[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-99 - 37 candidates

I am proposing cluster RECENT-99 for review and voting by the
Editorial Board.

Name: RECENT-99
Description: CANs announced between 2002/06/01 and 2002/06/11
Size: 37

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0804
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0804
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured
to perform reverse DNS lookups, allows remote attackers to bypass IP
restrictions by connecting from a system with a spoofed reverse DNS
hostname.

Analysis
----------------
ED_PRI CAN-2002-0804 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0805
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new
directories with world-writable permissions, and (2) creates the
params file with world-writable permissions, which allows local users
to modify the files and execute code.

Analysis
----------------
ED_PRI CAN-2002-0805 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0806
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0806
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows
authenticated users with editing privileges to delete other users by
directly calling the editusers.cgi script with the "del" option.

Analysis
----------------
ED_PRI CAN-2002-0806 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0808
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0808
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing
a mass change, sets the groupset of all bugs to the groupset of the
first bug, which could inadvertently cause insecure groupset
permissions to be assigned to some bugs.

Analysis
----------------
ED_PRI CAN-2002-0808 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0809
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0809
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not
properly handle URL-encoded field names that are generated by some
browsers, which could cause certain fields to appear to be unset,
which has the effect of removing group permissions on bugs when
buglist.cgi is provided with the encoded field names.

Analysis
----------------
ED_PRI CAN-2002-0809 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0810
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0810
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error
messages from the syncshadowdb command to the HTML output, which could
leak sensitive information, including plaintext passwords, if
syncshadowdb fails.

Analysis
----------------
ED_PRI CAN-2002-0810 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0911
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0911
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CALDERA:CSSA-2002-024.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt
Reference: BID:4923
Reference: URL:http://www.securityfocus.com/bid/4923
Reference: XF:volution-manager-plaintext-password(9240)
Reference: URL:http://www.iss.net/security_center/static/9240.php

Caldera Volution Manager 1.1 stores the Directory Administrator
password in cleartext in the slapd.conf file, which could allow local
users to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0911 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0914
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0295.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065
Reference: BID:4908
Reference: URL:http://www.securityfocus.com/bid/4908
Reference: XF:courier-mta-year-dos(9228)
Reference: URL:http://www.iss.net/security_center/static/9228.php

Double Precision Courier e-mail MTA allows remote attackers to cause a
denial of service (CPU consumption) via a message with an extremely
large or negative value for the year, which causes a tight loop.

Analysis
----------------
ED_PRI CAN-2002-0914 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog includes an item dated 2002-05-20 that
says "rfc822_parsedt.c (rfc822_parsedt): Ignore obviously invalid
years (someone else can worry about Y10K)."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0916
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0916
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html
Reference: BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://online.securityfocus.com/archive/1/275347
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz
Reference: BID:4929
Reference: URL:http://www.securityfocus.com/bid/4929
Reference: XF:msntauth-squid-format-string(9248)
Reference: URL:http://www.iss.net/security_center/static/9248.php

Format string vulnerability in the allowuser code for the Stellar-X
msntauth authentication module, as distributed in Squid 2.4.STABLE6
and earlier, allows remote attackers to execute arbitrary code via
format strings in the user name, which are not properly handled in a
syslog call.

Analysis
----------------
ED_PRI CAN-2002-0916 1
Vendor Acknowledgement: yes diff

ACKNOWLEDGEMENT: while there are no vendor advisories that explicitly
mention the format string issues, it is obvious from the diff (and via
e-mail confirmation) that major changes were made to the code, which
addressed the format string and buffer overflow issues as originally
reported. It should be noted that the Squid distribution is fixed, but
the original Stellar-X is not (as of July 29).

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0945
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0945
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: XF:devwex-get-bo(9298)
Reference: URL:http://www.iss.net/security_center/static/9298.php
Reference: BID:4979
Reference: URL:http://www.securityfocus.com/bid/4979

Buffer overflow in SeaNox Devwex allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-0945 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The vendor's "Historie" page (accessible on the left
hand menu) has an item dated June 1, 2002, which states (based on a
Google translation): "the directory handling [was] revised around a
safe and errortolerant path processing. The ms Java could be brought
by ueberladene [long?] Requests to VM to [cause a] crash."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0946
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: BID:4978
Reference: URL:http://www.securityfocus.com/bid/4978
Reference: XF:devwex-dotdot-directory-traversal(9299)
Reference: URL:http://www.iss.net/security_center/static/9299.php

Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601
allows remote attackers to read arbitrary files via ..\ (dot dot)
sequences in an HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0946 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: The vendor's "Historie" page (accessible on the left
hand menu) has an item dated June 1, 2002, which states (based on a
Google translation): "the directory handling [was] revised around a
safe and errortolerant path processing. The ms Java could be brought
by ueberladene [long?] Requests to VM to [cause a] crash."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0958
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0958
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877
Reference: XF:phpreactor-browse-xss(9280)
Reference: URL:http://www.iss.net/security_center/static/9280.php
Reference: BID:4952
Reference: URL:http://www.securityfocus.com/bid/4952

Cross-site scripting vulnerability in browse.php for PHP(Reactor)
1.2.7 allows remote attackers to execute script as other users via the
go parameter in the comments section.

Analysis
----------------
ED_PRI CAN-2002-0958 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor changelog for 1.2.7p1 says "fixed 2 XSS
errors." A source code diff of inc/global.inc.php in phpreactor-1.2.7
and phpreactor-1.2.7p1 shows that the only change was a call to
strip_tags() when setting the $go variable.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0967
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/275708
Reference: CONFIRM:http://www.edonkey2000.com/
Reference: XF:edonkey2000-ed2k-filename-bo(9278)
Reference: URL:http://www.iss.net/security_center/static/9278.php
Reference: BID:4951
Reference: URL:http://www.securityfocus.com/bid/4951

Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a long "ed2k:" URL.

Analysis
----------------
ED_PRI CAN-2002-0967 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: on the vendor's home page, an item dated 6.5.02
states "An security exploit in the windows GUI client has been
fixed... Thanks to Shane Hird [the notifier] for pointing it out to
us."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1051
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1051
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
Reference: BUGTRAQ:20020721 Nanog traceroute format string exploit.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102737546927749&w=2
Reference: BUGTRAQ:20020723 Re: Nanog traceroute format string exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
Reference: BUGTRAQ:20020724 Re: Nanog traceroute format string exploit.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102753136231920&w=2
Reference: SUSE:SuSE-SA:2000:041
Reference: URL:http://www.suse.de/de/security/2000_041_traceroute_txt.html
Reference: BID:4956
Reference: URL:http://www.securityfocus.com/bid/4956
Reference: XF:tracesroute-t-format-string(9291)
Reference: URL:http://www.iss.net/security_center/static/9291.php

Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG
traceroute) allows local users to execute arbitrary code via the -T
(terminator) command line argument.

Analysis
----------------
ED_PRI CAN-2002-1051 1
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0803
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0803
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=126801
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote
attackers to display restricted products and components via a direct
HTTP request to queryhelp.cgi.

Analysis
----------------
ED_PRI CAN-2002-0803 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0807
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0807
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=146447
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2,
and 2.16 before 2.16rc2, could allow remote attackers to execute
script as other Bugzilla users via the full name (real name) field,
which is not properly quoted by editusers.cgi.

Analysis
----------------
ED_PRI CAN-2002-0807 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0811
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0811
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020729
Category: SF
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=130821
Reference: REDHAT:RHSA-2002:109
Reference: BID:4964
Reference: URL:http://online.securityfocus.com/bid/4964

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote
attackers to cause a denial of service or execute certain queries via
a SQL injection attack on the sort order parameter to buglist.cgi.

Analysis
----------------
ED_PRI CAN-2002-0811 3
Vendor Acknowledgement: yes advisory
Content Decisions: INCLUSION

INCLUSION: The developers are not certain whether this bug is truly
exploitable or not.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0878
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0878
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020604 sql injection in Logisense software
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0010.html
Reference: BID:4931
Reference: URL:http://www.securityfocus.com/bid/4931
Reference: XF:logisense-sql-injection(9268)
Reference: URL:http://www.iss.net/security_center/static/9268.php

SQL injection vulnerability in the login form for LogiSense software
including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager
allows remote attackers to bypass authentication via SQL code in the
password field.

Analysis
----------------
ED_PRI CAN-2002-0878 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0907
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0907
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020604 SHOUTcast 1.8.9 bufferoverflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0016.html
Reference: BID:4934
Reference: URL:http://www.securityfocus.com/bid/4934
Reference: XF:shoutcast-icy-remote-bo(9251)
Reference: URL:http://www.iss.net/security_center/static/9251.php

Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12
allows a remote authenticated DJ to execute arbitrary code on the
server via a long value in a header whose name begins with "icy-".

Analysis
----------------
ED_PRI CAN-2002-0907 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0913
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0913
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102323341407280&w=2
Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1011): slurp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0014.html
Reference: XF:slurp-syslog-format-string(9270)
Reference: URL:http://www.iss.net/security_center/static/9270.php
Reference: BID:4935
Reference: URL:http://www.securityfocus.com/bid/4935

Format string vulnerability in log_doit function of Slurp NNTP client
1.1.0 allows a malicious news server to execute arbitrary code on the
client via format strings in a server response.

Analysis
----------------
ED_PRI CAN-2002-0913 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0921
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
Reference: XF:cgiscript-csnews-information-disclosure(9331)
Reference: URL:http://www.iss.net/security_center/static/9331.php

CGIScript.net csNews.cgi allows remote attackers to obtain potentially
sensitive information, such as the full server pathname and other
configuration settings, via the viewnews command with an invalid
database, which leaks the information in error messages.

Analysis
----------------
ED_PRI CAN-2002-0921 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0922
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
Reference: XF:cgiscript-csnews-admin-access(9333)
Reference: URL:http://www.iss.net/security_center/static/9333.php
Reference: XF:cgiscript-csnews-file-disclosure(9332)
Reference: URL:http://www.iss.net/security_center/static/9332.php
Reference: BID:4991
Reference: URL:http://www.securityfocus.com/bid/4991
Reference: BID:4993
Reference: URL:http://www.securityfocus.com/bid/4993

CGIScript.net csNews.cgi allows remote attackers to obtain database
files via a direct URL-encoded request to (1) default%2edb or (2)
default%2edb.style, or remote authenticated users to perform
administrative actions via (3) a database parameter set to
default%2edb.

Analysis
----------------
ED_PRI CAN-2002-0922 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that all issues of the same type be
MERGED. While there are separate "components" involved here, in the
sense that there are varying authentication requirements, the
underlying issue is basically the same: a canonicalization problem due
to encoding.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0923
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
Reference: BID:4994
Reference: URL:http://www.securityfocus.com/bid/4994
Reference: XF:cgiscript-csnews-admin-access(9333)
Reference: URL:http://www.iss.net/security_center/static/9333.php

CGIScript.net csNews.cgi allows remote authenticated users to read
arbitrary files, and possibly gain privileges, via the (1) pheader or
(2) pfooter parameters in the "Advanced Settings" capability.

Analysis
----------------
ED_PRI CAN-2002-0923 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0924
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html
Reference: BID:4451
Reference: URL:http://online.securityfocus.com/bid/4451

CGIScript.net csNews.cgi allows remote authenticated users to execute
arbitrary Perl code via terminating quotes and metacharacters in text
fields of the "Advanced Settings" capability.

Analysis
----------------
ED_PRI CAN-2002-0924 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0931
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0931
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
Reference: BID:4967
Reference: URL:http://www.securityfocus.com/bid/4967
Reference: BID:4970
Reference: URL:http://www.securityfocus.com/bid/4970
Reference: XF:myhelpdesk-new-ticket-xss(9319)
Reference: URL:http://www.iss.net/security_center/static/9319.php
Reference: XF:myhelpdesk-index-php-xss(9320)
Reference: URL:http://www.iss.net/security_center/static/9320.php

Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and
possibly other versions, allows remote attackers to execute script as
other users via a (1) Title or (2) Description when a new ticket is
created by a support assistant, via the "id" parameter to the
index.php script with the (3) tickettime, (4) ticketfiles, or (5)
updateticketlog operations, or (6) via the update section when a
ticket is edited.

Analysis
----------------
ED_PRI CAN-2002-0931 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type
into the same item. Some may distinguish between "script injection
into links" and "script injection into HTML pages," but these can also
be thought of different attack vectors into the problem of "not
quoting or cleansing script when it is presented to another party," so
CVE takes the approach that these issues are the same. CD:SF-EXEC
further suggests that problems of the same type, in the same version,
should be combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0932
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0932
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
Reference: BID:4971
Reference: URL:http://www.securityfocus.com/bid/4971
Reference: XF:myhelpdesk-sql-injection(9321)
Reference: URL:http://www.iss.net/security_center/static/9321.php

SQL injection vulnerability in index.php for MyHelpDesk 20020509, and
possibly other versions, allows remote attackers to conduct
unauthorized activities via SQL code in the "id" parameter for the
operations (1) detailticket, (2) editticket, or (3) updateticketlog.

Analysis
----------------
ED_PRI CAN-2002-0932 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

ABSTRACTION: CD:SF-LOC suggests combining problems of the same type
into the same item. Some may distinguish between "script injection
into links" and "script injection into HTML pages," but these can also
be thought of different attack vectors into the problem of "not
quoting or cleansing script when it is presented to another party," so
CVE takes the approach that these issues are the same. CD:SF-EXEC
further suggests that problems of the same type, in the same version,
should be combined.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0933
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0933
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 Datalex BookIt! Consumer Password Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0063.html
Reference: BID:4972
Reference: URL:http://www.securityfocus.com/bid/4972
Reference: XF:bookit-plaintext-passwords(9316)
Reference: URL:http://www.iss.net/security_center/static/9316.php

Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords
in plaintext in a cookie, which could allow remote attackers to gain
privileges via Cross-site scripting or sniffing attacks.

Analysis
----------------
ED_PRI CAN-2002-0933 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0934
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0934
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 AlienForm2 CGI script: arbitrary file read/write
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html
Reference: BID:4983
Reference: URL:http://www.securityfocus.com/bid/4983
Reference: XF:alienform2-directory-traversal(9325)
Reference: URL:http://www.iss.net/security_center/static/9325.php

Directory traversal vulnerability in Jon Hedley AlienForm2 (typically
installed as af.cgi or alienform.cgi) allows remote attackers to read
or modify arbitrary files via an illegal character in the middle of a
.. (dot dot) sequence in the parameters (1) _browser_out or (2)
_out_file.

Analysis
----------------
ED_PRI CAN-2002-0934 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0936
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0936
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html
Reference: XF:jsp-engine-wprinterjob-dos(9339)
Reference: URL:http://www.iss.net/security_center/static/9339.php
Reference: BID:4995
Reference: URL:http://www.securityfocus.com/bid/4995

The Java Server Pages (JSP) engine in Tomcat allows web page owners to
cause a denial of service (engine crash) on the web server via a JSP
page that calls WPrinterJob().pageSetup(null,null).

Analysis
----------------
ED_PRI CAN-2002-0936 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

ACCURACY: The original post includes no version information.
ABSTRACTION: It is not particularly clear what codebase relationships
may exist between Tomcat and JRun. It's possible that this is not a
bug in the implementations, rather in J2EE or JRE. The fact that the
same obscure piece of code demonstrates the issue in both places,
indicates some type of commonality.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0937
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0937
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020611 [VulnWatch] Generic Crash-JSP
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0095.html
Reference: XF:jsp-engine-wprinterjob-dos(9339)
Reference: URL:http://www.iss.net/security_center/static/9339.php
Reference: BID:4997
Reference: URL:http://www.securityfocus.com/bid/4997

The Java Server Pages (JSP) engine in JRun allows web page owners to
cause a denial of service (engine crash) on the web server via a JSP
page that calls WPrinterJob().pageSetup(null,null).

Analysis
----------------
ED_PRI CAN-2002-0937 3
Vendor Acknowledgement:
Content Decisions: SF-CODEBASE

ACCURACY: The original post includes no version information.
ABSTRACTION: It is not particularly clear what codebase relationships
may exist between Tomcat and JRun. It's possible that this is not a
bug in the implementations, rather in J2EE or JRE. The fact that the
same obscure piece of code demonstrates the issue in both places,
indicates some type of commonality.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0949
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0949
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020605 Some vulnerabilities in the Telindus 11xx router series
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html
Reference: BID:4946
Reference: URL:http://www.securityfocus.com/bid/4946
Reference: XF:telindus-adsl-information-leak(9277)
Reference: URL:http://www.iss.net/security_center/static/9277.php

Telindus 1100 series ADSL router allows remote attackers to gain
privileges to the device via a certain packet to UDP port 9833, which
generates a reply that includes the router's password and other
sensitive information in cleartext.

Analysis
----------------
ED_PRI CAN-2002-0949 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0956
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0956
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020606 [VulnWatch] KPMG-2002019: BlackICE Agent not Firewalling After Standby
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0090.html
Reference: BUGTRAQ:20020606 KPMG-2002019: BlackICE Agent not Firewalling After Standby
Reference: URL:http://online.securityfocus.com/archive/1/275710
Reference: BID:4950
Reference: URL:http://www.securityfocus.com/bid/4950
Reference: XF:blackice-standby-inactivate(9275)
Reference: URL:http://www.iss.net/security_center/static/9275.php

BlackICE Agent 3.1.eal does not always reactivate after a system
standby, which could allow remote attackers and local users to bypass
intended firewall restrictions.

Analysis
----------------
ED_PRI CAN-2002-0956 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0959
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0959
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 Splatt Forum XSS
Reference: URL:http://online.securityfocus.com/archive/1/275744
Reference: VULNWATCH:20020606 [VulnWatch] Splatt Forum XSS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0091.html
Reference: XF:splatt-forum-img-xss(9279)
Reference: URL:http://www.iss.net/security_center/static/9279.php
Reference: BID:4953
Reference: URL:http://www.securityfocus.com/bid/4953

Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote
attackers to execute arbitrary script as other users via an [img] tag
with a closing quote followed by the script.

Analysis
----------------
ED_PRI CAN-2002-0959 3
Vendor Acknowledgement: unknown foreign

ACKNOWLEDGEMENT: vendor ack could not be determined because the
vendor's web site is in Italian.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0960
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html
Reference: BID:4957
Reference: URL:http://www.securityfocus.com/bid/4957
Reference: XF:cbms-php-xss(9294)
Reference: URL:http://www.iss.net/security_center/static/9294.php

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS
0.7 and earlier allows remote attackers to execute arbitrary script as
other CBMS users.

Analysis
----------------
ED_PRI CAN-2002-0960 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: Vendor acknowledgement is too vague.  The vendor's
web page says "Please download the latest version of cbms (0.7.1) due
to numerous security fixes!" and the changelog includes an item dated
5/24/2002 that says "Fixed security issue dealing with how queries are
constructed," but this is too vague to know whether the vendor was
fixing the XSS issue, the SQL issue, both, or none.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0961
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020606 CBMS: XSS and SQL Injection holes
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html
Reference: BID:4957
Reference: URL:http://www.securityfocus.com/bid/4957
Reference: XF:cbms-php-sql-injection(9295)
Reference: URL:http://www.iss.net/security_center/static/9295.php

Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote
attackers to conduct unauthorized operations as other users, e.g. by
deleting clients via dltclnt.php, possibly in a SQL injection attack.

Analysis
----------------
ED_PRI CAN-2002-0961 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: The vendor's acknowledgement is too vague.  The
vendor's web page says "Please download the latest version of cbms
(0.7.1) due to numerous security fixes!" and the changelog includes an
item dated 5/24/2002 that says "Fixed security issue dealing with how
queries are constructed," but this is too vague to know whether the
vendor was fixing the XSS issue, the SQL issue, both, or
none. ACCURACY: the notifier says that this is a SQL injection issue,
but there doesn't appear to be any "malformed" SQL in the provided
exploit; it seems to indicate a well-formed ID, which could mean that
this is an "authentication bypass" type of vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0962
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0962
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
Reference: CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149
Reference: XF:geeklog-index-comment-xss(9310)
Reference: URL:http://www.iss.net/security_center/static/9310.php
Reference: XF:geeklog-calendar-event-xss(9309)
Reference: URL:http://www.iss.net/security_center/static/9309.php
Reference: BID:4969
Reference: URL:http://www.securityfocus.com/bid/4969
Reference: BID:4974
Reference: URL:http://www.securityfocus.com/bid/4974

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier
allow remote attackers to execute arbitrary script via (1) the url
variable in the Link field of a calendar event, (2) the topic
parameter in index.php, or (3) the title parameter in comment.php.

Analysis
----------------
ED_PRI CAN-2002-0962 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0963
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0963
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020610 [ARL02-A13] Multiple Security Issues in GeekLog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html
Reference: CONFIRM:http://geeklog.sourceforge.net/article.php?story=20020610013358149
Reference: BID:4968
Reference: URL:http://www.securityfocus.com/bid/4968
Reference: XF:geeklog-sql-injection(9311)
Reference: URL:http://www.iss.net/security_center/static/9311.php

SQL injection vulnerability in comment.php for GeekLog 1.3.5 and
earlier allows remote attackers to obtain sensitive user information
via the pid parameter.

Analysis
----------------
ED_PRI CAN-2002-0963 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007