|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-104 - 37 candidates
I am proposing cluster RECENT-104 for review and voting by the Editorial Board. Name: RECENT-104 Description: CANs announced between 2002/08/16 and 2002/08/29 Size: 37 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0647 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0647 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020628 Category: SF Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". Analysis ---------------- ED_PRI CAN-2002-0647 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0648 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0648 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020628 Category: SF Reference: BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011639524314&w=2 Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file. Analysis ---------------- ED_PRI CAN-2002-0648 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0691 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0691 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource"as identified by CAN-2002-0189. Analysis ---------------- ED_PRI CAN-2002-0691 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0722 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0722 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103054692223380&w=2 Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." Analysis ---------------- ED_PRI CAN-2002-0722 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0723 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0723 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-047.asp Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." Analysis ---------------- ED_PRI CAN-2002-0723 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0724 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0724 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: BUGTRAQ:20020822 CORE-20020618: Vulnerabilities in Windows SMB (DoS) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011556323184&w=2 Reference: MS:MS02-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-045.asp Reference: CERT-VN:VU#311619 Reference: URL:http://www.kb.cert.org/vuls/id/311619 Reference: CERT-VN:VU#342243 Reference: URL:http://www.kb.cert.org/vuls/id/342243 Reference: CERT-VN:VU#250635 Reference: URL:http://www.kb.cert.org/vuls/id/250635 Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". Analysis ---------------- ED_PRI CAN-2002-0724 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0726 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: ATSTAKE:A082802-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a082802-1.txt Reference: MS:MS02-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-046.asp Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. Analysis ---------------- ED_PRI CAN-2002-0726 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0727 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: MS:MS02-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp Reference: BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829645415486&w=2 Reference: XF:owc-spreadsheet-host-script-execution (8777) Reference: URL:http://www.iss.net/security_center/static/8777.php Reference: BID:4449 Reference: URL:http://online.securityfocus.com/bid/4449 The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. Analysis ---------------- ED_PRI CAN-2002-0727 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0860 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: MS:MS02-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp Reference: BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829911018463&w=2 Reference: XF:owc-spreadsheet-loadtext-read-files (8778) Reference: URL:http://www.iss.net/security_center/static/8778.php Reference: BID:4453 Reference: URL:http://online.securityfocus.com/bid/4453 The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. Analysis ---------------- ED_PRI CAN-2002-0860 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0861 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0861 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020815 Category: SF Reference: MS:MS02-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-044.asp Reference: BUGTRAQ:20020408 Controlling the clipboard with OWC in IE (GM#007-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101829726516346&w=2 Reference: XF:owc-spreadsheet-clipboard-access (8779) Reference: URL:http://www.iss.net/security_center/static/8779.php Reference: BID:4457 Reference: URL:http://online.securityfocus.com/bid/4457 Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object. Analysis ---------------- ED_PRI CAN-2002-0861 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0875 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0875 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020816 Category: SF Reference: DEBIAN:DSA-154 Reference: URL:http://www.debian.org/security/2002/dsa-154 Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. Analysis ---------------- ED_PRI CAN-2002-0875 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0973 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0973 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: FREEBSD:FreeBSD-SA-02:38.signed-error Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102976839728706&w=2 Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. Analysis ---------------- ED_PRI CAN-2002-0973 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0981 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020822 Category: SF Reference: CALDERA:CSSA-2002-SCO.36 Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line. Analysis ---------------- ED_PRI CAN-2002-0981 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0984 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0984 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020823 Category: SF Reference: DEBIAN:DSA-156 Reference: URL:http://www.debian.org/security/2002/dsa-156 The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. Analysis ---------------- ED_PRI CAN-2002-0984 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0987 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020826 Category: SF Reference: CALDERA:CSSA-2002-SCO.38 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38 X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges. Analysis ---------------- ED_PRI CAN-2002-0987 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0988 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020826 Category: SF Reference: CALDERA:CSSA-2002-SCO.38 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38 Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities. Analysis ---------------- ED_PRI CAN-2002-0988 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0989 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020827 Category: SF Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog Reference: DEBIAN:DSA-158 Reference: URL:http://www.debian.org/security/2002/dsa-158 Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728 Reference: BUGTRAQ:20020827 GLSA: gaim Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2 The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link. Analysis ---------------- ED_PRI CAN-2002-0989 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1053 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html Reference: CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1 Reference: BID:5506 Reference: URL:http://www.securityfocus.com/bid/5506 Reference: XF:jigsaw-http-proxy-xss(9914) Reference: URL:http://www.iss.net/security_center/static/9914.php Cross-site scripting vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message. Analysis ---------------- ED_PRI CAN-2002-1053 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the vendor's changelog for 2.2.1 says "Added a flag to remove the URI from default error pages as well as the proxy module (SECURITY FIX: avoiding cross scripting attacks)." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1079 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html Reference: XF:abyss-get-directory-traversal(9941) Reference: URL:http://www.iss.net/security_center/static/9941.php Reference: XF:abyss-http-directory-traversal(9940) Reference: URL:http://www.iss.net/security_center/static/9940.php Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1079 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the vendor includes a statement dated August 19, 2002, of a patch for 1.03 regarding "two bugs related to URLs decoding (thanks to Auriemma Luigi)," the original discloser. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1081 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html Reference: XF:abyss-plus-file-disclosure(9956) Reference: URL:http://www.iss.net/security_center/static/9956.php The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character. Analysis ---------------- ED_PRI CAN-2002-1081 1 Vendor Acknowledgement: yes ACKNOWLEDGEMENT: the vendor includes a statement dated August 19, 2002, of a patch for 1.03 regarding "two bugs related to URLs decoding (thanks to Auriemma Luigi)," the original discloser. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0725 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0725 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020722 Category: SF Reference: ATSTAKE:A081602-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a081602-1.txt NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. Analysis ---------------- ED_PRI CAN-2002-0725 2 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0654 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0654 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020702 Category: SF Reference: BUGTRAQ:20020816 Apache 2.0.39 directory traversal and path disclosure bug Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102951160411052&w=2 Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0 Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Analysis ---------------- ED_PRI CAN-2002-0654 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0699 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0699 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020712 Category: SF Reference: MS:MS02-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-048.asp Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Analysis ---------------- ED_PRI CAN-2002-0699 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0834 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0834 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020808 Category: SF Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00006.html Reference: REDHAT:RHSA-2002:169 Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. Analysis ---------------- ED_PRI CAN-2002-0834 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0971 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0971 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020821 Win32 API 'shatter' vulnerability found in VNC-based products Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102994289123085&w=2 Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. Analysis ---------------- ED_PRI CAN-2002-0971 3 Vendor Acknowledgement: unknown Content Decisions: SF-CODEBASE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0972 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0972 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020820 @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102987608300785&w=2 Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial of service and possibly execute arbitrary code via long arguments to the functions (1) lpad or (2) rpad. Analysis ---------------- ED_PRI CAN-2002-0972 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0975 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0975 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020816 Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102953851705859&w=2 Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter. Analysis ---------------- ED_PRI CAN-2002-0975 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0976 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0976 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020817 Internet explorer can read local files Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102960731805373&w=2 Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet. Analysis ---------------- ED_PRI CAN-2002-0976 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0977 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0977 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value. Analysis ---------------- ED_PRI CAN-2002-0977 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0978 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020817 Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0189.html Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function. Analysis ---------------- ED_PRI CAN-2002-0978 3 Vendor Acknowledgement: unknown discloser-claimed Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0979 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0979 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020821 Category: SF Reference: BUGTRAQ:20020817 Enableing java logging in MSIE is dangerous Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102961031107261&w=2 The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-0979 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0982 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0982 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020822 Category: SF Reference: BUGTRAQ:20020822 Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103004505027360&w=2 Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. Analysis ---------------- ED_PRI CAN-2002-0982 3 Vendor Acknowledgement: unknown vague ACCURACY: the disclosers suggested that MS:MS02-043 may address this issue, however it does not specifically mention this problem, so there is insufficient information to know for sure. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0983 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0983 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020823 Category: SF Reference: DEBIAN:DSA-157 Reference: URL:http://www.debian.org/security/2002/dsa-157 Reference: BID:5055 Reference: URL:http://www.securityfocus.com/bid/5055 IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0983 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0985 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0985 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 The mail function in PHP 4.x to 4.2.2 may allow remote attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. Analysis ---------------- ED_PRI CAN-2002-0985 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0986 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020823 Category: SF Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103011916928204&w=2 The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Analysis ---------------- ED_PRI CAN-2002-0986 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1069 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Re: possible exploit: D-Link DI-804 unauthorized DHCP release Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103004834131542&w=2 Reference: BUGTRAQ:20020822 possible exploit: D-Link DI-804 unauthorized DHCP release from WAN Reference: URL:http://online.securityfocus.com/archive/1/288584 Reference: XF:dlink-admin-dhcp-release(9967) Reference: URL:http://www.iss.net/security_center/static/9967.php Reference: XF:dlink-admin-device-information(9969) Reference: URL:http://www.iss.net/security_center/static/9969.php Reference: BID:5544 Reference: URL:http://www.securityfocus.com/bid/5544 Reference: BID:5553 Reference: URL:http://www.securityfocus.com/bid/5553 The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. Analysis ---------------- ED_PRI CAN-2002-1069 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1080 Final-Decision: Interim-Decision: Modified: Proposed: 20020830 Assigned: 20020830 Category: SF Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html Reference: XF:abyss-admin-console-access(9957) Reference: URL:http://www.iss.net/security_center/static/9957.php Reference: BID:5548 Reference: URL:http://www.securityfocus.com/bid/5548 The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. Analysis ---------------- ED_PRI CAN-2002-1080 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
