN-2002-0022 CVE-2002-0022 CAN-2002-0023 CVE-2002-0023 CAN-2002-0025 CVE-2002-0025 CAN-2002-0026 CVE-2002-0026 CAN-2002-0027 CVE-2002-0027 CAN-2002-0028 CVE-2002-0028 CAN-2002-0038 CVE-2002-0038 CAN-2002-0040 CVE-2002-0040 CAN-2002-0043 CVE-2002-0043 CAN-2002-0044 CVE-2002-0044 CAN-2002-0045 CVE-2002-0045 CAN-2002-0046 CVE-2002-0046 CAN-2002-0047 CVE-2002-0047 CAN-2002-0049 CVE-2002-0049 CAN-2002-0050 CVE-2002-0050 CAN-2002-0051 CVE-2002-0051 CAN-2002-0052 CVE-2002-0052 CAN-2002-0055 CVE-2002-0055 CAN-2002-0057 CVE-2002-0057 CAN-2002-0059 CVE-2002-0059 CAN-2002-0060 CVE-2002-0060 CAN-2002-0063 CVE-2002-0063 CAN-2002-0064 CVE-2002-0064 CAN-2002-0065 CVE-2002-0065 CAN-2002-0066 CVE-2002-0066 CAN-2002-0070 CVE-2002-0070 CAN-2002-0078 CVE-2002-0078 CAN-2002-0080 CVE-2002-0080 CAN-2002-0081 CVE-2002-0081 CAN-2002-0082 CVE-2002-0082 CAN-2002-0083 CVE-2002-0083 CAN-2002-0092 CVE-2002-0092 CAN-2002-0096 CVE-2002-0096 CAN-2002-0097 CVE-2002-0097 CAN-2002-0098 CVE-2002-0098 CAN-2002-0107 CVE-2002-0107 CAN-2002-0111 CVE-2002-0111 CAN-2002-0115 CVE-2002-0115 CAN-2002-0117 CVE-2002-0117 CAN-2002-0121 CVE-2002-0121 CAN-2002-0128 CVE-2002-0128 CAN-2002-0139 CVE-2002-0139 CAN-2002-0143 CVE-2002-0143 CAN-2002-0151 CVE-2002-0151 CAN-2002-0152 CVE-2002-0152 CAN-2002-0153 CVE-2002-0153 CAN-2002-0159 CVE-2002-0159 CAN-2002-0160 CVE-2002-0160 CAN-2002-0166 CVE-2002-0166 CAN-2002-0167 CVE-2002-0167 CAN-2002-0168 CVE-2002-0168 CAN-2002-0175 CVE-2002-0175 CAN-2002-0176 CVE-2002-0176 CAN-2002-0179 CVE-2002-0179 CAN-2002-0196 CVE-2002-0196 CAN-2002-0197 CVE-2002-0197 CAN-2002-0207 CVE-2002-0207 CAN-2002-0209 CVE-2002-0209 CAN-2002-0211 CVE-2002-0211 CAN-2002-0226 CVE-2002-0226 CAN-2002-0237 CVE-2002-0237 CAN-2002-0251 CVE-2002-0251 CAN-2002-0265 CVE-2002-0265 CAN-2002-1056 CVE-2002-1056 ====================================================== Candidate: CAN-1999-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1080 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2 Reference: BUGTRAQ:19991011 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2 Reference: BID:250 Reference: URL:http://www.securityfocus.com/bid/250 Reference: SUNBUG:4205437 Reference: XF:solaris-rmmount-gain-root(8350) rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. Modifications: ADDREF SUNBUG:4205437 ADDREF XF:solaris-rmmount-gain-root(8350) INFERRED ACTION: CAN-1999-1080 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Cole, Dik MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Dik> sun bug: 4205437 Frech> XF:solaris-rmmount-gain-root(8350) ====================================================== Candidate: CAN-1999-1362 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1362 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: MSKB:Q160601 Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp Reference: XF:nt-win32k-dos(7403) Reference: URL:http://www.iss.net/security_center/static/7403.php Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. Modifications: ADDREF XF:nt-win32k-dos(7403) INFERRED ACTION: CAN-1999-1362 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Wall, Foat, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-win32k-dos(7403) ====================================================== Candidate: CAN-2000-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0060 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94647711311057&w=2 Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94633851427858&w=2 Reference: BID:894 Reference: URL:http://www.securityfocus.com/bid/894 Reference: XF:avirt-rover-pop3-dos(3765) Reference: URL:http://www.iss.net/security_center/static/3765.php Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. Modifications: ADDREF XF:avirt-rover-pop3-dos DESC add version ADDREF NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt INFERRED ACTION: CAN-2000-0060 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech NOOP(1) Balinsky Voter Comments: Frech> XF:avirt-rover-pop3-dos Balinsky> No mention of the problem or relevant patch on vendor website. Williams> Balinsky - this product is no longer supported by vendor. should include v1.1 for NT in title ====================================================== Candidate: CAN-2000-0072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0072 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Warning: VCasel security hole. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94823061421676&w=2 Reference: BID:937 Reference: URL:http://www.securityfocus.com/bid/937 Reference: XF:vcasel-filename-trusting(3867) Reference: URL:http://www.iss.net/security_center/static/3867.php Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. Modifications: ADDREF XF:vcasel-filename-trusting(3867) INFERRED ACTION: CAN-2000-0072 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech Voter Comments: Frech> XF:vcasel-filename-trusting(3867) ====================================================== Candidate: CAN-2000-0087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0087 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020218-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94790377622943&w=2 Reference: XF:netscape-mail-notify-plaintext(4385) Reference: URL:http://www.iss.net/security_center/static/4385.php Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. Modifications: ADDREF XF:netscape-mail-notify-plaintext(4385) INFERRED ACTION: CAN-2000-0087 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Williams, Baker MODIFY(1) Frech Voter Comments: Frech> XF:netscape-mail-notify-plaintext ====================================================== Candidate: CAN-2000-0976 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0976 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 another Xlib buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html Reference: SGI:20020502-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I Reference: BID:1805 Reference: URL:http://www.securityfocus.com/bid/1805 Reference: XF:xfree-xlib-bo(5751) Reference: URL:http://www.iss.net/security_center/static/5751.php Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. Modifications: ADDREF XF:xfree-xlib-bo(5751) ADDREF SGI:20020502-01-I INFERRED ACTION: CAN-2000-0976 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Mell, Baker MODIFY(1) Frech NOOP(2) Christey, Cole Voter Comments: Frech> XF:xfree-xlib-bo(5751) Christey> This might not be exploitable; see followups CHANGE> [Christey changed vote from REVIEWING to NOOP] Christey> SGI:20020502-01-I ====================================================== Candidate: CAN-2000-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1166 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Reference: BID:1998 Reference: URL:http://www.securityfocus.com/bid/1998 Reference: XF:twig-php3-script-execute(5581) Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program. Modifications: ADDREF XF:twig-php3-script-execute(5581) ADDREF CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG INFERRED ACTION: CAN-2000-1166 FINAL (Final Decision 20020625) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Voter Comments: Frech> XF:twig-php3-script-execute(5581) Christey> CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG Dated December 18, 2000: "Fixed security hole with respect to vhosts." ====================================================== Candidate: CAN-2000-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1193 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010912 Assigned: 20010831 Category: SF Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: XF:irix-pcp-pmcd-dos(4284) Reference: URL:http://xforce.iss.net/static/4284.php Reference: SGI:20020407-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port. Modifications: CHANGEREF XF:irix-pcp-pmcd-dos(4284) ADDREF SGI:20020407-01-I INFERRED ACTION: CAN-2000-1193 FINAL (Final Decision 20020625) Current Votes: MODIFY(2) Frech, Williams NOOP(5) Wall, Foat, Cole, Stracener, Christey Voter Comments: Frech> XF:irix-pcp-pmcd-dos(4284) (same XF:ID number, but slightly different name) Williams> not just a DoS. also involves information gathering vuln. Christey> ADDREF SGI:20020407-01-I ====================================================== Candidate: CAN-2001-0508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0508 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010829 Assigned: 20010608 Category: SF Reference: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 Reference: URL:http://online.securityfocus.com/archive/1/182579 Reference: MS:MS01-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp Reference: XF:iis-webdav-long-request-dos(6982) Reference: URL:http://www.iss.net/security_center/static/6982.php Reference: BID:2690 Reference: URL:http://www.securityfocus.com/bid/2690 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Modifications: ADDREF XF:iis-webdav-long-request-dos(6982) ADDREF BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 ADDREF BID:2690 INFERRED ACTION: CAN-2001-0508 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Bishop, Ziese MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-webdav-long-request-dos(6982) Christey> Need to determine whether this CAN is fixing this problem: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 URL:http://www.securityfocus.com/archive/1/3AF56057.1CB06CBC@guninski.com If so, then ADDREF BID:2690 as well. Christey> Yes, these are the same issue Christey> BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2 URL:http://online.securityfocus.com/archive/1/182579 (confirmed w/Microsoft) ====================================================== Candidate: CAN-2001-0550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0550 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010718 Category: SF Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{ Reference: URL:http://www.securityfocus.com/archive/82/180823 Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100700363414799&w=2 Reference: CERT:CA-2001-33 Reference: URL:http://www.cert.org/advisories/CA-2001-33.html Reference: CERT-VN:VU#886083 Reference: URL:http://www.kb.cert.org/vuls/id/886083 Reference: REDHAT:RHSA-2001-157 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html Reference: CALDERA:CSSA-2001-041.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt Reference: CALDERA:CSSA-2001-SCO.36 Reference: MANDRAKE:MDKSA-2001:090 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3 Reference: HP:HPSBUX0107-162 Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability Reference: BID:3581 Reference: URL:http://www.securityfocus.com/bid/3581 Reference: XF:wuftp-glob-heap-corruption(7611) wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). Modifications: ADDREF XF:wuftp-glob-heap-corruption(7611) ADDREF CALDERA:CSSA-2001-SCO.36 INFERRED ACTION: CAN-2001-0550 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Christey, Foat Voter Comments: Frech> XF:wuftp-glob-heap-corruption(7611) Christey> CALDERA:CSSA-2001-SCO.36 ====================================================== Candidate: CAN-2001-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0553 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20010727 Assigned: 20010724 Category: SF Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html Reference: CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm Reference: CERT-VN:VU#737451 Reference: URL:http://www.kb.cert.org/vuls/id/737451 Reference: CIAC:L-121 Reference: URL:http://www.ciac.org/ciac/bulletins/l-121.shtml Reference: BID:3078 Reference: URL:http://www.securityfocus.com/bid/3078 Reference: XF:ssh-password-length-unauth-access(6868) SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. Modifications: ADDREF XF:ssh-password-length-unauth-access(6868) ADDREF CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm ADDREF CERT-VN:VU#737451 ADDREF BID:3078 ADDREF CIAC:L-121 INFERRED ACTION: CAN-2001-0553 FINAL (Final Decision 20020625) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(5) Christey, Wall, Foat, Cole, Ziese Voter Comments: Frech> XF:ssh-password-length-unauth-access(6868) Christey> CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm CERT-VN:VU#737451 URL:http://www.kb.cert.org/vuls/id/737451 BID:3078 URL:http://www.securityfocus.com/bid/3078 CIAC:L-121 URL:http://www.ciac.org/ciac/bulletins/l-121.shtml ====================================================== Candidate: CAN-2001-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0726 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: MS:MS01-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-057.asp Reference: XF:exchange-owa-embedded-script-execution(7663) Reference: BID:3650 Reference: URL:http://online.securityfocus.com/bid/3650 Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. Modifications: ADDREF XF:exchange-owa-embedded-script-execution(7663) ADDREF BID:3650 INFERRED ACTION: CAN-2001-0726 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:exchange-owa-embedded-script-execution(7663) Christey> Consider adding BID:3650 ====================================================== Candidate: CAN-2001-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0727 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20010927 Category: SF Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100835204509262&w=2 Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100861273114437&w=2 Reference: MS:MS01-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-058.asp Reference: CERT:CA-2001-36 Reference: URL:http://www.cert.org/advisories/CA-2001-36.html Reference: XF:ie-file-download-execution(7703) Reference: BID:3578 Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." Modifications: ADDREF XF:ie-file-download-execution(7703) ADDREF BID:3578 INFERRED ACTION: CAN-2001-0727 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:ie-file-download-execution(7703) Christey> Consider adding BID:3578 ====================================================== Candidate: CAN-2001-0731 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0731 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20011008 Category: SF Reference: BUGTRAQ:20010709 How Google indexed a file with no external link Reference: URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net Reference: CONFIRM:http://www.apacheweek.com/issues/01-10-05#security Reference: MANDRAKE:MDKSA-2001:077 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3 Reference: BID:3009 Reference: URL:http://www.securityfocus.com/bid/3009 Reference: XF:apache-multiviews-directory-listing(8275) Reference: SGI:20020301-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. Modifications: ADDREF XF:apache-multiviews-directory-listing(8275) ADDREF SGI:20020301-01-P INFERRED ACTION: CAN-2001-0731 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Foat, Cole, Armstrong, Ziese, Green MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> SGI:20020301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P Frech> XF:apache-multiviews-directory-listing(8275) ====================================================== Candidate: CAN-2001-0769 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0769 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-null-memory-leak(6613) Reference: URL:http://xforce.iss.net/static/6613.php Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. INFERRED ACTION: CAN-2001-0769 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Foat, Frech NOOP(4) Christey, Wall, Cole, Armstrong Voter Comments: Christey> Email ack received from guildftpd@nitrolic.com on 3/8/2002 ====================================================== Candidate: CAN-2001-0770 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0770 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020308-01 Proposed: 20011012 Assigned: 20011012 Category: SF Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html Reference: XF:guildftpd-site-bo(6612) Reference: URL:http://xforce.iss.net/static/6612.php Reference: CONFIRM:http://www.nitrolic.com/help/history.htm Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. Modifications: ADDREF CONFIRM:http://www.nitrolic.com/help/history.htm INFERRED ACTION: CAN-2001-0770 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Foat, Armstrong, Frech NOOP(3) Christey, Wall, Cole Voter Comments: Christey> Possible ACK at http://www.nitrolic.com/help/history.htm Inquiry sent to guildftpd@nitrolic.com on 2/25/2002 Christey> Email ack received from guildftpd@nitrolic.com on 3/8/2002 ====================================================== Candidate: CAN-2001-0797 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0797 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011024 Category: SF Reference: ISS:20011212 Buffer Overflow in /bin/login Reference: URL:http://xforce.iss.net/alerts/advise105.php Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow Reference: URL:http://www.securityfocus.com/archive/1/246487 Reference: CERT:CA-2001-34 Reference: URL:http://www.cert.org/advisories/CA-2001-34.html Reference: CERT-VN:VU#569272 Reference: URL:http://www.kb.cert.org/vuls/id/569272 Reference: CALDERA:CSSA-2001-SCO.40 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt Reference: SUN:00213 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213 Reference: AIXAPAR:IY26221 Reference: SGI:20011201-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I Reference: SUNBUG:4516885 Reference: BUGTRAQ:20011214 Sun Solaris login bug patches out Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100844757228307&w=2 Reference: XF:telnet-tab-bo(7284) Reference: URL:http://xforce.iss.net/static/7284.php Reference: BID:3681 Reference: URL:http://www.securityfocus.com/bid/3681 Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. Modifications: ADDREF SUNBUG:4516885 ADDREF BUGTRAQ:20011214 Sun Solaris login bug patches out INFERRED ACTION: CAN-2001-0797 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Frech, Dik, Green NOOP(3) Christey, Wall, Foat Voter Comments: Dik> Sun bugid: 4516885 Christey> BUGTRAQ:20011214 Sun Solaris login bug patches out URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100844757228307&w=2 ====================================================== Candidate: CAN-2001-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0869 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011129 Category: SF Reference: SUSE:SuSE-SA:2001:042 Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3 Reference: CALDERA:CSSA-2001-040.0 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt Reference: REDHAT:RHSA-2001-150 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html Reference: REDHAT:RHSA-2001-151 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html Reference: MANDRAKE:MDKSA-2002:018 Reference: XF:cyrus-sasl-format-string(7443) Reference: URL:http://xforce.iss.net/static/7443.php Reference: FREEBSD:FreeBSD-SA-02:15 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc Format string vulnerability in the default logging callback function in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. Modifications: ADDREF MANDRAKE:MDKSA-2002:018 ADDREF FREEBSD:FreeBSD-SA-02:15 INFERRED ACTION: CAN-2001-0869 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(2) Christey, Wall Voter Comments: Christey> MANDRAKE:MDKSA-2002:018 Christey> ADDREF FREEBSD:FreeBSD-SA-02:15 URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc ====================================================== Candidate: CAN-2001-0872 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0872 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020228-01 Proposed: 20020131 Assigned: 20011203 Category: SF Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100749779131514&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100747128105913&w=2 Reference: REDHAT:RHSA-2001:161 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html Reference: SUSE:SuSE-SA:2001:045 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html Reference: DEBIAN:DSA-091 Reference: URL:http://www.debian.org/security/2001/dsa-091 Reference: XF:openssh-uselogin-execute-code(7647) Reference: URL:http://xforce.iss.net/static/7647.php OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. Modifications: ADDREF DEBIAN:DSA-091 INFERRED ACTION: CAN-2001-0872 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Foat, Cole, Frech ====================================================== Candidate: CAN-2001-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0884 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011213 Category: SF Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting Reference: URL:http://www.securityfocus.com/archive/1/242839 Reference: CONECTIVA:CLA-2001:445 Reference: URL:http://www.securityfocus.com/advisories/3721 Reference: REDHAT:RHSA-2001:168 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html Reference: REDHAT:RHSA-2001:170 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html Reference: XF:mailman-java-css(7617) Reference: URL:http://xforce.iss.net/static/7617.php Reference: BID:3602 Reference: URL:http://www.securityfocus.com/bid/3602 Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. INFERRED ACTION: CAN-2001-0884 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0886 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011214 Category: SF Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues. Reference: URL:http://www.securityfocus.com/archive/1/245956 Reference: REDHAT:RHSA-2001-160 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html Reference: MANDRAKE:MDKSA-2001:095 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3 Reference: ENGARDE:ESA-20011217-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html Reference: XF:glibc-glob-bo(7705) Reference: URL:http://xforce.iss.net/static/7705.php Reference: BID:3707 Reference: URL:http://www.securityfocus.com/bid/3707 Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. INFERRED ACTION: CAN-2001-0886 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Green, Wall, Baker, Cole, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0887 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: FREEBSD:FreeBSD-SA-01:68 Reference: URL:http://www.securityfocus.com/advisories/3734 Reference: BID:3700 Reference: URL:http://www.securityfocus.com/bid/3700 Reference: XF:xsane-temp-symlink(7714) Reference: URL:http://xforce.iss.net/static/7714.php xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. INFERRED ACTION: CAN-2001-0887 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0888 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20011219 Category: SF Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100895903202798&w=2 Reference: XF:atmel-snmp-community-dos(7734) Reference: URL:http://xforce.iss.net/static/7734.php Reference: BID:3734 Reference: URL:http://www.securityfocus.com/bid/3734 Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. INFERRED ACTION: CAN-2001-0888 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0889 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0889 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20011221 Category: SF Reference: BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem] Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100877978506387&w=2 Reference: REDHAT:RHSA-2001:176 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html Reference: XF:exim-pipe-hostname-commands(7738) Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:exim-pipe-hostname-commands(7738) INFERRED ACTION: CAN-2001-0889 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:exim-pipe-hostname-commands(7738) ====================================================== Candidate: CAN-2001-0894 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0894 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100584160110303&w=2 Reference: MANDRAKE:MDKSA-2001:089 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-089.php3?dis=8.1 Reference: DEBIAN:DSA-093 Reference: URL:http://www.debian.org/security/2001/dsa-093 Reference: REDHAT:RHSA-2001:156 Reference: BID:3544 Reference: URL:http://www.securityfocus.com/bid/3544 Reference: XF:postfix-smtp-log-dos(7568) Reference: URL:http://xforce.iss.net/static/7568.php Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large. Modifications: ADDREF REDHAT:RHSA-2001:156 INFERRED ACTION: CAN-2001-0894 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech MODIFY(1) Cox NOOP(1) Wall Voter Comments: Cox> ADDREF REDHAT:RHSA-2001:156 ====================================================== Candidate: CAN-2001-0895 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0895 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml Reference: XF:cisco-arp-overwrite-table(7547) Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. Modifications: ADDREF XF:cisco-arp-overwrite-table(7547) INFERRED ACTION: CAN-2001-0895 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Foat, Cole, Armstrong MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cisco-arp-overwrite-table(7547) ====================================================== Candidate: CAN-2001-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0896 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.33 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt Reference: BUGTRAQ:20020201 RE: DoS bug on Tru64 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101284101228656&w=2 Reference: BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101303877215098&w=2 Reference: XF:openserver-nmap-po-option(7571) Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO. Modifications: ADDREF BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 ADDREF BUGTRAQ:20020201 RE: DoS bug on Tru64 ADDREF XF:openserver-nmap-po-option(7571) INFERRED ACTION: CAN-2001-0896 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> A rediscovery of this issue was reported in: BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101303877215098&w=2 BUGTRAQ:20020201 RE: DoS bug on Tru64 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101284101228656&w=2 Frech> XF:openserver-nmap-po-option(7571) ====================================================== Candidate: CAN-2001-0899 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0899 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100593523104176&w=2 Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32 Reference: XF:phpnuke-nettools-command-execution(7578) Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. Modifications: ADDREF XF:phpnuke-nettools-command-execution(7578) INFERRED ACTION: CAN-2001-0899 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:phpnuke-nettools-command-execution(7578) ====================================================== Candidate: CAN-2001-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0900 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2 Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order= Reference: XF:phpnuke-gallery-directory-traversal(7580) Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. Modifications: ADDREF XF:phpnuke-gallery-directory-traversal(7580) INFERRED ACTION: CAN-2001-0900 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:phpnuke-gallery-directory-traversal(7580) ====================================================== Candidate: CAN-2001-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0901 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100626603407639&w=2 Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz Reference: XF:hypermail-ssi-execute-commands(7576) Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. Modifications: ADDREF XF:hypermail-ssi-execute-commands(7576) INFERRED ACTION: CAN-2001-0901 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:hypermail-ssi-execute-commands(7576) ====================================================== Candidate: CAN-2001-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0905 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-083 Reference: URL:http://www.debian.org/security/2001/dsa-083 Reference: REDHAT:RHSA-2001:093 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-093.html Reference: MANDRAKE:MDKSA-2001:085 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3 Reference: FREEBSD:FreeBSD-SA-01:60 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc Reference: CONECTIVA:CLA-2001:433 Reference: BID:3071 Reference: URL:http://www.securityfocus.com/bid/3071 Reference: XF:procmail-signal-handling-race(6872) Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. Modifications: ADDREF CONECTIVA:CLA-2001:433 ADDREF XF:procmail-signal-handling-race(6872) INFERRED ACTION: CAN-2001-0905 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Green, Wall, Baker, Cole, Armstrong MODIFY(2) Christey, Frech NOOP(1) Foat Voter Comments: Frech> XF:procmail-signal-handling-race(6872) Christey> ADDREF CONECTIVA:CLA-2001:433 ====================================================== Candidate: CAN-2001-0906 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0906 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit Reference: URL:http://www.securityfocus.com/archive/1/192647 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: MANDRAKE:MDKSA-2001:086 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3 Reference: IMMUNIX:IMNX-2001-70-030-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01 Reference: BID:2974 Reference: URL:http://www.securityfocus.com/bid/2974 Reference: XF:tetex-lprng-tmp-race(6785) Reference: URL:http://xforce.iss.net/static/6785.php teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. INFERRED ACTION: CAN-2001-0906 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0912 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: MANDRAKE:MDKSA-2001:087 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1 Reference: XF:linux-expect-unauth-root(7604) Reference: URL:http://xforce.iss.net/static/7604.php Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. INFERRED ACTION: CAN-2001-0912 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0917 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011122 Hi Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100654722925155&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=100658457507305&w=2 Reference: XF:tomcat-reveal-install-path(7599) Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. Modifications: ADDREF XF:tomcat-reveal-install-path(7599) INFERRED ACTION: CAN-2001-0917 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:tomcat-reveal-install-path(7599) ====================================================== Candidate: CAN-2001-0918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0918 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: SUSE:SuSE-SA:2001:041 Reference: URL:http://www.suse.de/de/support/security/2001_041_susehelp_txt.txt Reference: XF:susehelp-cgi-command-execution(7583) Reference: URL:http://xforce.iss.net/static/7583.php Reference: BID:3576 Reference: URL:http://www.securityfocus.com/bid/3576 Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. INFERRED ACTION: CAN-2001-0918 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0920 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0920 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100680319004162&w=2 Reference: CONFIRM:http://and.sourceforge.net/ Reference: XF:and-format-string(7606) Reference: URL:http://xforce.iss.net/static/7606.php Reference: BID:3580 Reference: URL:http://www.securityfocus.com/bid/3580 Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string. INFERRED ACTION: CAN-2001-0920 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0929 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml Reference: XF:ios-cbac-bypass-acl(7614) Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. Modifications: ADDREF XF:ios-cbac-bypass-acl(7614) INFERRED ACTION: CAN-2001-0929 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:ios-cbac-bypass-acl(7614) ====================================================== Candidate: CAN-2001-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0936 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100713367307799&w=2 Reference: CONFIRM:http://frox.sourceforge.net/security.txt Reference: XF:frox-ftp-proxy-bo(7632) Reference: URL:http://xforce.iss.net/static/7632.php Reference: BID:3606 Reference: URL:http://www.securityfocus.com/bid/3606 Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request. INFERRED ACTION: CAN-2001-0936 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0939 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0939 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: CF Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715316426817&w=2 Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88 Reference: BID:3607 Reference: URL:http://www.securityfocus.com/bid/3607 Reference: XF:lotus-domino-nhttp-dos(7631) Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. Modifications: ADDREF XF:lotus-domino-nhttp-dos(7631) INFERRED ACTION: CAN-2001-0939 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Frech NOOP(1) Wall Voter Comments: Frech> XF:lotus-domino-nhttp-dos(7631) CHANGE> [Frech changed vote from MODIFY to ACCEPT] ====================================================== Candidate: CAN-2001-0940 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0940 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100698954308436&w=2 Reference: BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094268017271&w=2 Reference: BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html Reference: CHECKPOINT:20010919 GUI Buffer Overflow Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html Reference: BID:3336 Reference: URL:http://www.securityfocus.com/bid/3336 Reference: XF:fw1-log-viewer-bo(7145) Reference: URL:http://xforce.iss.net/static/7145.php Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. Modifications: ADDREF BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) ADDREF BID:3336 ADDREF XF:fw1-log-viewer-bo(7145) ADDREF BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow INFERRED ACTION: CAN-2001-0940 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Green, Baker, Cole MODIFY(1) Frech NOOP(3) Christey, Wall, Foat Voter Comments: Christey> BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100094268017271&w=2 BID:3336 URL:http://www.securityfocus.com/bid/3336 XF:fw1-log-viewer-bo(7145) URL:http://xforce.iss.net/static/7145.php BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html Frech> XF:fw1-log-viewer-bo(7145) ====================================================== Candidate: CAN-2001-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0946 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100743394701962&w=2 Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389 Reference: XF:apmd-apmscript-symlink(8268) apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. Modifications: ADDREF XF:apmd-apmscript-symlink(8268) INFERRED ACTION: CAN-2001-0946 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Wall, Baker, Cole MODIFY(1) Frech NOOP(1) Foat Voter Comments: CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:apmd-apmscript-symlink(8268) ====================================================== Candidate: CAN-2001-0961 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0961 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: DEBIAN:DSA-076 Reference: URL:http://www.debian.org/security/2001/dsa-076 Reference: XF:most-file-create-bo(7149) Reference: URL:http://xforce.iss.net/static/7149.php Reference: BID:3347 Reference: URL:http://www.securityfocus.com/bid/3347 Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. INFERRED ACTION: CAN-2001-0961 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Frech NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0962 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p Reference: XF:ibm-websphere-seq-predict(7153) Reference: URL:http://xforce.iss.net/static/7153.php IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. INFERRED ACTION: CAN-2001-0962 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Green, Frech NOOP(3) Wall, Foat, Cole ====================================================== Candidate: CAN-2001-0977 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0977 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CERT:CA-2001-18 Reference: URL:http://www.cert.org/advisories/CA-2001-18.html Reference: CERT-VN:VU#935800 Reference: URL:http://www.kb.cert.org/vuls/id/935800 Reference: DEBIAN:DSA-068 Reference: URL:http://www.debian.org/security/2001/dsa-068 Reference: REDHAT:RHSA-2001:098 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-098.html Reference: CONECTIVA:CLA-2001:417 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417 Reference: MANDRAKE:MDKSA-2001:069 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3 Reference: BID:3049 Reference: URL:http://www.securityfocus.com/bid/3049 Reference: XF:openldap-ldap-protos-dos(6904) Reference: URL:http://xforce.iss.net/static/6904.php slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. INFERRED ACTION: CAN-2001-0977 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Green, Wall, Baker, Cole, Armstrong, Frech NOOP(1) Foat ====================================================== Candidate: CAN-2001-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0981 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: HP:HPSBUX0108-164 Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html Reference: XF:hp-cifs-change-passwords(7051) HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. Modifications: ADDREF XF:hp-cifs-change-passwords(7051) INFERRED ACTION: CAN-2001-0981 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Green, Baker, Cole, Armstrong MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:hp-cifs-change-passwords(7051) ====================================================== Candidate: CAN-2001-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1002 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99892644616749&w=2 Reference: REDHAT:RHSA-2001:102 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html Reference: BID:3241 Reference: URL:http://www.securityfocus.com/bid/3241 Reference: XF:tetex-lprng-tmp-race(6785) The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. Modifications: ADDREF XF:tetex-lprng-tmp-race(6785) INFERRED ACTION: CAN-2001-1002 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:tetex-lprng-tmp-race(6785) Similar to CAN-2001-0906? Christey> Similar in the sense that lprng/lpd uses Tetex, or something like that. ====================================================== Candidate: CAN-2001-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1022 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0 Reference: URL:http://www.securityfocus.com/archive/1/199706 Reference: DEBIAN:DSA-072 Reference: URL:http://www.debian.org/security/2001/dsa-072 Reference: CONECTIVA:CLA-2001:428 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 Reference: XF:linux-groff-format-string(6918) Reference: URL:http://xforce.iss.net/static/6918.php Reference: BID:3103 Reference: URL:http://www.securityfocus.com/bid/3103 Format string vulnerability in pic utility in groff 1.16.1 and other versions allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. INFERRED ACTION: CAN-2001-1022 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1027 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog Reference: DEBIAN:DSA-074 Reference: URL:http://www.debian.org/security/2001/dsa-074 Reference: CONECTIVA:CLA-2001:411 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411 Reference: SUSE:SuSE-SA:2001:032 Reference: URL:http://www.suse.de/de/support/security/2001_032_wmaker_txt.txt Reference: MANDRAKE:MDKSA-2001:074 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3 Reference: BID:3177 Reference: URL:http://www.securityfocus.com/bid/3177 Reference: XF:windowmaker-title-bo(6969) Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. Modifications: ADDREF XF:windowmaker-title-bo(6969) INFERRED ACTION: CAN-2001-1027 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:windowmaker-title-bo(6969) ====================================================== Candidate: CAN-2001-1030 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1030 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning Reference: URL:http://www.securityfocus.com/archive/1/197727 Reference: BUGTRAQ:20010719 TSLSA-2001-0013 - Squid Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html Reference: IMMUNIX:IMNX-2001-70-031-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 Reference: CALDERA:CSSA-2001-029.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt Reference: MANDRAKE:MDKSA-2001:066 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 Reference: REDHAT:RHSA-2001:097 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-097.html Reference: XF:squid-http-accelerator-portscanning(6862) Reference: URL:http://xforce.iss.net/static/6862.php Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. INFERRED ACTION: CAN-2001-1030 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1032 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 Reference: XF:php-nuke-admin-file-overwrite(7170) Reference: URL:http://xforce.iss.net/static/7170.php Reference: BID:3361 Reference: URL:http://www.securityfocus.com/bid/3361 admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. Modifications: ADDREF CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 ADDREF BID:3361 INFERRED ACTION: CAN-2001-1032 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(4) Wall, Foat, Cole, Christey Voter Comments: Christey> CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892 BID:3361 URL:http://www.securityfocus.com/bid/3361 ====================================================== Candidate: CAN-2001-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1043 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal Reference: URL:http://www.securityfocus.com/archive/1/194445 Reference: BID:2961 Reference: URL:http://www.securityfocus.com/bid/2961 Reference: XF:ftp-lnk-directory-traversal(6760) Reference: URL:http://xforce.iss.net/static/6760.php ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. INFERRED ACTION: CAN-2001-1043 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Armstrong, Christey Voter Comments: CHANGE> [Green changed vote from REVIEWING to ACCEPT] Christey> Acknowledged by the vendor in an email to Dave Baker, May 9. ====================================================== Candidate: CAN-2001-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1046 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd) Reference: URL:http://www.securityfocus.com/archive/1/188267 Reference: VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=98777649031406&w=2 Reference: CALDERA:CSSA-2001-SCO.8 Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html Reference: BID:2811 Reference: URL:http://www.securityfocus.com/bid/2811 Reference: XF:qpopper-username-bo(6647) Reference: URL:http://xforce.iss.net/static/6647.php Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers gain privileges via a long username. INFERRED ACTION: CAN-2001-1046 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1053 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html Reference: CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17 Reference: XF:adcycle-insert-sql-command(6837) Reference: URL:http://xforce.iss.net/static/6837.php Reference: BID:3032 Reference: URL:http://www.securityfocus.com/bid/3032 AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. Modifications: DELREF XF:php-includedir-code-execution(7215) INFERRED ACTION: CAN-2001-1053 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> DELREF XF:php-includedir-code-execution(7215) ====================================================== Candidate: CAN-2001-1062 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1062 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020228-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: CALDERA:CSSA-2001-SCO.12 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt Reference: XF:openserver-mana-bo(7034) Reference: URL:http://www.iss.net/security_center/static/7034.php Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. Modifications: ADDREF XF:openserver-mana-bo(7034) INFERRED ACTION: CAN-2001-1062 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:openserver-mana-bo(7034) ====================================================== Candidate: CAN-2001-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1071 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20011009 Cisco CDP attacks Reference: URL:http://www.securityfocus.com/archive/1/219257 Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP Reference: URL:http://www.securityfocus.com/archive/1/219305 Reference: BID:3412 Reference: URL:http://www.securityfocus.com/bid/3412 Reference: XF:cisco-ios-cdp-dos(7242) Reference: URL:http://xforce.iss.net/static/7242.php Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. INFERRED ACTION: CAN-2001-1071 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1072 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect? Reference: URL:http://www.securityfocus.com/archive/1/203955 Reference: CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Reference: BID:3176 Reference: URL:http://www.securityfocus.com/bid/3176 Reference: XF:apache-rewrite-bypass-directives(8633) Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail Modifications: ADDREF CONFIRM:http://www.apacheweek.com/issues/02-02-01#security ADDREF XF:apache-rewrite-bypass-directives(8633) INFERRED ACTION: CAN-2001-1072 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Foat, Cole, Armstrong, Green MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> ADDREF CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Christey> CONFIRM:http://www.apacheweek.com/issues/02-02-01#security Frech> Not apache-rewrite-view-files(5310). CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:apache-rewrite-bypass-directives(8633) ====================================================== Candidate: CAN-2001-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1074 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html Reference: CALDERA:CSSA-2001-019.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt Reference: MANDRAKE:MDKSA-2001:059 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 Reference: XF:webmin-gain-information(6627) Reference: URL:http://xforce.iss.net/static/6627.php Reference: BID:2795 Reference: URL:http://www.securityfocus.com/bid/2795 Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. INFERRED ACTION: CAN-2001-1074 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Baker, Cole, Armstrong, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1079 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020131 Category: CF Reference: AIXAPAR:IY19069 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0000.html Reference: XF:aix-keyfile-world-writable(8923) create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. Modifications: DESC Remove 3.2.0 from AIX version number ADDREF XF:aix-keyfile-world-writable(8923) INFERRED ACTION: CAN-2001-1079 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Baker, Cole, Armstrong, Green MODIFY(2) Bollinger, Frech NOOP(2) Wall, Foat Voter Comments: Bollinger> incorrect. The "REL: 320" in the aixserv email refers to the PSSP version, not the AIX version. Frech> XF: aix-keyfile-world-writable(8923) ====================================================== Candidate: CAN-2001-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-02 Proposed: 20020131 Assigned: 20020131 Category: SF Reference: BUGTRAQ:20010626 Advisory Reference: URL:http://www.securityfocus.com/archive/1/193516 Reference: MISC:http://www.icecast.org/index.html Reference: CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz Reference: DEBIAN:DSA-089 Reference: URL:http://www.debian.org/security/2001/dsa-089 Reference: CALDERA:CSSA-2002-020.0 Reference: BID:2933 Reference: URL:http://www.securityfocus.com/bid/2933 Reference: XF:icecast-http-remote-dos(6751) Reference: URL:http://xforce.iss.net/static/6751.php Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). Modifications: ADDREF CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz DESC update versions. ADDREF DEBIAN:DSA-089 ADDREF CALDERA:CSSA-2002-020.0 INFERRED ACTION: CAN-2001-1083 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(5) Wall, Foat, Cole, Armstrong, Christey Voter Comments: CHANGE> [Green changed vote from REVIEWING to ACCEPT] Christey> CALDERA:CSSA-2002-020.0 ====================================================== Candidate: CAN-2001-1084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1084 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: ALLAIRE:MPSB01-06 Reference: URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://www.iss.net/security_center/static/6793.php Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. INFERRED ACTION: CAN-2001-1084 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1085 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010705 lmail local root exploit Reference: URL:http://www.securityfocus.com/archive/1/195022 Reference: XF:lmail-tmpfile-symlink(6809) Reference: URL:http://xforce.iss.net/static/6809.php Reference: BID:2984 Reference: URL:http://www.securityfocus.com/bid/2984 Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. INFERRED ACTION: CAN-2001-1085 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Frech, Ziese NOOP(5) Wall, Foat, Cole, Armstrong, Green ====================================================== Candidate: CAN-2001-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1088 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing Reference: URL:http://www.securityfocus.com/archive/1/188752 Reference: CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241 Reference: XF:outlook-address-book-spoofing(6655) Reference: URL:http://xforce.iss.net/static/6655.php Reference: BID:2823 Reference: URL:http://www.securityfocus.com/bid/2823 Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. INFERRED ACTION: CAN-2001-1088 FINAL (Final Decision 20020625) Current Votes: ACCEPT(8) Wall, Baker, Foat, Cole, Armstrong, Frech, Ziese, Green ====================================================== Candidate: CAN-2001-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1089 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01 Reference: URL:http://www.securityfocus.com/archive/1/213331 Reference: BID:3314 Reference: URL:http://www.securityfocus.com/bid/3314 Reference: XF:postgresql-nss-authentication-modules(7111) Reference: URL:http://xforce.iss.net/static/7111.php libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. INFERRED ACTION: CAN-2001-1089 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1095 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23401 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflow in uuq in AIX 4 could alllow local users to execute arbitrary code via a long -r parameter. INFERRED ACTION: CAN-2001-1095 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Bollinger, Cole, Armstrong, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1096 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: AIXAPAR:IY23402 Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. INFERRED ACTION: CAN-2001-1096 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Bollinger, Cole, Armstrong, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1099 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/212724 Reference: BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information Reference: URL:http://www.securityfocus.com/archive/1/213762 Reference: XF:nav-exchange-reveal-information(7093) Reference: URL:http://xforce.iss.net/static/7093.php Reference: BID:3305 Reference: URL:http://www.securityfocus.com/bid/3305 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. INFERRED ACTION: CAN-2001-1099 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1100 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011007 Bug found at W3Mail Webmail Reference: URL:http://www.securityfocus.com/archive/1/218921 Reference: CONFIRM:http://www.w3mail.org/ChangeLog Reference: BID:3673 Reference: URL:http://www.securityfocus.com/bid/3673 Reference: XF:w3mail-metacharacters-command-execution(7230) Reference: URL:http://xforce.iss.net/static/7230.php sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. INFERRED ACTION: CAN-2001-1100 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1108 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html Reference: XF:snapstream-dot-directory-traversal(6917) Reference: URL:http://xforce.iss.net/static/6917.php Reference: BID:3100 Reference: URL:http://www.securityfocus.com/bid/3100 Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL. INFERRED ACTION: CAN-2001-1108 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1113 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26 Reference: URL:http://www.securityfocus.com/archive/1/203874 Reference: CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Reference: XF:trollftpd-long-path-bo(6974) Reference: URL:http://xforce.iss.net/static/6974.php Reference: BID:3174 Reference: URL:http://www.securityfocus.com/bid/3174 Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. INFERRED ACTION: CAN-2001-1113 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1116 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020320-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: NTBUGTRAQ:20010802 Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71 Reference: NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724 Reference: XF:identix-biologon-auth-bypass(6948) Reference: URL:http://xforce.iss.net/static/6948.php Reference: BID:3140 Reference: URL:http://www.securityfocus.com/bid/3140 Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. Modifications: CHANGEREF XF [fix typo in tagname] INFERRED ACTION: CAN-2001-1116 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Foat, Cole, Frech, Ziese, Green NOOP(2) Wall, Armstrong ====================================================== Candidate: CAN-2001-1117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1117 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010810 Linksys router security fix Reference: URL:http://www.securityfocus.com/archive/1/203302 Reference: BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port Reference: URL:http://www.securityfocus.com/archive/1/201390 Reference: CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip Reference: XF:linksys-etherfast-reveal-passwords(6949) Reference: URL:http://xforce.iss.net/static/6949.php Reference: BID:3141 Reference: URL:http://www.securityfocus.com/bid/3141 LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. INFERRED ACTION: CAN-2001-1117 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Foat, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Wall ====================================================== Candidate: CAN-2001-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1118 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable Reference: URL:http://www.securityfocus.com/archive/1/201476 Reference: BUGTRAQ:20010802 FW: Security alert: Remote user can access any file Reference: URL:http://www.securityfocus.com/archive/1/201499 Reference: CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html Reference: BID:3145 Reference: URL:http://www.securityfocus.com/bid/3145 Reference: XF:roxen-urlrectifier-retrieve-files(6937) Reference: URL:http://xforce.iss.net/static/6937.php A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL. INFERRED ACTION: CAN-2001-1118 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1119 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CERT-VN:VU#105347 Reference: URL:http://www.kb.cert.org/vuls/id/105347 Reference: SUSE:SuSE-SA:2001:025 Reference: URL:http://www.suse.de/de/support/security/2001_025_xmcd_txt.html Reference: BID:3148 Reference: URL:http://www.securityfocus.com/bid/3148 Reference: XF:xmcd-cda-symlink(6941) Reference: URL:http://xforce.iss.net/static/6941.php cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. INFERRED ACTION: CAN-2001-1119 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1121 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194464 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full Reference: XF:java-servlet-crosssite-scripting(6793) Reference: URL:http://xforce.iss.net/static/6793.php Reference: BID:2983 Reference: URL:http://www.securityfocus.com/bid/2983 Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows remote attackers to execute JavaScript on other clients via a web page URL that references a non-existent JSP file or Servlet, which causes the script to be returned in an error message. INFERRED ACTION: CAN-2001-1121 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1130 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability Reference: URL:http://www.securityfocus.com/archive/1/201216 Reference: SUSE:SuSE-SA:2001:027 Reference: URL:http://www.suse.de/de/support/security/2001_027_sdb_txt.txt Reference: XF:sdbsearch-cgi-command-execution(7003) Reference: URL:http://xforce.iss.net/static/7003.php Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file. INFERRED ACTION: CAN-2001-1130 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1132 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: CONECTIVA:CLA-2001:420 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 Reference: XF:mailman-blank-passwords(7091) Reference: URL:http://xforce.iss.net/static/7091.php Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. INFERRED ACTION: CAN-2001-1132 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(3) Wall, Foat, Armstrong ====================================================== Candidate: CAN-2001-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1141 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a Reference: URL:http://www.securityfocus.com/archive/1/195829 Reference: FREEBSD:FreeBSD-SA-01:51 Reference: URL:http://www.securityfocus.com/advisories/3475 Reference: NETBSD:NetBSD-SA2001-013 Reference: URL:http://www.securityfocus.com/advisories/3512 Reference: CONECTIVA:CLA-2001:418 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418 Reference: MANDRAKE:MDKSA-2001:065 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0 Reference: REDHAT:RHSA-2001:051 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-051.html Reference: ENGARDE:ESA-20010709-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1483.html Reference: BID:3004 Reference: URL:http://www.securityfocus.com/bid/3004 Reference: XF:openssl-prng-brute-force(6823) Reference: URL:http://xforce.iss.net/static/6823.php The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. Modifications: CHANGEREF REDHAT [normalize] INFERRED ACTION: CAN-2001-1141 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Christey, Foat Voter Comments: Christey> Remove version number from REDHAT reference. ====================================================== Candidate: CAN-2001-1144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1144 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty Reference: URL:http://www.securityfocus.com/archive/1/196272 Reference: NTBUGTRAQ:20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558 Reference: CERT-VN:VU#190267 Reference: URL:http://www.kb.cert.org/vuls/id/190267 Reference: BID:3020 Reference: URL:http://www.securityfocus.com/bid/3020 Reference: XF:mcafee-mycio-directory-traversal(6834) Reference: URL:http://www.iss.net/security_center/static/6834.php Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. INFERRED ACTION: CAN-2001-1144 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1146 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: ENGARDE:ESA-20010711-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1492.html Reference: XF:allcommerce-temp-symlink(6830) Reference: URL:http://xforce.iss.net/static/6830.php Reference: BID:3016 Reference: URL:http://online.securityfocus.com/bid/3016 AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. Modifications: DESC fix typo: "teporary" INFERRED ACTION: CAN-2001-1146 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat Voter Comments: Frech> In description, 'teporary' should be 'temporary'. ====================================================== Candidate: CAN-2001-1147 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1147 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011008 pam_limits.so Bug!! Reference: URL:http://www.securityfocus.com/archive/1/219175 Reference: REDHAT:RHSA-2001:132 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-132.html Reference: MANDRAKE:MDKSA-2001:084 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3 Reference: SUSE:SuSE-SA:2001:034 Reference: URL:http://www.suse.de/de/support/security/2001_034_shadow_txt.txt Reference: CIAC:M-009 Reference: URL:http://www.ciac.org/ciac/bulletins/m-009.shtml Reference: BID:3415 Reference: URL:URL:http://www.securityfocus.com/bid/3415 Reference: XF:utillinux-pamlimits-gain-privileges(7266) Reference: URL:http://www.iss.net/security_center/static/7266.php The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. INFERRED ACTION: CAN-2001-1147 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1149 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: VULN-DEV:20010821 RE: Bug report -- Incident number 240649 Reference: URL:http://www.securityfocus.com/archive/82/209328 Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. INFERRED ACTION: CAN-2001-1149 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Ziese, Green NOOP(4) Wall, Foat, Cole, Armstrong ====================================================== Candidate: CAN-2001-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1153 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CALDERA:CSSA-2001-SCO.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0391.html Reference: XF:openunix-lpsystem-bo(7041) Reference: URL:http://www.iss.net/security_center/static/7041.php Reference: BID:3248 Reference: URL:http://online.securityfocus.com/bid/3248 lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument. INFERRED ACTION: CAN-2001-1153 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1155 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: FREEBSD:FreeBSD-SA-01:56 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. INFERRED ACTION: CAN-2001-1155 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Foat, Cole, Armstrong, Ziese, Green NOOP(1) Wall ====================================================== Candidate: CAN-2001-1158 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1158 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: CF Reference: BUGTRAQ:20010709 Check Point FireWall-1 RDP Bypass Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html Reference: BUGTRAQ:20010709 Check Point response to RDP Bypass Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1 Reference: CHECKPOINT:20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx Reference: URL:http://www.checkpoint.com/techsupport/alerts/rdp.html Reference: CERT:CA-2001-17 Reference: URL:http://www.cert.org/advisories/CA-2001-17.html Reference: CERT-VN:VU#310295 Reference: URL:http://www.kb.cert.org/vuls/id/310295 Reference: CIAC:L-109 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-109.shtml Reference: XF:fw1-rdp-bypass(6815) Reference: URL:http://xforce.iss.net/static/6815.php Reference: BID:2952 Reference: URL:http://www.securityfocus.com/bid/2952 Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. INFERRED ACTION: CAN-2001-1158 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1160 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010618 udirectory from Microburst Technologies remote command execution Reference: URL:http://www.securityfocus.com/archive/1/191829 Reference: BID:2884 Reference: URL:http://www.securityfocus.com/bid/2884 Reference: XF:udirectory-remote-command-execution(6706) Reference: URL:http://xforce.iss.net/static/6706.php udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field. INFERRED ACTION: CAN-2001-1160 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Baker, Frech NOOP(6) Wall, Foat, Cole, Armstrong, Ziese, Green Voter Comments: CHANGE> [Baker changed vote from REVIEWING to ACCEPT] Baker> I received confirmation in an email message from the vendor. RE: uDirectory Date: Mon, 20 May 2002 07:52:59 -0400 From: "Bill Weiner" <bweiner@uburst.com> Hello David, I just wanted to follow up with you in regard to: http://online.securityfocus.com/archive/1/191829 ... Again, in that particular scenerio, the $category_file parameter was not being validated, so to correct any possible security problems, the call to the "validate_category_filename" was moved up to the top of the script - directly after the parameters are parsed - to make sure that it is called regardless of the command being processed. FYI: The commented version of the "validate_category_filename" subroutine looks like this: #--------------------------------------------------------------------------- # validate_category_filename() # Subroutine to remove/replace all special characters from the category # file name. # @param $vstring - The string to be validated. # @return Returns the validated string. #--------------------------------------------------------------------------- sub validate_category_filename ====================================================== Candidate: CAN-2001-1161 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1161 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010702 Lotus Domino Server Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194465 Reference: BUGTRAQ:20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/194609 Reference: CERT-VN:VU#642239 Reference: URL:http://www.kb.cert.org/vuls/id/642239 Reference: BID:2962 Reference: URL:http://www.securityfocus.com/bid/2962 Reference: XF:lotus-domino-css(6789) Reference: URL:http://www.iss.net/security_center/static/6789.php Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. INFERRED ACTION: CAN-2001-1161 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1162 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010623 smbd remote file creation vulnerability Reference: URL:http://www.securityfocus.com/archive/1/193027 Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/macroexploit.html Reference: MANDRAKE:MDKSA-2001-062 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3 Reference: HP:HPSBUX0107-157 Reference: URL:http://www.securityfocus.com/advisories/3423 Reference: SGI:20011002-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P Reference: CIAC:L-105 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-105.shtml Reference: IMMUNIX:IMNX-2001-70-027-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01 Reference: CALDERA:CSSA-2001-024.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt Reference: CONECTIVA:CLA-2001:405 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405 Reference: REDHAT:RHSA-2001:086 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-086.html Reference: DEBIAN:DSA-065 Reference: URL:http://www.debian.org/security/2001/dsa-065 Reference: BID:2928 Reference: URL:http://www.securityfocus.com/bid/2928 Reference: XF:samba-netbios-file-creation(6731) Reference: URL:http://xforce.iss.net/static/6731.php Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. INFERRED ACTION: CAN-2001-1162 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1166 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: FREEBSD:FreeBSD-SA-01:55 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc Reference: XF:linprocfs-process-memory-leak(7017) Reference: URL:http://www.iss.net/security_center/static/7017.php Reference: BID:3217 Reference: URL:http://www.securityfocus.com/bid/3217 linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. INFERRED ACTION: CAN-2001-1166 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1172 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1172 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html Reference: CONFIRM:http://www.omnisecure.com/security-alert.html Reference: XF:httprotect-protected-file-symlink(6880) Reference: URL:http://xforce.iss.net/static/6880.php OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. INFERRED ACTION: CAN-2001-1172 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1174 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: REDHAT:RHSA-2001:091 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-091.html Reference: MANDRAKE:MDKSA-2001:067 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php Reference: XF:elm-messageid-bo(6852) Reference: URL:http://xforce.iss.net/static/6852.php Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. INFERRED ACTION: CAN-2001-1174 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1175 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: REDHAT:RHSA-2001:095 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-095.html Reference: XF:vipw-world-readable-files(6851) Reference: URL:http://xforce.iss.net/static/6851.php Reference: BID:3036 Reference: URL:http://www.securityfocus.com/bid/3036 vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. INFERRED ACTION: CAN-2001-1175 FINAL (Final Decision 20020625) Current Votes: ACCEPT(8) Wall, Baker, Foat, Cole, Armstrong, Frech, Ziese, Green ====================================================== Candidate: CAN-2001-1176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1176 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010712 VPN-1/FireWall-1 Format Strings Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/format_strings.html Reference: BID:3021 Reference: URL:http://www.securityfocus.com/bid/3021 Reference: XF:fw1-management-format-string(6849) Reference: URL:http://xforce.iss.net/static/6849.php Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. INFERRED ACTION: CAN-2001-1176 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1177 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html Reference: BID:3008 Reference: URL:http://www.securityfocus.com/bid/3008 Reference: XF:samsung-printer-temp-symlink(6845) Reference: URL:http://xforce.iss.net/static/6845.php ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Modifications: DESC add version number INFERRED ACTION: CAN-2001-1177 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Baker, Frech NOOP(7) Christey, Wall, Foat, Cole, Armstrong, Ziese, Green Voter Comments: Christey> Fixed by vendor in release 0.2.0 (acknowledged via e-mail) CHANGE> [Baker changed vote from REVIEWING to ACCEPT] Baker> Vendor acknowledged via email. Subject: Re: Samsung ML-85G Driver Issue Date: Mon, 13 May 2002 20:11:14 -0300 (GMT+3) From: Rildo Pragana <rildo@pragana.net> To: David Baker <bakerd@mitre.org> Hi David, On Thu, 9 May 2002, David Baker wrote: > I am a security researcher working for CVE (Common > Vulnerabilities and Exposures) project. I am researching a > vulnerability in the ml85p printer driver. I have been > looking to determine if the driver was fixed to correct a > flaw in the way it allowed a symlink attack via temporary > files. The vulnerability was reported on Bugtraq in Jul > 2001, BUGTRAQ:20010717 Samsung ML-85G Printer Linux > Helper/Driver Binary Exploit (Mandrake: ghostscript > package) at > http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html > and is listed in the Security Focus DB at BID 3008 > http://www.securityfocus.com/bid/3008 and as CVE candidate > CAN-2001-1177. I contacted Mandrake, who referred me to > you, as the author of the driver. > > Can you shed any light on whether this was fixed or not? -- This issue was solved at the release 0.2.0, available at Ibiblio: http://ibiblio.org/pub/Linux/hardware/drivers/ml85p-0.2.0.tar.gz If there is something I can do, please let me know. best regards, Rildo ====================================================== Candidate: CAN-2001-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1180 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html Reference: CIAC:L-111 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-111.shtml Reference: CERT-VN:VU#943633 Reference: URL:http://www.kb.cert.org/vuls/id/943633 Reference: FREEBSD:FreeBSD-SA-01:42 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc Reference: XF:bsd-rfork-signal-handlers(6829) Reference: URL:http://xforce.iss.net/static/6829.php Reference: BID:3007 Reference: URL:http://www.securityfocus.com/bid/3007 FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. INFERRED ACTION: CAN-2001-1180 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1183 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: CISCO:20010712 Cisco IOS PPTP Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html Reference: CERT-VN:VU#656315 Reference: URL:http://www.kb.cert.org/vuls/id/656315 Reference: BID:3022 Reference: URL:http://www.securityfocus.com/bid/3022 Reference: XF:cisco-ios-pptp-dos(6835) Reference: URL:http://xforce.iss.net/static/6835.php PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. INFERRED ACTION: CAN-2001-1183 FINAL (Final Decision 20020625) Current Votes: ACCEPT(7) Wall, Baker, Cole, Armstrong, Frech, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1185 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011210 AIO vulnerability Reference: URL:http://www.securityfocus.com/archive/1/244583 Reference: XF:bsd-aio-overwrite-memory(7693) Reference: URL:http://www.iss.net/security_center/static/7693.php Reference: BID:3661 Reference: URL:http://www.securityfocus.com/bid/3661 Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. INFERRED ACTION: CAN-2001-1185 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Foat, Cole, Frech, Green NOOP(2) Wall, Ziese ====================================================== Candidate: CAN-2001-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1193 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011213 EFTP 2.0.8.346 directory content disclosure Reference: URL:http://www.securityfocus.com/archive/1/245393 Reference: CONFIRM:http://www.eftp.org/releasehistory.html Reference: BID:3691 Reference: URL:http://www.securityfocus.com/bid/3691 Reference: XF:eftp-dot-directory-traversal(7699) Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. Modifications: ADDREF XF:eftp-dot-directory-traversal(7699) INFERRED ACTION: CAN-2001-1193 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Ziese, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:eftp-dot-directory-traversal(7699) ====================================================== Candidate: CAN-2001-1199 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1199 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/246044 Reference: CONFIRM:http://www.agoracgi.com/security.html Reference: BID:3702 Reference: URL:http://www.securityfocus.com/bid/3702 Reference: XF:agora-cgi-css(7708) Reference: URL:http://www.iss.net/security_center/static/7708.php Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. INFERRED ACTION: CAN-2001-1199 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1201 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1201 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011217 New Advisory + Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100863301405266&w=2 Reference: BUGTRAQ:20011218 wmcube-gdk is vulnerable to a local exploit Reference: URL:http://online.securityfocus.com/archive/1/246273 Reference: CONFIRM:http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz Reference: BID:3706 Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3706 Reference: XF:wmcubegdk-object-file-bo(7720) Reference: URL:http://www.iss.net/security_center/static/7720.php Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file. INFERRED ACTION: CAN-2001-1201 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1203 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1203 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: DEBIAN:DSA-095 Reference: URL:http://www.debian.org/security/2001/dsa-095 Reference: XF:linux-gpm-format-string(7748) Reference: BID:3750 Reference: URL:http://online.securityfocus.com/bid/3750 Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. Modifications: ADDREF XF:linux-gpm-format-string(7748) ADDREF BID:3750 INFERRED ACTION: CAN-2001-1203 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Foat, Cole, Ziese, Green MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-gpm-format-string(7748) http://online.securityfocus.com/bid/3750 ====================================================== Candidate: CAN-2001-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1215 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20011220 [CERT-intexxia] pfinger Format String Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/246656 Reference: CONFIRM:http://www.xelia.ch/unix/pfinger/ChangeLog Reference: XF:pfinger-plan-format-string(7742) Reference: URL:http://www.iss.net/security_center/static/7742.php Reference: BID:3725 Reference: URL:http://online.securityfocus.com/bid/3725 Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file. INFERRED ACTION: CAN-2001-1215 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2001-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1227 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020411 Category: SF Reference: REDHAT:RHSA-2001:115 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-115.html Reference: MANDRAKE:MDKSA-2001:080 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 Reference: BID:3425 Reference: URL:http://online.securityfocus.com/bid/3425 Reference: XF:zope-fmt-access-methods(7271) Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. Modifications: ADDREF XF:zope-fmt-access-methods(7271) INFERRED ACTION: CAN-2001-1227 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Cox, Green MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> XF:zope-fmt-access-methods(7271) ====================================================== Candidate: CAN-2001-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1231 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010814 Fwd: Security Alert: Groupwise - Action Required Reference: URL:http://www.securityfocus.com/archive/1/204672 Reference: CONFIRM:http://support.novell.com/padlock/details.htm Reference: XF:novell-groupwise-admin-privileges(6998) Reference: URL:http://xforce.iss.net/static/6998.php Reference: BID:3189 Reference: URL:http://www.securityfocus.com/bid/3189 GroupWise 5.5 and 6 running in live remove or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. INFERRED ACTION: CAN-2001-1231 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(4) Wall, Foat, Cole, Cox ====================================================== Candidate: CAN-2001-1234 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1234 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CONFIRM:http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz Reference: BID:3397 Reference: URL:http://www.securityfocus.com/bid/3397 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. INFERRED ACTION: CAN-2001-1234 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1235 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1235 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/21800 Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Reference: BID:3395 Reference: URL:http://www.securityfocus.com/bid/3395 pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. INFERRED ACTION: CAN-2001-1235 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1236 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Reference: BID:3394 Reference: URL:http://www.securityfocus.com/bid/3394 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. INFERRED ACTION: CAN-2001-1236 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1237 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CONFIRM:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz Reference: BID:3393 Reference: URL:http://www.securityfocus.com/bid/3393 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://xforce.iss.net/static/7215.php Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. INFERRED ACTION: CAN-2001-1237 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1240 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: ENGARDE:ESA-20010711-02 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1493.html The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. INFERRED ACTION: CAN-2001-1240 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Cole, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1246 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1246 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010630 php breaks safe mode Reference: URL:http://online.securityfocus.com/archive/1/194425 Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz Reference: BID:2954 Reference: URL:http://online.securityfocus.com/bid/2954 Reference: XF:php-safemode-elevate-privileges(6787) Reference: URL:http://www.iss.net/security_center/static/6787.php PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. INFERRED ACTION: CAN-2001-1246 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Cox, Green NOOP(2) Wall, Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2001-1247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1247 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010630 php breaks safe mode Reference: URL:http://online.securityfocus.com/archive/1/194425 Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz Reference: REDHAT:RHSA-2002:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. Modifications: ADDREF REDHAT:RHSA-2002:035 INFERRED ACTION: CAN-2001-1247 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Cox, Green NOOP(2) Wall, Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] Cox> ADDREF: RHSA-2002:035 ====================================================== Candidate: CAN-2001-1252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1252 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: CF Reference: BUGTRAQ:20010928 SNS-43: PGP Keyserver Permissions Misconfiguration Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html Reference: CONFIRM:http://www.pgp.com/support/product-advisories/keyserver.asp Reference: XF:pgp-keyserver-http-dos(7203) Reference: URL:http://www.iss.net/security_center/static/7203.php Reference: BID:3375 Reference: URL:http://online.securityfocus.com/bid/3375 Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. INFERRED ACTION: CAN-2001-1252 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(4) Wall, Foat, Cole, Cox ====================================================== Candidate: CAN-2001-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1266 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONFIRM:http://dnhttpd.sourceforge.net/changelog.html Reference: MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. INFERRED ACTION: CAN-2001-1266 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Cole, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1276 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010621 ispell update -- Immunix OS 6.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99317439131174&w=2 Reference: IMMUNIX:IMNX-2001-62-004-01 Reference: URL:http://download.immunix.org/ImmunixOS/6.2/updates/IMNX-2001-62-004-01 Reference: MANDRAKE:MDKSA-2001:058 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-058.php3 Reference: REDHAT:RHSA-2001:074 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-074.html ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. INFERRED ACTION: CAN-2001-1276 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Cox, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1277 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010611 man 1.5h10 + man 1.5i-4 exploits Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99227597227747&w=2 Reference: REDHAT:RHSA-2001:072 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805 makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. Modifications: DESC say "in group man" INFERRED ACTION: CAN-2001-1277 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Wall, Cole, Green MODIFY(1) Cox NOOP(1) Foat Voter Comments: Cox> "in group man" rather than "with man privileges" is more precise ====================================================== Candidate: CAN-2001-1295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1295 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: CONFIRM:http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes Reference: MISC:http://www.securiteam.com/windowsntfocus/5SP0M0055W.html Reference: XF:cerberus-ftp-directory-traversal(7004) Reference: URL:http://www.iss.net/security_center/static/7004.php Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. INFERRED ACTION: CAN-2001-1295 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Frech, Green NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2001-1297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1297 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=58331 Reference: BID:3384 Reference: URL:http://www.securityfocus.com/bid/3384 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Actionpoll PHP script before 1.1.2 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1297 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1299 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1299 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20011002 results of semi-automatic source code audit Reference: URL:http://www.securityfocus.com/archive/1/218000 Reference: CERT-VN:VU#847803 Reference: URL:http://www.kb.cert.org/vuls/id/847803 Reference: CONFIRM:http://www.come.to/zorbat/ Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JARL-53RJKV Reference: BID:3386 Reference: URL:http://www.securityfocus.com/bid/3386 Reference: XF:php-includedir-code-execution(7215) Reference: URL:http://www.iss.net/security_center/static/7215.php Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. INFERRED ACTION: CAN-2001-1299 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2001-1322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1322 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: REDHAT:RHSA-2001:075 Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html Reference: DEBIAN:DSA-063 Reference: URL:http://www.debian.org/security/2001/dsa-063 Reference: ENGARDE:ESA-20010621-01 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html Reference: FREEBSD:FreeBSD-SA-01:47 Reference: URL:http://online.securityfocus.com/advisories/3446 Reference: SUSE:SuSE-SA:2001:022 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99384417013990&w=2 Reference: CONECTIVA:CLA-2001:404 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404 Reference: MANDRAKE:MDKSA-2001:055 Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3 Reference: IMMUNIX:IMNX-2001-70-024-01 Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01 Reference: XF:xinetd-insecure-permissions(6657) Reference: URL:http://www.iss.net/security_center/static/6657.php Reference: BID:2826 Reference: URL:http://online.securityfocus.com/bid/2826 xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. INFERRED ACTION: CAN-2001-1322 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Cox, Green NOOP(1) Foat ====================================================== Candidate: CAN-2001-1342 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1342 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010412 Apache Win32 8192 chars string bug Reference: URL:http://online.securityfocus.com/archive/1/176144 Reference: BUGTRAQ:20010522 [Announce] Apache 1.3.20 Released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99054258728748&w=2 Reference: CONFIRM:http://www.apacheweek.com/issues/01-05-25 Reference: CONFIRM:http://bugs.apache.org/index.cgi/full/7522 Reference: XF:apache-server-dos(6527) Reference: URL:http://www.iss.net/security_center/static/6527.php Reference: BID:2740 Reference: URL:http://online.securityfocus.com/bid/2740 Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. Modifications: DESC Change DoS expansion INFERRED ACTION: CAN-2001-1342 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Frech, Green MODIFY(1) Cox Voter Comments: Cox> ADDREF http://www.apacheweek.com/issues/01-05-25 The DOS here isn't the crash, it's the fact that the crash causes a GPF fault message box that has to be cleared by the operator ====================================================== Candidate: CAN-2001-1345 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1345 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20010604 Fatal flaw in BestCrypt <= v0.7 (Linux) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0005.html Reference: CONFIRM:http://www.jetico.com/index.htm#/linux.htm Reference: XF:bestcrypt-bctool-gain-privileges(6648) Reference: URL:http://xforce.iss.net/static/6648.php Reference: BID:2820 Reference: URL:http://www.securityfocus.com/bid/2820 bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. INFERRED ACTION: CAN-2001-1345 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(3) Wall, Foat, Cox ====================================================== Candidate: CAN-2002-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0002 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020102 Category: SF Reference: MISC:http://marc.theaimsgroup.com/?l=stunnel-users&m=100869449828705&w=2 Reference: BUGTRAQ:20011227 Stunnel: Format String Bug in versions <3.22 Reference: URL:http://online.securityfocus.com/archive/1/247427 Reference: BUGTRAQ:20020102 Stunnel: Format String Bug update Reference: URL:http://online.securityfocus.com/archive/1/248149 Reference: CONFIRM:http://stunnel.mirt.net/news.html Reference: REDHAT:RHSA-2002:002 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html Reference: MANDRAKE:MDKSA-2002:004 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 Reference: XF:stunnel-client-format-string(7741) Reference: BID:3748 Reference: URL:http://online.securityfocus.com/bid/3748 Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Modifications: ADDREF XF:stunnel-client-format-string(7741) ADDREF MANDRAKE:MDKSA-2002:004 ADDREF BID:3748 ADDREF BUGTRAQ:20011227 Stunnel: Format String Bug in versions <3.22 ADDREF BUGTRAQ:20020102 Stunnel: Format String Bug update INFERRED ACTION: CAN-2002-0002 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Baker, Cole, Green MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:stunnel-client-format-string(7741) Christey> Consider adding BID:3748 ====================================================== Candidate: CAN-2002-0003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0003 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020102 Category: SF Reference: REDHAT:RHSA-2002:004 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html Reference: MANDRAKE:MDKSA-2002:012 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php Reference: HP:HPSBTL0201-014 Reference: URL:http://online.securityfocus.com/advisories/3793 Reference: XF:linux-groff-preprocessor-bo(7881) Reference: BID:3869 Reference: URL:http://www.securityfocus.com/bid/3869 Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. Modifications: ADDREF MANDRAKE:MDKSA-2002:012 ADDREF XF:linux-groff-preprocessor-bo(7881) ADDREF BID:3869 ADDREF HP:HPSBTL0201-014 INFERRED ACTION: CAN-2002-0003 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Baker, Cole, Green MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2002:012 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php Frech> XF:linux-groff-preprocessor-bo(7881) Christey> MANDRAKE:MDKSA-2002:012 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php3 Christey> Consider adding BID:3869 ====================================================== Candidate: CAN-2002-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0004 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020102 Category: SF Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101128661602088&w=2 Reference: DEBIAN:DSA-102 Reference: URL:http://www.debian.org/security/2002/dsa-102 Reference: SUSE:SuSE-SA:2002:003 Reference: URL:http://www.suse.de/de/support/security/2002_003_at_txt.txt Reference: MANDRAKE:MDKSA-2002:007 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101147632721031&w=2 Reference: REDHAT:RHSA-2002:015 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html Reference: HP:HPSBTL0201-021 Reference: URL:http://online.securityfocus.com/advisories/3833 Reference: HP:HPSBTL0302-034 Reference: URL:http://online.securityfocus.com/advisories/3969 Reference: XF:linux-at-exetime-heap-corruption(7909) Reference: BID:3886 Reference: URL:http://www.securityfocus.com/bid/3886 Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. Modifications: ADDREF XF:linux-at-exetime-heap-corruption(7909) ADDREF HP:HPSBTL0201-021 ADDREF HP:HPSBTL0302-034 ADDREF BID:3886 INFERRED ACTION: CAN-2002-0004 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Baker, Cole, Green MODIFY(1) Frech NOOP(2) Foat, Christey Voter Comments: Frech> XF:linux-at-exetime-heap-corruption(7909) Christey> Consider adding BID:3886 ====================================================== Candidate: CAN-2002-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0007 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020109 Category: SF Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901 Reference: XF:bugzilla-ldap-auth-bypass(7812) CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. Modifications: ADDREF XF:bugzilla-ldap-auth-bypass(7812) INFERRED ACTION: CAN-2002-0007 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(2) Wall, Foat Voter Comments: Frech> XF:bugzilla-ldap-auth-bypass(7812) ====================================================== Candidate: CAN-2002-0018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0018 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-001 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-001.asp Reference: BID:3997 Reference: URL:http://www.securityfocus.com/bid/3997 In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. Modifications: ADDREF BID:3997 INFERRED ACTION: CAN-2002-0018 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:3997 ====================================================== Candidate: CAN-2002-0020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0020 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-004.asp Reference: BID:4061 Reference: URL:http://www.securityfocus.com/bid/4061 Reference: XF:ms-telnet-option-bo(8094) Reference: URL:http://www.iss.net/security_center/static/8094.php Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. INFERRED ACTION: CAN-2002-0020 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green ====================================================== Candidate: CAN-2002-0021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0021 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-002.asp Reference: BID:4045 Reference: URL:http://www.securityfocus.com/bid/4045 Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. Modifications: ADDREF BID:4045 INFERRED ACTION: CAN-2002-0021 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4045 ====================================================== Candidate: CAN-2002-0022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0022 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2 Reference: BUGTRAQ:20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general) Reference: URL:http://online.securityfocus.com/archive/1/258614 Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: CERT:CA-2002-04 Reference: URL:http://www.cert.org/advisories/CA-2002-04.html Reference: XF:ie-html-directive-bo(8116) Reference: URL:http://www.iss.net/security_center/static/8116.php Reference: BID:4080 Reference: URL:http://www.securityfocus.com/bid/4080 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. Modifications: ADDREF BID:4080 ADDREF BUGTRAQ:20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general) INFERRED ACTION: CAN-2002-0022 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4080 ====================================================== Candidate: CAN-2002-0023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0023 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20020101 IE GetObject() problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:3767 Reference: URL:http://www.securityfocus.com/bid/3767 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. INFERRED ACTION: CAN-2002-0023 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green ====================================================== Candidate: CAN-2002-0025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0025 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically Reference: URL:http://online.securityfocus.com/archive/1/255767 Reference: BID:4085 Reference: URL:http://online.securityfocus.com/bid/4085 Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. Modifications: ADDREF BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically ADDREF BID:4085 INFERRED ACTION: CAN-2002-0025 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green NOOP(1) Christey Voter Comments: Christey> BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically URL:http://online.securityfocus.com/archive/1/255767 BID:4085 URL:http://online.securityfocus.com/bid/4085 ====================================================== Candidate: CAN-2002-0026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0026 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020114 Category: SF Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:4082 Reference: URL:http://online.securityfocus.com/bid/4082 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. Modifications: ADDREF BID:4082 INFERRED ACTION: CAN-2002-0026 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4082 ====================================================== Candidate: CAN-2002-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0027 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020114 Category: SF Reference: BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug Reference: URL:http://www.securityfocus.com/archive/1/246522 Reference: MS:MS02-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-005.asp Reference: BID:3721 Reference: URL:http://www.securityfocus.com/bid/3721 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. INFERRED ACTION: CAN-2002-0027 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green ====================================================== Candidate: CAN-2002-0028 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0028 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020116 Category: SF Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101043894627851&w=2 Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101043076806401&w=2 Reference: CERT:CA-2002-02 Reference: URL:http://www.cert.org/advisories/CA-2002-02.html Reference: CERT-VN:VU#570167 Reference: URL:http://www.kb.cert.org/vuls/id/570167 Reference: BID:3813 Reference: URL:http://www.securityfocus.com/bid/3813 Reference: XF:aim-game-overflow(7743) Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. Modifications: ADDREF XF:aim-game-overflow(7743) INFERRED ACTION: CAN-2002-0028 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Baker, Cole, Green MODIFY(1) Frech NOOP(1) Foat Voter Comments: Frech> (Review whether issue is misassigned.) CHANGE> [Frech changed vote from REVIEWING to MODIFY] Frech> XF:aim-game-overflow(7743) ====================================================== Candidate: CAN-2002-0038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0038 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020116 Category: SF Reference: SGI:20020102-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I Reference: SGI:20020102-02-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I Reference: SGI:20020102-03-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P Reference: XF:irix-nsd-cache-dos(7907) Reference: BID:3882 Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. Modifications: ADDREF XF:irix-nsd-cache-dos(7907) ADDREF BID:3882 INFERRED ACTION: CAN-2002-0038 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:irix-nsd-cache-dos(7907) Christey> Consider adding BID:3882 Christey> BID:3882 ====================================================== Candidate: CAN-2002-0040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0040 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020116 Category: SF Reference: SGI:20020306-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P Reference: XF:irix-hostaliases-gain-privileges(8669) Reference: URL:http://www.iss.net/security_center/static/8669.php Reference: BID:4388 Reference: URL:http://www.securityfocus.com/bid/4388 Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges. Modifications: ADDREF XF:irix-hostaliases-gain-privileges(8669) ADDREF BID:4388 INFERRED ACTION: CAN-2002-0040 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Cox, Christey Voter Comments: Christey> Consider adding BID:4388 Christey> XF:irix-hostaliases-gain-privileges(8669) URL:http://www.iss.net/security_center/static/8669.php BID:4388 URL:http://www.securityfocus.com/bid/4388 ====================================================== Candidate: CAN-2002-0043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0043 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020122 Category: SF Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd) Reference: URL:http://www.securityfocus.com/archive/1/250168 Reference: REDHAT:RHSA-2002:013 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html Reference: REDHAT:RHSA-2002:011 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html Reference: CONECTIVA:CLA-2002:451 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 Reference: ENGARDE:ESA-20020114-001 Reference: SUSE:SuSE-SA:2002:002 Reference: URL:http://www.suse.de/de/support/security/2002_002_sudo_txt.txt Reference: MANDRAKE:MDKSA-2002:003 Reference: DEBIAN:DSA-101 Reference: IMMUNIX:IMNX-2002-70-001-01 Reference: URL:http://www.securityfocus.com/advisories/3800 Reference: FREEBSD:FreeBSD-SA-02:06 Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2 Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html Reference: XF:sudo-unclean-env-root(7891) Reference: URL:http://xforce.iss.net/static/7891.php Reference: BID:3871 Reference: URL:http://www.securityfocus.com/bid/3871 sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. Modifications: ADDREF MANDRAKE:MDKSA-2002:003 ADDREF DEBIAN:DSA-101 ADDREF IMMUNIX:IMNX-2002-70-001-01 ADDREF FREEBSD:FreeBSD-SA-02:06 CHANGEREF REDHAT [normalize] INFERRED ACTION: CAN-2002-0043 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Green NOOP(2) Foat, Christey Voter Comments: Christey> MANDRAKE:MDKSA-2002:003 DEBIAN:DSA-101 IMMUNIX:IMNX-2002-70-001-01 URL:http://www.securityfocus.com/advisories/3800 FREEBSD:FreeBSD-SA-02:06 Normalize refs: REDHAT:RHSA-2002-011, REDHAT:RHSA-2002-013 ====================================================== Candidate: CAN-2002-0044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0044 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: REDHAT:RHSA-2002-012 Reference: URL:https://www.redhat.com/support/errata/RHSA-2002-012.html Reference: HP:HPSBTL0201-019 Reference: URL:http://www.securityfocus.com/advisories/3818 Reference: MANDRAKE:MDKSA-2002:010 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3 Reference: DEBIAN:DSA-105 Reference: URL:http://www.debian.org/security/2002/dsa-105 Reference: XF:gnu-enscript-tmpfile-symlink(7932) Reference: URL:http://xforce.iss.net/static/7932.php Reference: BID:3920 Reference: URL:http://www.securityfocus.com/bid/3920 GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. INFERRED ACTION: CAN-2002-0044 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Green NOOP(1) Foat ====================================================== Candidate: CAN-2002-0045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0045 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020122 Category: SF Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html Reference: CALDERA:CSSA-2002-001.0 Reference: MANDRAKE:MDKSA-2002:013 Reference: REDHAT:RHSA-2002:014 Reference: XF:openldap-slapd-delete-attributes(7978) slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes which would otherwise be protected by ACLs. Modifications: ADDREF XF:openldap-slapd-delete-attributes(7978) ADDREF CALDERA:CSSA-2002-001.0 ADDREF MANDRAKE:MDKSA-2002:013 ADDREF REDHAT:RHSA-2002:014 INFERRED ACTION: CAN-2002-0045 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Baker, Cole, Green MODIFY(1) Frech NOOP(3) Wall, Foat, Christey Voter Comments: Frech> XF:openldap-slapd-delete-attributes(7978) Christey> CALDERA:CSSA-2002-001.0 MANDRAKE:MDKSA-2002:013 ====================================================== Candidate: CAN-2002-0046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0046 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020131 Assigned: 20020122 Category: SF Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp Reference: URL:http://www.securityfocus.com/archive/1/251418 Reference: REDHAT:RHSA-2002-007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html Reference: XF:icmp-read-memory(7998) Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. Modifications: ADDREF XF:icmp-read-memory(7998) INFERRED ACTION: CAN-2002-0046 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Foat, Cole, Green MODIFY(1) Frech Voter Comments: Frech> XF:icmp-read-memory(7998) ====================================================== Candidate: CAN-2002-0047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0047 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020131 Assigned: 20020122 Category: SF Reference: DEBIAN:DSA-104 Reference: URL:http://www.debian.org/security/2002/dsa-104 Reference: REDHAT:RHSA-2002:007 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html Reference: XF:cipe-packet-handling-dos(7883) Reference: URL:http://xforce.iss.net/static/7883.php CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. INFERRED ACTION: CAN-2002-0047 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Baker, Cole, Frech, Green NOOP(1) Foat ====================================================== Candidate: CAN-2002-0049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0049 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020202 Category: CF Reference: MS:MS02-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-003.asp Reference: BID:4053 Reference: URL:http://www.securityfocus.com/bid/4053 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. INFERRED ACTION: CAN-2002-0049 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green ====================================================== Candidate: CAN-2002-0050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0050 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-010 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-010.asp Reference: BID:4157 Reference: URL:http://online.securityfocus.com/bid/4157 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. INFERRED ACTION: CAN-2002-0050 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green ====================================================== Candidate: CAN-2002-0051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0051 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain) Reference: URL:http://online.securityfocus.com/archive/1/244329 Reference: MS:MS02-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-016.asp Reference: BID:4438 Reference: URL:http://online.securityfocus.com/bid/4438 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Modifications: ADDREF BID:4438 INFERRED ACTION: CAN-2002-0051 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Foat, Cole, Green NOOP(2) Cox, Christey Voter Comments: Christey> Consider adding BID:4438 Christey> XF:win2k-group-policy-block(8759) URL:http://www.iss.net/security_center/static/8759.php ====================================================== Candidate: CAN-2002-0052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0052 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020202 Category: SF Reference: MS:MS02-009 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-009.asp Reference: BID:4158 Reference: URL:http://online.securityfocus.com/bid/4158 Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. INFERRED ACTION: CAN-2002-0052 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green ====================================================== Candidate: CAN-2002-0055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0055 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101558498401274&w=2 Reference: MS:MS02-012 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-012.asp Reference: XF:ms-smtp-data-transfer-dos(8307) Reference: URL:http://www.iss.net/security_center/static/8307.php Reference: BID:4204 Reference: URL:http://www.securityfocus.com/bid/4204 SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request. Modifications: ADDREF XF:ms-smtp-data-transfer-dos(8307) ADDREF BID:4204 INFERRED ACTION: CAN-2002-0055 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4204 Christey> XF:ms-smtp-data-transfer-dos(8307) URL:http://www.iss.net/security_center/static/8307.php BID:4204 URL:http://www.securityfocus.com/bid/4204 ====================================================== Candidate: CAN-2002-0057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0057 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020202 Category: SF Reference: BUGTRAQ:20011214 MSIE6 can read local files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html Reference: BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101366383408821&w=2 Reference: MS:MS02-008 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-008.asp Reference: BID:3699 Reference: URL:http://online.securityfocus.com/bid/3699 Reference: XF:ie-xmlhttp-redirect(7712) XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. Modifications: ADDREF XF:ie-xmlhttp-redirect(7712) INFERRED ACTION: CAN-2002-0057 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Ziese, Green MODIFY(1) Frech Voter Comments: Frech> XF:ie-xmlhttp-redirect(7712) ====================================================== Candidate: CAN-2002-0059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0059 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020207 Category: SF Reference: BUGTRAQ:20020311 security problem fixed in zlib 1.1.4 Reference: BUGTRAQ:20020312 exploiting the zlib bug in openssh Reference: VULNWATCH:20020312 exploiting the zlib bug in openssh Reference: VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability Reference: BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) Reference: BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh Reference: BUGTRAQ:20020312 zlib & java Reference: BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability Reference: BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Reference: BUGTRAQ:20020314 about zlib vulnerability Reference: BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected Reference: BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products Reference: BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability Reference: CERT:CA-2002-07 Reference: CERT-VN:VU#368819 Reference: URL:http://www.kb.cert.org/vuls/id/368819 Reference: DEBIAN:DSA-122 Reference: REDHAT:RHSA-2002:026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html Reference: REDHAT:RHSA-2002:027 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-027.html Reference: SUSE:SuSE-SA:2002:010 Reference: SUSE:SuSE-SA:2002:011 Reference: ENGARDE:ESA-20020311-008 Reference: MANDRAKE:MDKSA-2002:022 Reference: MANDRAKE:MDKSA-2002:023 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php Reference: CALDERA:CSSA-2002-014.1 Reference: CALDERA:CSSA-2002-015.1 Reference: CONECTIVA:CLA-2002:469 Reference: HP:HPSBTL0204-030 Reference: HP:HPSBTL0204-036 Reference: HP:HPSBTL0204-037 Reference: MANDRAKE:MDKSA-2002:024 Reference: CISCO:20020403 Vulnerability in the zlib Compression Library Reference: OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002 Reference: FREEBSD:FreeBSD-SA-02:18 Reference: BUGTRAQ:20020318 TSLSA-2002-0040 - zlib Reference: BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Reference: BID:4267 Reference: URL:http://online.securityfocus.com/bid/4267 Reference: XF:zlib-doublefree-memory-corruption(8427) The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. Modifications: CHANGEREF BUGTRAQ change some dates from 20020212 to 20020312 ADDREF BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) ADDREF BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh ADDREF BUGTRAQ:20020312 zlib & java ADDREF BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability ADDREF BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris ADDREF BUGTRAQ:20020314 about zlib vulnerability ADDREF BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability ADDREF BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products ADDREF FREEBSD:FreeBSD-SA-02:18 ADDREF BUGTRAQ:20020318 TSLSA-2002-0040 - zlib ADDREF BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) ADDREF CALDERA:CSSA-2002-014.1 ADDREF CALDERA:CSSA-2002-015.1 ADDREF CONECTIVA:CLA-2002:469 ADDREF HP:HPSBTL0204-030 ADDREF HP:HPSBTL0204-036 ADDREF HP:HPSBTL0204-037 ADDREF MANDRAKE:MDKSA-2002:024 ADDREF CISCO:20020403 Vulnerability in the zlib Compression Library ADDREF OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002 ADDREF XF:zlib-doublefree-memory-corruption(8427) ADDREF BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected INFERRED ACTION: CAN-2002-0059 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Need to change dates of Bugtraq and Vulnwatch posts from 20020212 to 20020312 for "exploiting the zlib bug in openssh" BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh BUGTRAQ:20020312 zlib & java BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris BUGTRAQ:20020314 about zlib vulnerability BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products FREEBSD:FreeBSD-SA-02:18 BUGTRAQ:20020318 TSLSA-2002-0040 - zlib BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions) CALDERA:CSSA-2002-014.1 CALDERA:CSSA-2002-015.1 CONECTIVA:CLA-2002:469 HP:HPSBTL0204-030 HP:HPSBTL0204-036 HP:HPSBTL0204-037 MANDRAKE:MDKSA-2002:024 CISCO:20020403 Vulnerability in the zlib Compression Library OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002 XF:zlib-doublefree-memory-corruption(8427) BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected ====================================================== Candidate: CAN-2002-0060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0060 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020213 Category: SF Reference: BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101483396412051&w=2 Reference: VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101486352429653&w=2 Reference: CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html Reference: REDHAT:RHSA-2002:028 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-028.html IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. INFERRED ACTION: CAN-2002-0060 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Ziese, Green NOOP(1) Foat ====================================================== Candidate: CAN-2002-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0063 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020217 Category: SF Reference: CONFIRM:http://www.cups.org/relnotes.html Reference: DEBIAN:DSA-110 Reference: URL:http://www.debian.org/security/2002/dsa-110 Reference: MANDRAKE:MDKSA-2002:015 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php Reference: REDHAT:RHSA-2002:032 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-032.html Reference: SUSE:SuSE-SA:2002:005 Reference: SUSE:SuSE-SA:2002:006 Reference: CALDERA:CSSA-2002-008.0 Reference: CONECTIVA:CLA-2002:471 Reference: XF:cups-ippread-bo(8192) Reference: BID:4100 Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. Modifications: ADDREF REDHAT:RHSA-2002:032 ADDREF SUSE:SuSE-SA:2002:005 ADDREF SUSE:SuSE-SA:2002:006 ADDREF CALDERA:CSSA-2002-008.0 ADDREF XF:cups-ippread-bo(8192) ADDREF BID:4100 ADDREF CONECTIVA:CLA-2002:471 INFERRED ACTION: CAN-2002-0063 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Ziese, Green NOOP(2) Foat, Christey Voter Comments: Christey> REDHAT:RHSA-2002:032 URL:http://www.redhat.com/support/errata/RHSA-2002-032.html SUSE:SuSE-SA:2002:005 SUSE:SuSE-SA:2002:006 Christey> SUSE:SuSE-SA:2002:005 Christey> REDHAT:RHSA-2002:032 CALDERA:CSSA-2002-008.0 XF:cups-ippread-bo(8192) BID:4100 SUSE:SuSE-SA:2002:006 SUSE:SuSE-SA:2002:005 CONECTIVA:CLA-2002:471 ====================================================== Candidate: CAN-2002-0064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0064 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020219 Category: CF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Reference: XF:funk-proxy-insecure-permissions(8791) Reference: URL:http://www.iss.net/security_center/static/8791.php Reference: BID:4458 Reference: URL:http://www.securityfocus.com/bid/4458 Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system. Modifications: ADDREF XF:funk-proxy-insecure-permissions(8791) ADDREF BID:4458 INFERRED ACTION: CAN-2002-0064 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Cox, Christey Voter Comments: Christey> XF:funk-proxy-insecure-permissions(8791) URL:http://www.iss.net/security_center/static/8791.php BID:4458 URL:http://www.securityfocus.com/bid/4458 ====================================================== Candidate: CAN-2002-0065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0065 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020219 Category: SF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Reference: XF:funk-proxy-weak-password(8792) Reference: URL:http://www.iss.net/security_center/static/8792.php Reference: BID:4459 Reference: URL:http://www.securityfocus.com/bid/4459 Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry. Modifications: ADDREF XF:funk-proxy-weak-password(8792) ADDREF BID:4459 INFERRED ACTION: CAN-2002-0065 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Cox, Christey Voter Comments: Christey> XF:funk-proxy-weak-password(8792) URL:http://www.iss.net/security_center/static/8792.php BID:4459 URL:http://www.securityfocus.com/bid/4459 ====================================================== Candidate: CAN-2002-0066 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0066 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020219 Category: SF Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html Reference: XF:funk-proxy-named-pipe(8793) Reference: URL:http://www.iss.net/security_center/static/8793.php Reference: BID:4460 Reference: URL:http://www.securityfocus.com/bid/4460 Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges. Modifications: ADDREF XF:funk-proxy-named-pipe(8793) ADDREF BID:4460 INFERRED ACTION: CAN-2002-0066 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(4) Wall, Foat, Cox, Christey Voter Comments: Christey> XF:funk-proxy-named-pipe(8793) URL:http://www.iss.net/security_center/static/8793.php BID:4460 URL:http://www.securityfocus.com/bid/4460 ====================================================== Candidate: CAN-2002-0070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0070 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101594127017290&w=2 Reference: VULNWATCH:20020311 [VulnWatch] ADVISORY: Windows Shell Overflow Reference: NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404 Reference: MS:MS02-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-014.asp Reference: XF:win-shell-bo(8384) Reference: URL:http://www.iss.net/security_center/static/8384.php Reference: BID:4248 Reference: URL:http://www.securityfocus.com/bid/4248 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. Modifications: ADDREF XF:win-shell-bo(8384) ADDREF BID:4248 ADDREF BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow INFERRED ACTION: CAN-2002-0070 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> XF:win-shell-bo(8384) URL:http://www.iss.net/security_center/static/8384.php BID:4248 URL:http://www.securityfocus.com/bid/4248 BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101594127017290&w=2 ====================================================== Candidate: CAN-2002-0078 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0078 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020221 Category: SF Reference: BUGTRAQ:20020330 IE: Remote webpage can script in local zone Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101781180528301&w=2 Reference: MS:MS02-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-015.asp Reference: BID:4392 Reference: URL:http://www.securityfocus.com/bid/4392 Reference: XF:ie-cookie-local-zone(8701) Reference: URL:http://www.iss.net/security_center/static/8701.php The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. Modifications: ADDREF BID:4392 ADDREF XF:ie-cookie-local-zone(8701) ADDREF BUGTRAQ:20020330 IE: Remote webpage can script in local zone INFERRED ACTION: CAN-2002-0078 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Frech, Green NOOP(2) Cox, Christey Voter Comments: Christey> Consider adding BID:4392 Christey> BUGTRAQ:20020330 IE: Remote webpage can script in local zone URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101781180528301&w=2 XF:ie-cookie-local-zone(8701) URL:http://www.iss.net/security_center/static/8701.php BID:4392 URL:http://www.securityfocus.com/bid/4392 ====================================================== Candidate: CAN-2002-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0080 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020221 Category: SF Reference: REDHAT:RHSA-2002:026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html Reference: MANDRAKE:MDKSA-2002:024 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 Reference: CALDERA:CSSA-2002-014.1 Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt Reference: XF:linux-rsync-inherit-privileges(8463) Reference: URL:http://www.iss.net/security_center/static/8463.php Reference: BID:4285 Reference: URL:http://www.securityfocus.com/bid/4285 rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. Modifications: DESC Add "when running in daemon mode" ADDREF CALDERA:CSSA-2002-014.1 ADDREF XF:linux-rsync-inherit-privileges(8463) ADDREF BID:4285 INFERRED ACTION: CAN-2002-0080 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Ziese, Green NOOP(2) Foat, Christey Voter Comments: Christey> CALDERA:CSSA-2002-014.1 URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt XF:linux-rsync-inherit-privileges(8463) URL:http://www.iss.net/security_center/static/8463.php BID:4285 URL:http://www.securityfocus.com/bid/4285 Add "when running in daemon mode" to description. ====================================================== Candidate: CAN-2002-0081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020227 Category: SF Reference: VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101468694824998&w=2 Reference: BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101484705523351&w=2 Reference: NTBUGTRAQ:20020227 PHP remote vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101484975231922&w=2 Reference: CONFIRM:http://www.php.net/downloads.php Reference: MISC:http://security.e-matters.de/advisories/012002.html Reference: REDHAT:RHSA-2002:035 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html Reference: DEBIAN:DSA-115 Reference: URL:http://www.debian.org/security/2002/dsa-115 Reference: CERT:CA-2002-05 Reference: URL:http://www.cert.org/advisories/CA-2002-05.html Reference: CERT-VN:VU#297363 Reference: URL:http://www.kb.cert.org/vuls/id/297363 Reference: ENGARDE:ESA-20020301-006 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1924.html Reference: HP:HPSBTL0203-028 Reference: URL:http://online.securityfocus.com/advisories/3911 Reference: CONECTIVA:CLA-2002:468 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468 Reference: XF:php-file-upload-overflow(8281) Reference: URL:http://www.iss.net/security_center/static/8281.php Reference: BID:4183 Reference: URL:http://www.securityfocus.com/bid/4183 Reference: BUGTRAQ:20020304 Apache+php Proof of Concept Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101537076619812&w=2 Reference: BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101497256024338&w=2 Reference: SUSE:SuSE-SA:2002:007 Reference: URL:http://www.suse.com/de/support/security/2002_007_mod_php4_txt.html Reference: MANDRAKE:MDKSA-2002:017 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. Modifications: ADDREF BUGTRAQ:20020304 Apache+php Proof of Concept Exploit ADDREF BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php ADDREF SUSE:SuSE-SA:2002:007 ADDREF MANDRAKE:MDKSA-2002:017 INFERRED ACTION: CAN-2002-0081 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Ziese, Green NOOP(2) Foat, Christey Voter Comments: Christey> BUGTRAQ:20020304 Apache+php Proof of Concept Exploit URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101537076619812&w=2 Christey> ADDREF BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101497256024338&w=2 SUSE:SuSE-SA:2002:007 MANDRAKE:MDKSA-2002:017 Christey> SUSE:SuSE-SA:2002:007 URL:http://www.suse.com/de/support/security/2002_007_mod_php4_txt.html MANDRAKE:MDKSA-2002:017 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0362.html BUGTRAQ:20020304 Apache+php Proof of Concept Exploit URL:http://online.securityfocus.com/archive/1/259821 ====================================================== Candidate: CAN-2002-0082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0082 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020301 Category: SF Reference: BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available) Reference: URL:http://online.securityfocus.com/archive/1/258646 Reference: BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101518491916936&w=2 Reference: BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101528358424306&w=2 Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-01#security Reference: BUGTRAQ:20020228 TSLSA-2002-0034 - apache Reference: ENGARDE:ESA-20020301-005 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1923.html Reference: CONECTIVA:CLA-2002:465 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465 Reference: REDHAT:RHSA-2002:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-041.html Reference: MANDRAKE:MDKSA-2002:020 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php Reference: REDHAT:RHSA-2002:042 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-042.html Reference: DEBIAN:DSA-120 Reference: URL:http://www.debian.org/security/2002/dsa-120 Reference: HP:HPSBTL0203-031 Reference: URL:http://www.securityfocus.com/advisories/3965 Reference: HP:HPSBUX0204-190 Reference: URL:http://www.securityfocus.com/advisories/4008 Reference: CALDERA:CSSA-2002-011.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt Reference: COMPAQ:SSRT0817 Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml Reference: BID:4189 Reference: URL:http://online.securityfocus.com/bid/4189 Reference: XF:apache-modssl-bo(8308) Reference: URL:http://www.iss.net/security_center/static/8308.php The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. Modifications: ADDREF DEBIAN:DSA-120 ADDREF HP:HPSBTL0203-031 ADDREF HP:HPSBUX0204-190 ADDREF CALDERA:CSSA-2002-011.0 ADDREF COMPAQ:SSRT0817 INFERRED ACTION: CAN-2002-0082 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> DEBIAN:DSA-120 URL:http://www.debian.org/security/2002/dsa-120 HP:HPSBTL0203-031 URL:http://www.securityfocus.com/advisories/3965 HP:HPSBUX0204-190 URL:http://www.securityfocus.com/advisories/4008 CALDERA:CSSA-2002-011.0 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt COMPAQ:SSRT0817 http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml ====================================================== Candidate: CAN-2002-0083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020306 Category: SF Reference: VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html Reference: BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2 Reference: BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2 Reference: BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2 Reference: BUGTRAQ:20020311 TSLSA-2002-0039 - openssh Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html Reference: BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101586991827622&w=2 Reference: BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit Reference: URL:http://online.securityfocus.com/archive/1/264657 Reference: CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt Reference: ENGARDE:ESA-20020307-007 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1937.html Reference: SUSE:SuSE-SA:2002:009 Reference: URL:http://www.suse.de/de/support/security/2002_009_openssh_txt.html Reference: CONECTIVA:CLA-2002:467 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467 Reference: DEBIAN:DSA-119 Reference: URL:http://www.debian.org/security/2002/dsa-119 Reference: REDHAT:RHSA-2002:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-043.html Reference: MANDRAKE:MDKSA-2002:019 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php Reference: NETBSD:NetBSD-SA2002-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc Reference: CALDERA:CSSA-2002-SCO.10 Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt Reference: CALDERA:CSSA-2002-SCO.11 Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt Reference: CALDERA:CSSA-2002-012.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt Reference: FREEBSD:FreeBSD-SA-02:13 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc Reference: HP:HPSBTL0203-029 Reference: URL:http://online.securityfocus.com/advisories/3960 Reference: XF:openssh-channel-error(8383) Reference: URL:http://www.iss.net/security_center/static/8383.php Reference: BID:4241 Reference: URL:http://www.securityfocus.com/bid/4241 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Modifications: ADDREF BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix ADDREF BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit ADDREF BID:4241 ADDREF MANDRAKE:MDKSA-2002:019 ADDREF BUGTRAQ:20020311 TSLSA-2002-0039 - openssh ADDREF NETBSD:NetBSD-SA2002-004 ADDREF CALDERA:CSSA-2002-SCO.10 ADDREF CALDERA:CSSA-2002-SCO.11 ADDREF CALDERA:CSSA-2002-012.0 ADDREF FREEBSD:FreeBSD-SA-02:13 ADDREF XF:openssh-channel-error(8383) ADDREF HP:HPSBTL0203-029 INFERRED ACTION: CAN-2002-0083 FINAL (Final Decision 20020625) Current Votes: ACCEPT(6) Wall, Foat, Cole, Frech, Ziese, Green NOOP(1) Christey Voter Comments: Christey> Consider adding BID:4241 Christey> BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101586991827622&w=2 Christey> BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit URL:http://online.securityfocus.com/archive/1/264657 BID:4241 URL:http://www.securityfocus.com/bid/4241 MANDRAKE:MDKSA-2002:019 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php BUGTRAQ:20020311 TSLSA-2002-0039 - openssh URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix URL:http://online.securityfocus.com/archive/1/260958 NETBSD:NetBSD-SA2002-004 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc CALDERA:CSSA-2002-SCO.10 URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt CALDERA:CSSA-2002-SCO.11 URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt CALDERA:CSSA-2002-012.0 URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt FREEBSD:FreeBSD-SA-02:13 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc XF:openssh-channel-error(8383) URL:http://www.iss.net/security_center/static/8383.php HP:HPSBTL0203-029 URL:http://online.securityfocus.com/advisories/3960 ====================================================== Candidate: CAN-2002-0092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0092 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020308 Category: SF Reference: VULN-DEV:20020220 Help needed with bufferoverflow in cvs Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101422243817321&w=2 Reference: VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs] Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=101433077724524&w=2 Reference: DEBIAN:DSA-117 Reference: URL:http://www.debian.org/security/2002/dsa-117 Reference: REDHAT:RHSA-2002-026 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html Reference: BID:4234 Reference: URL:http://www.securityfocus.com/bid/4234 Reference: XF:cvs-global-var-dos(8366) Reference: URL:http://www.iss.net/security_center/static/8366.php CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability. Modifications: ADDREF BID:4234 ADDREF XF:cvs-global-var-dos(8366) INFERRED ACTION: CAN-2002-0092 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Ziese, Green NOOP(2) Foat, Christey Voter Comments: Christey> Consider adding BID:4234 Christey> BID:4234 URL:http://www.securityfocus.com/bid/4234 XF:cvs-global-var-dos(8366) URL:http://www.iss.net/security_center/static/8366.php ====================================================== Candidate: CAN-2002-0096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0096 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3 Reference: URL:http://www.securityfocus.com/archive/1/248367 Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security Reference: BID:3783 Reference: URL:http://www.securityfocus.com/bid/3783 Reference: XF:geeklog-default-admin-privileges(7780) Reference: URL:http://www.iss.net/security_center/static/7780.php The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended. INFERRED ACTION: CAN-2002-0096 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0097 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3 Reference: URL:http://online.securityfocus.com/archive/1/249443 Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security Reference: BID:3844 Reference: URL:http://online.securityfocus.com/bid/3844 Reference: XF:geeklog-modify-auth-cookie(7869) Reference: URL:http://www.iss.net/security_center/static/7869.php Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. INFERRED ACTION: CAN-2002-0097 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Foat, Cole, Frech, Ziese, Green NOOP(1) Wall Voter Comments: CHANGE> [Green changed vote from REVIEWING to ACCEPT] Green> The security page at geeklog.sourceforge.net indicates acknowledgement of the vulnerability and it's resolution ====================================================== Candidate: CAN-2002-0098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0098 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101027773404836&w=2 Reference: BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released Reference: URL:http://online.securityfocus.com/archive/1/249219 Reference: CONFIRM:http://www.boozt.com/news_detail.php?id=3 Reference: BID:3787 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787 Reference: XF:boozt-long-name-bo(7790) Reference: URL:http://www.iss.net/security_center/static/7790.php Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. INFERRED ACTION: CAN-2002-0098 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0107 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101052887431488&w=2 Reference: BID:3841 Reference: URL:http://www.securityfocus.com/bid/3841 Reference: BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS Reference: URL:http://online.securityfocus.com/archive/1/254167 Reference: XF:cachos-insecure-web-interface(7835) Reference: URL:http://www.iss.net/security_center/static/7835.php Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. INFERRED ACTION: CAN-2002-0107 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0111 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101062213627501&w=2 Reference: BID:3861 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861 Reference: XF:dinos-webserver-directory-traversal(7853) Reference: URL:http://www.iss.net/security_center/static/7853.php Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. INFERRED ACTION: CAN-2002-0111 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0115 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020110 Snort core dumped Reference: URL:http://online.securityfocus.com/archive/1/249340 Reference: BUGTRAQ:20020110 Re: Snort core dumped Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1 Reference: BID:3849 Reference: URL:http://online.securityfocus.com/bid/3849 Reference: XF:snort-icmp-dos(7874) Reference: URL:http://www.iss.net/security_center/static/7874.php Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. INFERRED ACTION: CAN-2002-0115 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0117 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Reference: URL:http://online.securityfocus.com/archive/1/249031 Reference: CONFIRM:http://www.yabbforum.com/ Reference: BID:3828 Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828 Reference: XF:yabb-encoded-css(7840) Reference: URL:http://www.iss.net/security_center/static/7840.php Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Modifications: ADDREF CONFIRM:http://www.yabbforum.com/ INFERRED ACTION: CAN-2002-0117 FINAL (Final Decision 20020625) Current Votes: ACCEPT(2) Frech, Green NOOP(4) Christey, Wall, Foat, Cole Voter Comments: Christey> CONFIRM:http://www.yabbforum.com/ The "Latest News" section has an entry for SP1 dated 4/11/02, which states: "New javascript in image tags vulnerability fixed" ====================================================== Candidate: CAN-2002-0121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0121 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020113 PHP 4.x session spoofing Reference: URL:http://online.securityfocus.com/archive/1/250196 Reference: BID:3873 Reference: URL:http://online.securityfocus.com/bid/3873 Reference: XF:php-session-temp-disclosure(7908) Reference: URL:http://www.iss.net/security_center/static/7908.php PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. INFERRED ACTION: CAN-2002-0121 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Foat, Cole, Frech, Green NOOP(2) Wall, Balinsky ====================================================== Candidate: CAN-2002-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0128 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/250545 Reference: BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit Reference: URL:http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html Reference: CONFIRM:http://www.sambar.com/security.htm Reference: BID:3885 Reference: URL:http://www.securityfocus.com/bid/3885 Reference: XF:sambar-cgitest-dos(7894) Reference: URL:http://www.iss.net/security_center/static/7894.php cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument. INFERRED ACTION: CAN-2002-0128 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0139 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1 Reference: URL:http://online.securityfocus.com/archive/1/251422 Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml Reference: BID:3910 Reference: URL:http://online.securityfocus.com/bid/3910 Reference: XF:spoonftp-ftp-bounce(7943) Reference: URL:http://www.iss.net/security_center/static/7943.php Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. INFERRED ACTION: CAN-2002-0139 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0143 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020315 Assigned: 20020315 Category: SF Reference: BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local) Reference: URL:http://online.securityfocus.com/archive/1/250145 Reference: BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local) Reference: URL:http://online.securityfocus.com/archive/1/251597 Reference: BID:3868 Reference: URL:http://online.securityfocus.com/bid/3868 Reference: XF:eterm-home-bo(7896) Reference: URL:http://www.iss.net/security_center/static/7896.php Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable. INFERRED ACTION: CAN-2002-0143 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Cole, Frech, Ziese, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0151 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101793727306282&w=2 Reference: VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Reference: MS:MS02-017 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS02-017.asp Reference: XF:win-mup-bo(8752) Reference: URL:http://www.iss.net/security_center/static/8752.php Reference: BID:4426 Reference: URL:http://www.securityfocus.com/bid/4426 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Modifications: ADDREF XF:win-mup-bo(8752) ADDREF BID:4426 INFERRED ACTION: CAN-2002-0151 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Frech, Green NOOP(2) Christey, Cox Voter Comments: Christey> Consider adding BID:4426 Christey> XF:win-mup-bo(8752) URL:http://www.iss.net/security_center/static/8752.php BID:4426 URL:http://www.securityfocus.com/bid/4426 ====================================================== Candidate: CAN-2002-0152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0152 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2 Reference: MS:MS02-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp Reference: XF:ms-mac-html-file-bo(8850) Reference: URL:http://www.iss.net/security_center/static/8850.php Reference: BID:4517 Reference: URL:http://www.securityfocus.com/bid/4517 Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Modifications: ADDREF XF:ms-mac-html-file-bo(8850) ADDREF BID:4517 INFERRED ACTION: CAN-2002-0152 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Frech, Green NOOP(3) Christey, Foat, Cox Voter Comments: Christey> XF:ms-mac-html-file-bo(8850) URL:http://www.iss.net/security_center/static/8850.php BID:4517 URL:http://www.securityfocus.com/bid/4517 ====================================================== Candidate: CAN-2002-0153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0153 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020319 Category: SF Reference: BUGTRAQ:20020122 Macinosh IE file execuion Reference: URL:http://www.securityfocus.com/archive/1/251805 Reference: MS:MS02-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-019.asp Reference: XF:ie-mac-applescript-execution(8851) Reference: URL:http://www.iss.net/security_center/static/8851.php Reference: BID:3935 Reference: URL:http://www.securityfocus.com/bid/3935 Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability. Modifications: ADDREF BUGTRAQ:20020122 Macinosh IE file execuion ADDREF XF:ie-mac-applescript-execution(8851) ADDREF BID:3935 INFERRED ACTION: CAN-2002-0153 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Foat, Cole, Frech, Green NOOP(2) Christey, Cox Voter Comments: Christey> XF:ie-mac-applescript-execution(8851) URL:http://www.iss.net/security_center/static/8851.php BID:3935 BUGTRAQ:20020122 Macinosh IE file execuion URL:http://www.securityfocus.com/archive/1/251805 ====================================================== Candidate: CAN-2002-0159 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0159 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2 Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml Reference: XF:ciscosecure-acs-format-string(8742) Reference: URL:http://www.iss.net/security_center/static/8742.php Reference: BID:4416 Reference: URL:http://www.securityfocus.com/bid/4416 Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002 Modifications: ADDREF XF:ciscosecure-acs-format-string(8742) ADDREF BID:4416 INFERRED ACTION: CAN-2002-0159 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Foat, Cole, Frech, Green NOOP(3) Christey, Wall, Cox Voter Comments: Christey> XF:ciscosecure-acs-format-string(8742) URL:http://www.iss.net/security_center/static/8742.php BID:4416 URL:http://www.securityfocus.com/bid/4416 ====================================================== Candidate: CAN-2002-0160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0160 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020327 Category: SF Reference: BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101786689128667&w=2 Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. INFERRED ACTION: CAN-2002-0160 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Foat, Cole, Green NOOP(2) Wall, Cox ====================================================== Candidate: CAN-2002-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0166 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020409 Category: SF Reference: DEBIAN:DSA-125 Reference: URL:http://www.debian.org/security/2002/dsa-125 Reference: FREEBSD:FreeBSD-SN-02:02 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc Reference: XF:analog-logfile-css(8656) Reference: URL:http://www.iss.net/security_center/static/8656.php Reference: BID:4389 Reference: URL:http://www.securityfocus.com/bid/4389 Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. Modifications: ADDREF XF:analog-logfile-css(8656) ADDREF BID:4389 ADDREF FREEBSD:FreeBSD-SN-02:02 INFERRED ACTION: CAN-2002-0166 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Cox, Green NOOP(2) Christey, Foat Voter Comments: Christey> XF:analog-logfile-css(8656) URL:http://www.iss.net/security_center/static/8656.php BID:4389 URL:http://www.securityfocus.com/bid/4389 FREEBSD:FreeBSD-SN-02:02 URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc ====================================================== Candidate: CAN-2002-0167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0167 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020410 Category: SF Reference: REDHAT:RHSA-2002:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html Reference: CONECTIVA:CLA-2002:470 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470 Reference: CALDERA:CSSA-2002-019.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt Reference: MANDRAKE:MDKSA-2002:029 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php Reference: SUSE:SuSE-SA:2002:015 Reference: URL:http://www.suse.de/de/support/security/2002_015_imlib_txt.html Reference: BID:4339 Reference: URL:http://online.securityfocus.com/bid/4339 Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. Modifications: ADDREF CALDERA:CSSA-2002-019.0 ADDREF MANDRAKE:MDKSA-2002:029 ADDREF SUSE:SuSE-SA:2002:015 INFERRED ACTION: CAN-2002-0167 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Cox, Green NOOP(2) Christey, Foat Voter Comments: Christey> CALDERA:CSSA-2002-019.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt MANDRAKE:MDKSA-2002:029 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php SUSE:SuSE-SA:2002:015 URL:http://www.suse.de/de/support/security/2002_015_imlib_txt.html ====================================================== Candidate: CAN-2002-0168 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0168 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020410 Category: SF Reference: REDHAT:RHSA-2002:048 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html Reference: CONECTIVA:CLA-2002:470 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470 Reference: CALDERA:CSSA-2002-019.0 Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt Reference: MANDRAKE:MDKSA-2002:029 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php Reference: SUSE:SuSE-SA:2002:015 Reference: URL:http://www.suse.de/de/support/security/2002_015_imlib_txt.html Reference: BID:4336 Reference: URL:http://online.securityfocus.com/bid/4336 Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption. Modifications: ADDREF CALDERA:CSSA-2002-019.0 ADDREF MANDRAKE:MDKSA-2002:029 ADDREF SUSE:SuSE-SA:2002:015 INFERRED ACTION: CAN-2002-0168 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Cox, Green NOOP(2) Christey, Foat Voter Comments: Christey> CALDERA:CSSA-2002-019.0 URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt MANDRAKE:MDKSA-2002:029 URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php SUSE:SuSE-SA:2002:015 URL:http://www.suse.de/de/support/security/2002_015_imlib_txt.html ====================================================== Candidate: CAN-2002-0175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0175 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020415 Category: SF Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection Reference: URL:http://online.securityfocus.com/archive/1/263121 Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html Reference: MANDRAKE:MDKSA-2002:026 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php Reference: BID:4326 Reference: URL:http://online.securityfocus.com/bid/4326 Reference: XF:libsafe-flagchar-protection-bypass(8593) Reference: URL:http://www.iss.net/security_center/static/8593.php libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. Modifications: ADDREF VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection ADDREF XF:libsafe-flagchar-protection-bypass(8593) INFERRED ACTION: CAN-2002-0175 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Frech, Green NOOP(3) Christey, Foat, Cox Voter Comments: Christey> VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html XF:libsafe-flagchar-protection-bypass(8593) URL:http://www.iss.net/security_center/static/8593.php ====================================================== Candidate: CAN-2002-0176 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0176 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020415 Category: SF Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection Reference: URL:http://online.securityfocus.com/archive/1/263121 Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html Reference: MANDRAKE:MDKSA-2002:026 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php Reference: BID:4327 Reference: URL:http://online.securityfocus.com/bid/4327 Reference: XF:libsafe-argnum-protection-bypass(8594) Reference: URL:http://www.iss.net/security_center/static/8594.php The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe. Modifications: ADDREF VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection ADDREF XF:libsafe-argnum-protection-bypass(8594) INFERRED ACTION: CAN-2002-0176 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Frech, Green NOOP(3) Christey, Foat, Cox Voter Comments: Christey> VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html XF:libsafe-argnum-protection-bypass(8594) URL:http://www.iss.net/security_center/static/8594.php ====================================================== Candidate: CAN-2002-0179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0179 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020417 Category: SF Reference: DEBIAN:DSA-127 Reference: URL:http://www.debian.org/security/2002/dsa-127 Reference: BID:4534 Reference: URL:http://www.securityfocus.com/bid/4534 Reference: XF:xpilot-server-bo(8852) Reference: URL:http://www.iss.net/security_center/static/8852.php Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code. Modifications: ADDREF BID:4534 ADDREF XF:xpilot-server-bo(8852) INFERRED ACTION: CAN-2002-0179 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Wall, Cole, Frech, Cox, Green NOOP(2) Christey, Foat Voter Comments: Christey> BID:4534 URL:http://www.securityfocus.com/bid/4534 XF:xpilot-server-bo(8852) URL:http://www.iss.net/security_center/static/8852.php ====================================================== Candidate: CAN-2002-0196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0196 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory) Reference: URL:http://online.securityfocus.com/archive/1/251699 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966 Reference: BID:3924 Reference: URL:http://online.securityfocus.com/bid/3924 Reference: XF:cwpapi-getrelativepath-view-files(7981) Reference: URL:http://www.iss.net/security_center/static/7981.php GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root. INFERRED ACTION: CAN-2002-0196 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0197 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101173478806580&w=2 Reference: BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal Reference: URL:http://online.securityfocus.com/archive/1/251832 Reference: XF:psybnc-view-encrypted-messages(7985) Reference: URL:http://www.iss.net/security_center/static/7985.php Reference: BID:3931 Reference: URL:http://www.securityfocus.com/bid/3931 psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. INFERRED ACTION: CAN-2002-0197 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0207 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0207 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: VULN-DEV:20020105 RealPlayer Buffer Problem Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html Reference: BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability Reference: URL:http://online.securityfocus.com/archive/1/252414 Reference: BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01] Reference: URL:http://online.securityfocus.com/archive/1/252425 Reference: MISC:http://sentinelchicken.com/advisories/realplayer/ Reference: BID:3809 Reference: URL:http://online.securityfocus.com/bid/3809 Reference: XF:realplayer-file-header-bo(7839) Reference: URL:http://www.iss.net/security_center/static/7839.php Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. INFERRED ACTION: CAN-2002-0207 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0209 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020125 Alteon ACEdirector signature/security bug Reference: URL:http://online.securityfocus.com/archive/1/252455 Reference: BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug Reference: URL:http://online.securityfocus.com/archive/1/261548 Reference: BID:3964 Reference: URL:http://online.securityfocus.com/bid/3964 Reference: XF:acedirector-http-reveal-ip(8010) Reference: URL:http://www.iss.net/security_center/static/8010.php Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address. INFERRED ACTION: CAN-2002-0209 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0211 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101208650722179&w=2 Reference: BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966) Reference: URL:http://online.securityfocus.com/archive/1/265845 Reference: CONFIRM:http://www.tarantella.com/security/bulletin-04.html Reference: BID:3966 Reference: URL:http://online.securityfocus.com/bid/3966 Reference: XF:tarantella-gunzip-tmp-race(7996) Reference: URL:http://www.iss.net/security_center/static/7996.php Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed. INFERRED ACTION: CAN-2002-0211 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0226 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0226 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101258311519504&w=2 Reference: CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html Reference: BID:4014 Reference: URL:http://www.securityfocus.com/bid/4014 Reference: XF:dcforum-cgi-recover-passwords(8044) Reference: URL:http://www.iss.net/security_center/static/8044.php retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user. INFERRED ACTION: CAN-2002-0226 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Green NOOP(2) Wall, Foat ====================================================== Candidate: CAN-2002-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0237 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101321744807452&w=2 Reference: BUGTRAQ:20020204 Vulnerability in Black ICE Defender Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101286393404301&w=2 Reference: NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101353165915171&w=2 Reference: BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101302424803268&w=2 Reference: ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products Reference: URL:http://www.iss.net/security_center/alerts/advise109.php Reference: BID:4025 Reference: URL:http://online.securityfocus.com/bid/4025 Reference: XF:blackice-ping-flood-dos(8058) Reference: URL:http://www.iss.net/security_center/static/8058.php Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets. INFERRED ACTION: CAN-2002-0237 FINAL (Final Decision 20020625) Current Votes: ACCEPT(4) Wall, Cole, Frech, Green NOOP(1) Foat ====================================================== Candidate: CAN-2002-0251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0251 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020206 -Possible- licq D.o.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101301254432079&w=2 Reference: BUGTRAQ:20020208 RE: -Possible- licq D.o.S Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101318594420200&w=2 Reference: BID:4036 Reference: URL:http://www.securityfocus.com/bid/4036 Reference: XF:licq-static-bo(8107) Reference: URL:http://www.iss.net/security_center/static/8107.php Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". INFERRED ACTION: CAN-2002-0251 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Cole, Frech, Cox NOOP(2) Wall, Foat Voter Comments: CHANGE> [Cox changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2002-0265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0265 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: Proposed: 20020502 Assigned: 20020501 Category: SF Reference: BUGTRAQ:20020211 Vulnerability in Sawmill for Solaris v. 6.2.14 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101346206921270&w=2 Reference: CONFIRM:http://www.sawmill.net/version_history.html Reference: BID:4077 Reference: URL:http://www.securityfocus.com/bid/4077 Reference: XF:sawmill-admin-password-insecure(8173) Reference: URL:http://www.iss.net/security_center/static/8173.php Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file. INFERRED ACTION: CAN-2002-0265 FINAL (Final Decision 20020625) Current Votes: ACCEPT(3) Wall, Cole, Frech NOOP(2) Foat, Cox ====================================================== Candidate: CAN-2002-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1056 Final-Decision: 20020625 Interim-Decision: 20020617 Modified: 20020616-01 Proposed: 20020502 Assigned: 20020426 Category: SF Reference: BUGTRAQ:20020331 More Office XP Problems Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101760380418890&w=2 Reference: BUGTRAQ:20020403 More Office XP problems (Version 2.0) Reference: URL:http://online.securityfocus.com/archive/1/265621 Reference: MS:MS02-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-021.asp Reference: BID:4397 Reference: URL:http://online.securityfocus.com/bid/4397 Reference: XF:outlook-object-execute-script(8708) Reference: URL:http://www.iss.net/security_center/static/8708.php Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. Modifications: ADDREF BUGTRAQ:20020403 More Office XP problems (Version 2.0) ADDREF XF:outlook-object-execute-script(8708) INFERRED ACTION: CAN-2002-1056 FINAL (Final Decision 20020625) Current Votes: ACCEPT(5) Green, Wall, Foat, Cole, Frech NOOP(2) Christey, Cox Voter Comments: Christey> BUGTRAQ:20020403 More Office XP problems (Version 2.0) URL:http://online.securityfocus.com/archive/1/265621 XF:outlook-object-execute-script(8708) URL:http://www.iss.net/security_center/static/8708.php
|
||||
