[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-100 - 35 candidates



I am proposing cluster RECENT-100 for review and voting by the
Editorial Board.

Name: RECENT-100
Description: CANs announced between 2002/06/12 and 2002/06/28
Size: 35

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve







Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0906
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0906
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CERT-VN:VU#814627
Reference: URL:http://www.kb.cert.org/vuls/id/814627
Reference: CONFIRM:http://www.sendmail.org/8.12.5.html
Reference: BID:5122
Reference: XF:sendmail-dns-txt-bo(9443)

Buffer overflow in Sendmail before 8.12.5, when configured to use a
custom DNS map to query TXT records, allows remote attackers to cause
a denial of service and possibly execute arbitrary code via a
malicious DNS server.

Analysis
----------------
ED_PRI CAN-2002-0906 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0952
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0952
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml
Reference: XF:cisco-ons-tcc-dos(9377)
Reference: URL:http://www.iss.net/security_center/static/9377.php
Reference: BID:5058
Reference: URL:http://www.securityfocus.com/bid/5058

Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0
allows remote attackers to cause a denial of service (reset) by
sending IP packets with non-zero Type of Service (TOS) bits to the
Timing Control Card (TCC) LAN interface.

Analysis
----------------
ED_PRI CAN-2002-0952 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0968
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0968
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html
Reference: BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102563702928443&w=2
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:5006
Reference: URL:http://www.securityfocus.com/bid/5006
Reference: XF:analogx-simpleserver-at-dos(9338)
Reference: URL:http://www.iss.net/security_center/static/9338.php

Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows
remote attackers to cause a denial of service (crash) and execute code
via a long HTTP request method name.

Analysis
----------------
ED_PRI CAN-2002-0968 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the change log for version 1.23 says "Fixed possible
exploit with large string commands."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0991
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0991
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020624 Sharity Cifslogin Buffer Overflow (arguments)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0300.html
Reference: HP:HPSBUX0207-200
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0016.html
Reference: XF:hp-cifs-login-bo(9431)
Reference: URL:http://www.iss.net/security_center/static/9431.php
Reference: BID:5088
Reference: URL:http://www.securityfocus.com/bid/5088

Buffer overflows in the cifslogin command for HP CIFS/9000 Client
A.01.06 and earlier, based on the Sharity package, allows local users
to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5)
-N, or (6) -u parameters.

Analysis
----------------
ED_PRI CAN-2002-0991 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1000
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1000
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm
Reference: BID:5104
Reference: URL:http://www.securityfocus.com/bid/5104
Reference: XF:analogx-simpleserver-shout-bo(9427)
Reference: URL:http://www.iss.net/security_center/static/9427.php

Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote
attackers to cause a denial of service and execute arbitrary code via
a long request to TCP port 8001.

Analysis
----------------
ED_PRI CAN-2002-1000 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog on the vendor web site includes an
entry for version 1.02 that "Fixed assert error found by Foundstone
[the discloser]."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1024
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1024
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: CERT-VN:VU#290140
Reference: URL:http://www.kb.cert.org/vuls/id/290140
Reference: CISCO:20020627 Scanning for SSH Can Cause a Crash
Reference: URL:http://www.cisco.com/warp/public/707/SSH-scanning.shtml
Reference: XF:cisco-ssh-scan-dos(9437)
Reference: URL:http://www.iss.net/security_center/static/9437.php
Reference: BID:5114
Reference: URL:http://www.securityfocus.com/bid/5114

Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote
attackers to cause a denial of service (CPU consumption) via a large
packet that was designed to exploit the SSH CRC32 attack detection
overflow (CVE-2001-0144).

Analysis
----------------
ED_PRI CAN-2002-1024 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0859
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020815
Category: SF
Reference: BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102450188620081&w=2

Buffer overflow in the OpenDataSource function of the Jet engine on
Microsoft SQL Server 2000 allows remote attackers to execute arbitrary
code.

Analysis
----------------
ED_PRI CAN-2002-0859 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: the KB article referenced by NGSSoftware does not
explicitly acknowledge the issue; however, Microsoft did acknowledge
the issue via an email inquiry.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0938
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0938
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html
Reference: BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0
Reference: URL:http://online.securityfocus.com/archive/1/278222
Reference: BID:5026
Reference: URL:http://www.securityfocus.com/bid/5026
Reference: XF:ciscosecure-web-css(9353)
Reference: URL:http://www.iss.net/security_center/static/9353.php

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows
remote attackers to execute arbitrary script or HTML as other web
users via the action argument in a link to setup.exe.

Analysis
----------------
ED_PRI CAN-2002-0938 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0941
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0941
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
Reference: BID:5024
Reference: URL:http://www.securityfocus.com/bid/5024
Reference: XF:ncipher-consolecallback-passphrase-leak(9354)
Reference: URL:http://www.iss.net/security_center/static/9354.php

The ConsoleCallBack class for nCipher running under JRE 1.4.0 and
1.4.0_01, as used by the TrustedCodeTool and possibly other
applications, may leak a passphrase when the user aborts an
application that is prompting for the passphrase, which could allow
attackers to gain privileges.

Analysis
----------------
ED_PRI CAN-2002-0941 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0944
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0944
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 DeepMetrix LiveStats javascript injection
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0207.html
Reference: XF:livestats-report-execute-code(9390)
Reference: URL:http://www.iss.net/security_center/static/9390.php
Reference: BID:5047
Reference: URL:http://www.securityfocus.com/bid/5047

Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03
through 6.2.1 allows remote attackers to execute arbitrary script as
the LiveStats user via the (1) user-agent or (2) referrer, which are
not filtered by the stats program.

Analysis
----------------
ED_PRI CAN-2002-0944 2
Vendor Acknowledgement: yes via-email

ACKNOWLEDGEMENT: an email inquiry was sent to support@deepmetrix.com
on August 10, 2002.  A response was received on August 14, 2002: "At
this time we are aware of this issue and it currently being researched
for the best possible solution.  Once such a solution has been added
to the LiveStats bundle, it will be posted to the following page:
http://www.deepmetrix.com/livestats6_corp/service/release_notes.asp"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0953
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 PHP source injection in PHPAddress
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html
Reference: BUGTRAQ:20020619 Source Injection into PHPAddress
Reference: URL:http://online.securityfocus.com/archive/1/277987
Reference: XF:phpaddress-include-remote-files(9379)
Reference: URL:http://www.iss.net/security_center/static/9379.php
Reference: BID:5039
Reference: URL:http://www.securityfocus.com/bid/5039

globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen
and register_globals variables enabled, allows remote attackers to
execute arbitrary PHP code via a URL to the code in the LangCookie
parameter.

Analysis
----------------
ED_PRI CAN-2002-0953 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html
Reference: BUGTRAQ:20020627 Cluestick Advisory #001
Reference: URL:http://online.securityfocus.com/archive/1/279683
Reference: XF:netware-imanage-username-dos(9444)
Reference: URL:http://www.iss.net/security_center/static/9444.php
Reference: BID:5117
Reference: URL:http://www.securityfocus.com/bid/5117

Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote
attackers to cause a denial of service (crash) via a long user name.

Analysis
----------------
ED_PRI CAN-2002-1002 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0684
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0684
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020711
Category: SF
Reference: REDHAT:RHSA-2002:139
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html
Reference: BUGTRAQ:20020704 Re: Remote buffer overflow in resolver code of libc
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102581482511612&w=2
Reference: SUSE:SuSE-SA:2002:026
Reference: CERT:CA-2002-19
Reference: CERT-VN:VU#542971
Reference: URL:http://www.kb.cert.org/vuls/id/542971
Reference: MANDRAKE:MDKSA-2002:050
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
Reference: CONECTIVA:CLSA-2002:507
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
Reference: REDHAT:RHSA-2002:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html

Buffer overflow in DNS resolver functions that perform lookup of
network names and addresses, as used in BIND 4.9.8 and ported to glibc
2.2.5 and earlier, allows remote malicious DNS servers to execute
arbitrary code through a subroutine used by functions such as
getnetbyname and getnetbyaddr.

Analysis
----------------
ED_PRI CAN-2002-0684 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-EXEC, SF-CODEBASE

ABSTRACTION: This issue is very similar to CAN-2002-0651, and may be
more closely described by CERT-VN:VU#542971.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0821
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0821
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: REDHAT:RHSA-2002:169

Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers
to cause a denial of service or execute arbitrary code via (1) the BGP
dissector, or (2) the WCP dissector.

Analysis
----------------
ED_PRI CAN-2002-0821 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: the Ethereal advisory does not provide explicit details
for the SOCKS/etc. dissector "core dump" issues.  However, since it
does say that there are "buffer overlfow and pointer problems," this
implies that there are two different types of vulnerabilities; thus
the BGP/WCP buffer overflows and SOCKS/etc. "core dumps" should be
given separate identifiers.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0822
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0822
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020801
Category: SF
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00005.html
Reference: CONECTIVA:CLA-2002:505
Reference: REDHAT:RHSA-2002:169

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial
of service and possibly excecute arbitrary code via the (1) SOCKS, (2)
RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core
dump.

Analysis
----------------
ED_PRI CAN-2002-0822 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE, SF-LOC

ABSTRACTION: the Ethereal advisory does not provide explicit details
for the SOCKS/etc. dissector "core dump" issues.  However, since it
does say that there are "buffer overlfow and pointer problems," this
implies that there are two different types of vulnerabilities; thus
the BGP/WCP buffer overflows and SOCKS/etc. "core dumps" should be
given separate identifiers.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0827
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0827
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020806
Category: unknown
Reference: CALDERA:CSSA-2002-SCO.27.txt
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27/CSSA-2002-SCO.27.txt
Reference: XF:ppptalk-local-elevated-privileges(9380)
Reference: URL:http://www.iss.net/security_center/static/9380.php
Reference: BID:5051
Reference: URL:http://www.securityfocus.com/bid/5051

Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows
local users to gain root privileges via (1) ppptalk or (2) ppp, a
different vulnerability than CAN-2002-0824.

Analysis
----------------
ED_PRI CAN-2002-0827 3
Vendor Acknowledgement: yes advisory
Content Decisions: VAGUE

ABSTRACTION/INCLUSION: CD:VAGUE suggests that vague advisories from
vendors should be provided with different CVE identifiers.  In this
case, security@caldera.com explicitly confirmed that this is a
different issue than CAN-2002-0824.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0925
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0925
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html
Reference: BUGTRAQ:20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/276523
Reference: CONFIRM:http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt
Reference: CONFIRM:http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt
Reference: BID:4990
Reference: URL:http://www.securityfocus.com/bid/4990
Reference: XF:mmmail-mmsyslog-format-string(9336)
Reference: URL:http://www.iss.net/security_center/static/9336.php
Reference: BID:4999
Reference: URL:http://www.securityfocus.com/bid/4999
Reference: XF:mmftpd-mmsyslog-format-string(9337)
Reference: URL:http://www.iss.net/security_center/static/9337.php

Format string vulnerability in mmsyslog function allows remote
attackers to execute arbitrary code via (1) the USER command to
mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd
for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7
and earlier.

Analysis
----------------
ED_PRI CAN-2002-0925 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-CODEBASE, SF-EXEC

ACKNOWLEDGEMENT: the changelog for mmmail 0.0.8, dated June 4, 2002,
states: "A pretty serious bug was fixed (which only affected
glibc-based systems), where syslog() would potentially be called with
user supplied parts, including fmt sequences," and credits the
researchers. A similar entry is included in the changelog for mmmail
0.0.14. ABSTRACTION: CD:SF-CODEBASE suggests combining issues that
stem from the same codebase. While that is not quite the case here,
the fact that there's the same vendor, same filename, same function,
and same patch (and same diff), suggests that this issue should be
treated as a same-codebase issue. On the other hand, the mmail and
mmftpd packages are separately available for download, which would
suggest a SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0926
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0926
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020617 Directory Traversal in Wolfram Research's webMathematica
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0174.html
Reference: XF:webmathematica-dot-directory-traversal(9373)
Reference: URL:http://www.iss.net/security_center/static/9373.php
Reference: BID:5035
Reference: URL:http://www.securityfocus.com/bid/5035

Directory traversal vulnerability in Wolfram Research webMathematica
allows remote attackers to read arbitrary files via a .. (dot dot) in
the MSPStoreID parameter.

Analysis
----------------
ED_PRI CAN-2002-0926 3
Vendor Acknowledgement: unknown discloser-claimed

ACKNOWLEDGEMENT: email inquiry sent to support@wolfram.com on August
2, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0928
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020621 Pirch 98 Link Handling Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0256.html
Reference: BID:5079
Reference: URL:http://www.securityfocus.com/bid/5079
Reference: XF:pirch-irc-link-bo(9409)
Reference: URL:http://www.iss.net/security_center/static/9409.php

Buffer overflow in the Pirch 98 IRC client allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
long hyperlink in a channel or private message.

Analysis
----------------
ED_PRI CAN-2002-0928 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0929
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0929
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020625 [VulnWatch] cqure.net.20020604.netware_dhcpsrvr
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0126.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2962999
Reference: BID:5097
Reference: URL:http://www.securityfocus.com/bid/5097
Reference: XF:netware-dhcp-dos(9428)
Reference: URL:http://www.iss.net/security_center/static/9428.php

Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote
attackers to cause a denial of service (reboot) via long DHCP
requests.

Analysis
----------------
ED_PRI CAN-2002-0929 3
Vendor Acknowledgement: yes
Content Decisions: VAGUE, SF-LOC

ACKNOWLEDGEMENT: the vendor has a technical information document with
a "DHCP vulnerability fix," in which "The NetWare server would abend
when receiving a 'non-standard' dhcp request." Since this document was
created 12JUL2002 (2 weeks after disclosure), and it uses the same
phrasing as the original Bugtraq posts, there is sufficient evidence
that the document addresses this issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0930
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0930
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020625 cqure.net.20020521.netware_nwftpd_fmtstr
Reference: URL:http://online.securityfocus.com/archive/1/278689
Reference: VULNWATCH:20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html
Reference: BID:5099
Reference: URL:http://www.securityfocus.com/bid/5099
Reference: XF:netware-ftp-username-dos(9429)
Reference: URL:http://www.iss.net/security_center/static/9429.php

Format string vulnerability in the FTP server for Novell Netware 6.0
SP1 (NWFTPD) allows remote attackers to cause a denial of service
(ABEND) via format strings in the USER command.

Analysis
----------------
ED_PRI CAN-2002-0930 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0935
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0935
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
Reference: BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/277940
Reference: XF:tomcat-null-thread-dos(9396)
Reference: URL:http://www.iss.net/security_center/static/9396.php
Reference: BID:5067
Reference: URL:http://www.securityfocus.com/bid/5067

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta,
allows remote attackers to cause a denial of service (resource
exhaustion) via a large number of requests to the server with null
characters, which causes the working threads to hang.

Analysis
----------------
ED_PRI CAN-2002-0935 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0940
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0940
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020513 nCipher Security Advisory #3: MSCAPI CSP Install Wizard
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0103.html
Reference: BUGTRAQ:20020617 nCipher Advisory #3: MSCAPI keys erroneously module-protected - update
Reference: URL:http://online.securityfocus.com/archive/1/277241
Reference: BID:4729
Reference: URL:http://online.securityfocus.com/bid/4729

domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use
Operator Card Set protected keys when the user requests them but does
not generate the Operator Card Set, which results in a lower
protection level than specified by the user (module protection only).

Analysis
----------------
ED_PRI CAN-2002-0940 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests that two problems of the same type,
with different versions, should be SPLIT. The domesticinstall.exe
issue is in 5.50 and 5.54, but the Install Wizard is only in 5.50.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0942
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0942
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020614 Lumigent Log Explorer 3.xx extended stored procedures buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.html
Reference: BUGTRAQ:20020614 Follow-up on Lumigent Log Explorer 3.xx extended stored  procedures buffer  overflow
Reference: URL:http://online.securityfocus.com/archive/1/277026
Reference: CONFIRM:http://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htm
Reference: BID:5016
Reference: URL:http://www.securityfocus.com/bid/5016
Reference: BID:5017
Reference: URL:http://www.securityfocus.com/bid/5017
Reference: BID:5018
Reference: URL:http://www.securityfocus.com/bid/5018
Reference: XF:logexplorer-mssql-xplogattach-bo(9346)
Reference: URL:http://www.iss.net/security_center/static/9346.php

Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers
with database permissions to execute arbitrary code via long arguments
to the extended stored procedures (1) xp_logattach_StartProf, (2)
xp_logattach_setport, or (3) xp_logattach.

Analysis
----------------
ED_PRI CAN-2002-0942 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-EXEC

ACCURACY/ABSTRACTION: The vendor's release notes include an item for
version 3.02 that states "Log Explorer version 3.02 fixes the buffer
overflow problem that occurs with some extended stored procedures when
a parameter passed to these procedures is excessively long."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0943
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0943
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020618 Metacart vuln.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0200.html
Reference: XF:metacart2sql-insecure-database-access(9393)
Reference: URL:http://www.iss.net/security_center/static/9393.php
Reference: BID:5042
Reference: URL:http://www.securityfocus.com/bid/5042

MetaCart2.sql stores the user database under the web document root
without access controls, which allows remote attackers to obtain
sensitive information such as passwords and credit card numbers via a
direct request for metacart.mdb.

Analysis
----------------
ED_PRI CAN-2002-0943 3
Vendor Acknowledgement:

ACKNOWLEDGEMENT: email inquiry sent to webmaster@metalinks.com (the
only available address) oin August 10, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0948
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0948
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020613 Re: SSI & CSS execution in MakeBook 2.2
Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html
Reference: BUGTRAQ:20020612 SSI & CSS execution in MakeBook 2.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html
Reference: CONFIRM:http://www.tesol.net/scriptmail.html
Reference: CONFIRM:http://www.linguistic-funland.com/scripts/MakeBook/makebook.script
Reference: BID:4996
Reference: URL:http://online.securityfocus.com/bid/4996
Reference: XF:makebook-name-field-validation(9356)
Reference: URL:http://www.iss.net/security_center/static/9356.php

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers
to execute script as other visitors, or execute server-side includes
(SSI) as the web server, via the (1) Name or (2) Email parameters,
which are not properly filtered.

Analysis
----------------
ED_PRI CAN-2002-0948 3
Vendor Acknowledgement: yes followup
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: On the Author's main web page, the Author states:
"Yo, BugTraq visitors... The exploit you're trying only works if what
you enter is posted to an HTML page on a server that executes SSI (SSI
exploit) or posted to any general HTML page (CSS/Javascript exploit)."
The source code for the makebook script also filters the characters.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0950
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0950
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020613 [SNS Advisory No.54] Active! mail Executing the Script upon the Opening of a Mail Message Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0108.html
Reference: BID:5007
Reference: URL:http://www.securityfocus.com/bid/5007
Reference: XF:activemail-script-tag-header(9358)
Reference: URL:http://www.iss.net/security_center/static/9358.php

Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and
2.0 allows remote attackers to execute arbitrary code via a certain
e-mail header, which is not properly filtered.

Analysis
----------------
ED_PRI CAN-2002-0950 3
Vendor Acknowledgement: unknown foreign

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0951
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0951
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020613 [LBYTE] Ruslan Communications <BODY>Builder SQL modification
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0120.html
Reference: BID:5008
Reference: URL:http://www.securityfocus.com/bid/5008
Reference: XF:bodybuilder-bypass-authentication(9359)
Reference: URL:http://www.iss.net/security_center/static/9359.php

SQL injection vulnerability in Ruslan <Body>Builder allows remote
attackers to gain administrative privileges via a "'--" sequence in
the username and password.

Analysis
----------------
ED_PRI CAN-2002-0951 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0954
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020712 The answer to the PIX encryption issue
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102651159507659&w=2
Reference: VULNWATCH:20020621 [VulnWatch] Weak Cisco Pix Password Encryption Algorithm
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0121.html

The encryption algorithms for enable and passwd commands on Cisco PIX
Firewall can be executed quickly due to a limited number of rounds,
which make it easier for an attacker to decrypt the passwords using
brute force techniques.

Analysis
----------------
ED_PRI CAN-2002-0954 3
Vendor Acknowledgement: unknown vague
Content Decisions: DESIGN-WEAK-ENCRYPTION

INCLUSION: The weak encryption issue still requires a brute force
attack, although less brute force is needed than in other products.
ACKNOLWEDGEMENT: the vendor posts a follow-up that focuses on the
limited scope of the attack. It is unclear whether the vendor agrees
with the claimes (in whole or in part), so this cannot be regarded as
vendor acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0955
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0955
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020621 [AP] YaBB Cross-Site Scripting vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html
Reference: BID:5078
Reference: URL:http://www.securityfocus.com/bid/5078
Reference: XF:yabb-invalid-thread-xss(9408)
Reference: URL:http://www.iss.net/security_center/static/9408.php

Cross-site scripting vulnerability in YaBB.cgi for Yet Another
Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers
to execute arbitrary script as other web site visitors via script in
the num parameter, which is not filtered in the resulting error
message.

Analysis
----------------
ED_PRI CAN-2002-0955 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0957
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0957
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: VULNWATCH:20020619 [VulnWatch] KPMG-2002023: BlackICE Agent Temporary Memory Buildup
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0114.html
Reference: XF:blackice-excessive-memory-consumption(9405)
Reference: URL:http://www.iss.net/security_center/static/9405.php

The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a
high tcp.maxconnections setting, which could allow remote attackers to
cause a denial of service (memory consumption) via a large number of
connections to the BlackICE system that consumes more resources than
intended by the user.

Analysis
----------------
ED_PRI CAN-2002-0957 3
Vendor Acknowledgement: yes
Content Decisions: CF-DEFAULT, SECTOOL-DESIGN

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0964
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0964
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020620 Half-life fake players bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html
Reference: XF:halflife-mulitple-player-dos(9412)
Reference: URL:http://www.iss.net/security_center/static/9412.php
Reference: BID:5076
Reference: URL:http://www.securityfocus.com/bid/5076

Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause
a denial of service (resource exhaustion) via multiple responses to
the initial challenge with different cd_key values, which reaches the
player limit and prevents other players from connecting until the
original responses have timed out.

Analysis
----------------
ED_PRI CAN-2002-0964 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0966
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0966
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020816
Category: SF
Reference: BUGTRAQ:20020618 4D 6.7 DOS and Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0208.html
Reference: XF:4d-long-http-bo(9374)
Reference: URL:http://www.iss.net/security_center/static/9374.php
Reference: BID:5045
Reference: URL:http://www.securityfocus.com/bid/5045

Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause
a denial of service and possibly execute arbitrary code via a long
HTTP request.

Analysis
----------------
ED_PRI CAN-2002-0966 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, VAGUE, INCLUSION

INCLUSION: This may be a similar issue to CAN-2002-0578, since both
are buffer overflows and the 6.7.3 version is specified. Therefore it
may be appropriate to merge issues as recommended by CD:SF-LOC. For
this report, though, the notifier claims that version 6.8 addresses
doesn't have this problem, in which case it could be that
CAN-2002-0578 was not fixed, but this issue was, in which case
CD:SF-LOC would suggest a SPLIT.  Or something like that.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1008
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1008
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020827
Category: SF
Reference: BUGTRAQ:20020626 ALERT: Lil'HTTP Server (Summit Computer Networks)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html
Reference: BUGTRAQ:20020708 Technical Details of Urlcount.cgi Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html
Reference: XF:lilhttp-report-urlcount-xss(9445)
Reference: URL:http://www.iss.net/security_center/static/9445.php
Reference: BID:5115
Reference: URL:http://www.securityfocus.com/bid/5115

Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as
included in Lil' HTTP web server, allows remote attackers to execute
arbitrary web script in other web browsers via a request to
urlcount.cgi that contains the script, which is not filtered when the
REPORT capability prints the original request.

Analysis
----------------
ED_PRI CAN-2002-1008 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20020830
Assigned: 20020830
Category: SF
Reference: BUGTRAQ:20020617 Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing
Reference: URL:http://online.securityfocus.com/archive/1/277307
Reference: BUGTRAQ:20020617 ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS
Reference: URL:http://online.securityfocus.com/archive/1/277242
Reference: BUGTRAQ:20020617 Follow: ZyXEL 642R-11 AJ.6 service DoS -- additional informations
Reference: URL:http://online.securityfocus.com/archive/1/277303
Reference: XF:zyxel-tcp-packet-dos(9372)
Reference: URL:http://www.iss.net/security_center/static/9372.php
Reference: BID:5034
Reference: URL:http://www.securityfocus.com/bid/5034

ZyXEL Prestige 642R allows remote attackers to cause a denial of
service in the Telnet, FTP, and DHCP services (crash) via a TCP packet
with both the SYN and ACK flags set.

Analysis
----------------
ED_PRI CAN-2002-1071 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007