[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster CERT-2003a - 40 candidates



I am proposing cluster CERT-2003a for review and voting by the
Editorial Board.

Name: CERT-2003a
Description: CANs in CERT advisories or vulnerability notes from 2002/2003
Size: 40

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0036
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0036
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020116
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#587579
Reference: URL:http://www.kb.cert.org/vuls/id/587579

Integer signedness error in MIT Kerberos V5 ASN.1 decoder allows
remote attackers to cause a denial of service via a large unsigned
data element length, which is later used as a negative value.

Analysis
----------------
ED_PRI CAN-2002-0036 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0836
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0836
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: REDHAT:RHSA-2002:194
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html
Reference: MANDRAKE:MDKSA-2002:070
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
Reference: DEBIAN:DSA-207
Reference: URL:http://www.debian.org/security/2002/dsa-207
Reference: BUGTRAQ:20021018 GLSA: tetex
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103497852330838&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005975415582&w=2
Reference: CONECTIVA:CLA-2002:537
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
Reference: HP:HPSBTL0210-073
Reference: URL:http://www.securityfocus.com/advisories/4567
Reference: CERT-VN:VU#169841
Reference: URL:http://www.kb.cert.org/vuls/id/169841
Reference: BID:5978
Reference: URL:http://www.securityfocus.com/bid/5978
Reference: XF:dvips-system-execute-commands(10365)
Reference: URL:http://www.iss.net/security_center/static/10365.php

dvips converter for Postscript files in the tetex package calls the
system() function insecurely, which allows remote attackers to execute
arbitrary commands via certain print jobs, possibly involving fonts.

Analysis
----------------
ED_PRI CAN-2002-0836 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0840
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0840
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103357160425708&w=2
Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2
Reference: CONECTIVA:CLA-2002:530
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Reference: ENGARDE:ESA-20021007-024
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Reference: MANDRAKE:MDKSA-2002:068
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2
Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Reference: SGI:20021105-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Reference: CERT-VN:VU#240329
Reference: URL:http://www.kb.cert.org/vuls/id/240329

Cross-site scripting (XSS) vulnerability in the default error page of
Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when
UseCanonicalName is "Off" and support for wildcard DNS is present,
allows remote attackers to execute script as other web page visitors
via the Host: header, a different vulnerability than CAN-2002-1157.

Analysis
----------------
ED_PRI CAN-2002-0840 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0842
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0842
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2
Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549708626309&w=2
Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
Reference: CERT-VN:VU#849993
Reference: URL:http://www.kb.cert.org/vuls/id/849993
Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn.  Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104559446010858&w=2
Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104560577227981&w=2
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-February/004258.html
Reference: XF:oracle-appserver-davpublic-dos(11330)
Reference: URL:http://www.iss.net/security_center/static/11330.php

Format string vulnerability in certain third party modifications to
mod_dav for logging bad gateway messages (e.g. Oracle9i Application
Server 9.0.2) allows remote attackers to execute arbitrary code via a
destination URI that forces a "502 Bad Gateway" response, which causes
the format string specifiers to be returned from dav_lookup_uri() in
mod_dav.c, which is then used in a call to ap_log_rerror().

Analysis
----------------
ED_PRI CAN-2002-0842 1
Vendor Acknowledgement: yes advisory

ACCURACY: a SCO advisory was released which mentioned this CAN, but it
was quickly rescinded.  This CAN is for the issue addressed by Oracle
only.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1103
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1103
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: CERT-VN:VU#761651
Reference: URL:http://www.kb.cert.org/vuls/id/761651

Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5,
allows remote attackers to cause a denial of service via (1) malformed
or (2) large ISAKMP packets.

Analysis
----------------
ED_PRI CAN-2002-1103 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1146
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: REDHAT:RHSA-2002:197
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html
Reference: CERT-VN:VU#738331
Reference: URL:http://www.kb.cert.org/vuls/id/738331
Reference: NETBSD:NetBSD-SA2002-015
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
Reference: FREEBSD:FreeBSD-SA-02:42
Reference: XF:dns-resolver-lib-read-bo(10295)
Reference: URL:http://www.iss.net/security_center/static/10295.php
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries
such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum
buffer size instead of the actual size when processing a DNS response,
which causes the stub resolvers to read past the actual boundary
("read buffer overflow"), allowing remote attackers to cause a denial
of service (crash).

Analysis
----------------
ED_PRI CAN-2002-1146 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1156
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1156
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020926
Category: SF
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: CERT-VN:VU#910713
Reference: URL:http://www.kb.cert.org/vuls/id/910713
Reference: BID:6065
Reference: URL:http://online.securityfocus.com/bid/6065

Apache 2.0.42 allows remote attackers to view the source code of a CGI
script via a POST request to a directory with both WebDAV and CGI
enabled.

Analysis
----------------
ED_PRI CAN-2002-1156 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The change log for 2.0.43 includes the item:
"SECURITY: Allow POST requests and CGI scripts to work when DAV is
enabled on the location."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1199
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1199
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021011
Category: SF
Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426842025029&w=2
Reference: CERT-VN:VU#538033
Reference: URL:http://www.kb.cert.org/vuls/id/538033
Reference: CALDERA:CSSA-2002-SCO.40
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
Reference: COMPAQ:SSRT2339
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47903
Reference: XF:ypxfrd-file-disclosure(10329)
Reference: URL:http://www.iss.net/security_center/static/10329.php
Reference: BID:5937
Reference: URL:http://www.securityfocus.com/bid/5937

The getdbm procedure in ypxfrd allows local users to read arbitrary
files, and remote attackers to read databases outside /var/yp, via a
directory traversal and symlink attack on the domain and map
arguments.

Analysis
----------------
ED_PRI CAN-2002-1199 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1219
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#852283
Reference: URL:http://www.kb.cert.org/vuls/id/852283
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: SGI:20021201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
Reference: BID:6160
Reference: URL:http://www.securityfocus.com/bid/6160

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8
versions 8.3.3 and earlier, allows remote attackers to execute
arbitrary code via a certain DNS server response containing SIG
resource records (RR).

Analysis
----------------
ED_PRI CAN-2002-1219 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1220
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#229595
Reference: URL:http://www.kb.cert.org/vuls/id/229595
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of
service (termination due to assertion failure) via a request for a
subdomain that does not exist, with an OPT resource record with a
large UDP payload size.

Analysis
----------------
ED_PRI CAN-2002-1220 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1221
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021016
Category: SF
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103713117612842&w=2
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#581682
Reference: URL:http://www.kb.cert.org/vuls/id/581682
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ENGARDE:ESA-20021114-029
Reference: SUSE:SuSE-SA:2002:044
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103763574715133&w=2

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of
service (crash) via SIG RR elements with invalid expiry times, which
are removed from the internal BIND database and later cause a null
dereference.

Analysis
----------------
ED_PRI CAN-2002-1221 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1265
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021104
Category: SF
Reference: CERT-VN:VU#266817
Reference: URL:http://www.kb.cert.org/vuls/id/266817
Reference: SGI:20021103-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:sun-rpc-libc-dos(10539)
Reference: URL:http://www.iss.net/security_center/static/10539.php

The Sun RPC functionality in multiple libc implementations does not
provide a time-out mechanism when reading data from TCP connections,
which allows remote attackers to cause a denial of service (hang).

Analysis
----------------
ED_PRI CAN-2002-1265 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1272
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1272
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021106
Category: SF
Reference: CERT:CA-2002-32
Reference: URL:http://www.cert.org/advisories/CA-2002-32.html
Reference: CERT-VN:VU#181721
Reference: URL:http://www.kb.cert.org/vuls/id/181721
Reference: BID:6220
Reference: URL:http://online.securityfocus.com/bid/6220

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a
back door telnet server that was intended for development but not
removed before distribution, which allows remote attackers to gain
administrative privileges.

Analysis
----------------
ED_PRI CAN-2002-1272 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1296
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1296
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021113
Category: SF
Reference: BUGTRAQ:20021127 Solaris priocntl exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103842619803173&w=2
Reference: CERT-VN:VU#683673
Reference: URL:http://www.kb.cert.org/vuls/id/683673
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
Reference: BID:6262
Reference: URL:http://online.securityfocus.com/bid/6262
Reference: XF:solaris-priocntl-pcclname-modules(10717)
Reference: URL:http://www.iss.net/security_center/static/10717.php

Directory traversal vulnerability in priocntl system call in Solaris
does allows local users to execute arbitrary code via ".." sequences
in the pc_clname field of a pcinfo_t structure, which cause priocntl
to load a malicious kernel module.

Analysis
----------------
ED_PRI CAN-2002-1296 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1317
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1317
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021125
Category: SF
Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825150527843&w=2
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
Reference: CERT:CA-2002-34
Reference: URL:http://www.cert.org/advisories/CA-2002-34.html
Reference: SGI:20021202-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
Reference: XF:solaris-fsauto-execute-code(10375)
Reference: URL:http://www.iss.net/security_center/static/10375.php

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on
Solaris 2.5.1 through 9 allows remote attackers to cause a denial of
service (crash) or execute arbitrary code via a certain XFS query.

Analysis
----------------
ED_PRI CAN-2002-1317 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1327
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1327
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021126
Category: SF
Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104025849109384&w=2
Reference: MS:MS02-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-072.asp
Reference: CERT:CA-2002-37
Reference: URL:http://www.cert.org/advisories/CA-2002-37.html
Reference: CERT-VN:VU#591890
Reference: URL:http://www.kb.cert.org/vuls/id/591890

Buffer overflow in the Windows Shell function in Microsoft Windows XP
allows remote attackers to execute arbitrary code via an .MP3 or .WMA
audio file with a corrupt custom attribute, aka "Unchecked Buffer in
Windows Shell Could Enable System Compromise."

Analysis
----------------
ED_PRI CAN-2002-1327 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1337
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021203
Category: SF
Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Reference: CONFIRM:http://www.sendmail.org/8.12.8.html
Reference: BUGTRAQ:20030303 sendmail 8.12.8 available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104673778105192&w=2
Reference: CERT:CA-2003-07
Reference: URL:http://www.cert.org/advisories/CA-2003-07.html
Reference: FREEBSD:FreeBSD-SA-03:04
Reference: REDHAT:RHSA-2003:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html
Reference: SGI:20030301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Reference: AIXAPAR:IY40500
Reference: AIXAPAR:IY40501
Reference: AIXAPAR:IY40502
Reference: CERT-VN:VU#398025
Reference: URL:http://www.kb.cert.org/vuls/id/398025
Reference: SUSE:SuSE-SA:2003:013
Reference: MANDRAKE:MDKSA-2003:028
Reference: NETBSD:NetBSD-SA2003-002
Reference: CONECTIVA:CLA-2003:571
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Reference: DEBIAN:DSA-257
Reference: URL:http://www.debian.org/security/2003/dsa-257
Reference: HP:HPSBUX0302-246
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104679411316818&w=2
Reference: CALDERA:CSSA-2003-SCO.6
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Reference: CALDERA:CSSA-2003-SCO.5
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Reference: BUGTRAQ:20030304 GLSA:  sendmail (200303-4)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862409849&w=2
Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678862109841&w=2
Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104678739608479&w=2
Reference: XF:sendmail-header-processing-bo(10748)
Reference: URL:http://www.iss.net/security_center/static/10748.php

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to
execute arbitrary code via certain formatted address fields, related
to sender and recipient header comments as processed by the crackaddr
function of headers.c.

Analysis
----------------
ED_PRI CAN-2002-1337 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1361
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1361
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103912513522807&w=2
Reference: CERT:CA-2002-35
Reference: URL:http://www.cert.org/advisories/CA-2002-35.html
Reference: CERT-VN:VU#810921
Reference: URL:http://www.kb.cert.org/vuls/id/810921
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security
Hardening Patch) installed allows remote attackers to execute
arbitrary code via a POST request with shell metacharacters in the
email parameter.

Analysis
----------------
ED_PRI CAN-2002-1361 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1413
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1413
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html
Reference: CERT-VN:VU#746251
Reference: URL:http://www.kb.cert.org/vuls/id/746251
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963349
Reference: XF:netware-rconj-no-password(9928)
Reference: URL:http://www.iss.net/security_center/static/9928.php
Reference: BID:5541
Reference: URL:http://www.securityfocus.com/bid/5541

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode,
allows remote attackers to bypass authentication using the RconJ
"Secure IP" (SSL) option during a connection.

Analysis
----------------
ED_PRI CAN-2002-1413 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0001
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: ATSTAKE:A010603-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a010603-1.txt
Reference: BUGTRAQ:20030110 More information regarding Etherleak
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104222046632243&w=2
Reference: VULNWATCH:20030110 More information regarding Etherleak
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html
Reference: MISC:http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
Reference: CERT-VN:VU#412115
Reference: URL:http://www.kb.cert.org/vuls/id/412115
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html

Multiple ethernet Network Interface Card (NIC) device drivers do not
pad frames with null bytes, which allows remote attackers to obtain
information from previous packets or kernel memory by using malformed
packets, as demonstrated by Etherleak.

Analysis
----------------
ED_PRI CAN-2003-0001 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030102
Category: SF
Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104394414713415&w=2
Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=104393588232166&w=2
Reference: MS:MS03-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-001.asp
Reference: CERT:CA-2003-03
Reference: URL:http://www.cert.org/advisories/CA-2003-03.html
Reference: CERT-VN:VU#610986
Reference: URL:http://www.kb.cert.org/vuls/id/610986

Buffer overflow in the RPC Locator service for Microsoft Windows NT
4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows
XP allows local users to execute arbitrary code via an RPC call to the
service containing certain parameter information.

Analysis
----------------
ED_PRI CAN-2003-0003 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0015
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
Reference: MISC:http://security.e-matters.de/advisories/012003.html
Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2003-January/003606.html
Reference: BUGTRAQ:20030124 Test program for CVS double-free.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2
Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2
Reference: CERT:CA-2003-02
Reference: URL:http://www.cert.org/advisories/CA-2003-02.html
Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-012.html
Reference: REDHAT:RHSA-2003:013
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html
Reference: SUSE:SuSE-SA:2003:0007
Reference: DEBIAN:DSA-233
Reference: URL:http://www.debian.org/security/2003/dsa-233
Reference: CALDERA:CSSA-2003-006.0
Reference: FREEBSD:FreeBSD-SA-03:01
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2
Reference: CALDERA:CSSA-2003-006
Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
Reference: CERT-VN:VU#650937
Reference: URL:http://www.kb.cert.org/vuls/id/650937

Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a malformed Directory request, as demonstrated by bypassing
write checks to execute Update-prog and Checkin-prog commands.

Analysis
----------------
ED_PRI CAN-2003-0015 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0027
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0027
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104326556329850&w=2
Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp
Reference: CERT-VN:VU#850785
Reference: URL:http://www.kb.cert.org/vuls/id/850785

Directory traversal vulnerability in Sun Kodak Color Management System
(KCMS) library service daemon (kcms_server) allows remote attackers to
read arbitrary files via the KCS_OPEN_PROFILE procedure.

Analysis
----------------
ED_PRI CAN-2003-0027 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0058
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0058
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030131
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#661243
Reference: URL:http://www.kb.cert.org/vuls/id/661243

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows
remote authenticated attackers to cause a denial of service (crash) on
KDCs within the same realm via a certain protocol request that causes
a null dereference.

Analysis
----------------
ED_PRI CAN-2003-0058 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0059
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0059
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030131
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#684563
Reference: URL:http://www.kb.cert.org/vuls/id/684563

Unknown vulnerability in the chk_trans.c of the libkrb5 library for
MIT Kerberos V5 before 1.2.5 allows users from one realm to
impersonate users in other realms that have the same inter-realm keys.

Analysis
----------------
ED_PRI CAN-2003-0059 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0060
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0060
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030131
Category: SF
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: CERT-VN:VU#787523
Reference: URL:http://www.kb.cert.org/vuls/id/787523

Format string vulnerabilities in the logging routines for MIT Kerberos
V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in Kerberos principal names.

Analysis
----------------
ED_PRI CAN-2003-0060 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0095
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0095
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030218
Category: SF
Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549693426042&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#953746
Reference: URL:http://www.kb.cert.org/vuls/id/953746
Reference: XF:oracle-username-bo(11328)
Reference: URL:http://www.iss.net/security_center/static/11328.php

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i,
8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via
a long username that is provided during login, as exploitable through
client applications that perform their own authentication, as
demonstrated using LOADPSP.

Analysis
----------------
ED_PRI CAN-2003-0095 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0029
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0029
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020116
Category: SF
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#844360
Reference: URL:http://www.kb.cert.org/vuls/id/844360
Reference: NETBSD:NetBSD-SA2002-028
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc
Reference: SGI:20021201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
Reference: XF:bind-dns-libresolv-bo(10624)
Reference: URL:http://www.iss.net/security_center/static/10624.php
Reference: BID:6186
Reference: URL:http://www.securityfocus.com/bid/6186

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2
through 4.9.10, and other derived libraries such as BSD libc and GNU
glibc, allow remote attackers to execute arbitrary code via DNS server
responses that trigger the overflow in the (1) getnetbyname, or (2)
getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a
different vulnerability than CAN-2002-0684.

Analysis
----------------
ED_PRI CAN-2002-0029 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0370
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0370
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020508
Category: SF
Reference: VULNWATCH:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
Reference: BUGTRAQ:20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103428193409223&w=2
Reference: MS:MS02-054
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp
Reference: CERT-VN:VU#383779
Reference: URL:http://www.kb.cert.org/vuls/id/383779
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: XF:win-zip-decompression-bo(10251)
Reference: URL:http://www.iss.net/security_center/static/10251.php
Reference: BID:5873
Reference: URL:http://www.securityfocus.com/bid/5873

Buffer overflow in the ZIP capability for multiple products allows
remote attackers to cause a denial of service or execute arbitrary
code via ZIP files containing entries with long filenames, including
(1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows
ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and
(6) Stuffit Expander before 7.0.

Analysis
----------------
ED_PRI CAN-2002-0370 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0666
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0666
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020708
Category: SF
Reference: BINDVIEW:20021018 Denial of Service in IPSEC implementations
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ipsec.html
Reference: CERT-VN:VU#459371
Reference: URL:http://www.kb.cert.org/vuls/id/459371
Reference: NETBSD:NetBSD-SA2002-016
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-016.txt.asc
Reference: XF:ipsec-packet-integer-overflow(10411)
Reference: URL:http://www.iss.net/security_center/static/10411.php

IPSEC implementations including (1) FreeS/WAN and (2) KAME do not
properly calculate the length of authentication data, which allows
remote attackers to cause a denial of service (kernel panic) via
spoofed, short Encapsulating Security Payload (ESP) packets, which
result in integer signedness errors.

Analysis
----------------
ED_PRI CAN-2002-0666 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0838
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020808
Category: SF
Reference: BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103305615613319&w=2
Reference: BUGTRAQ:20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103305778615625&w=2
Reference: REDHAT:RHSA-2002:207
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-207.html
Reference: REDHAT:RHSA-2002:212
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-212.html
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: DEBIAN:DSA-176
Reference: URL:http://www.debian.org/security/2002/dsa-176
Reference: DEBIAN:DSA-179
Reference: URL:http://www.debian.org/security/2002/dsa-179
Reference: DEBIAN:DSA-182
Reference: URL:http://www.debian.org/security/2002/dsa-182
Reference: CALDERA:CSSA-2002-053.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt
Reference: CONECTIVA:CLA-2002:542
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542
Reference: MANDRAKE:MDKSA-2002:069
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:069
Reference: MANDRAKE:MDKSA-2002:071
Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:071
Reference: BUGTRAQ:20021017 GLSA: ggv
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487806800388&w=2
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
Reference: CERT-VN:VU#600777
Reference: URL:http://www.kb.cert.org/vuls/id/600777
Reference: BID:5808
Reference: URL:http://www.securityfocus.com/bid/5808
Reference: XF:gv-sscanf-function-bo(10201)
Reference: URL:http://www.iss.net/security_center/static/10201.php

Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and
earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview
in kdegraphics 2.2.2 and earlier, allows attackers to execute
arbitrary code via a malformed (a) PDF or (b) PostScript file, which
is processed by an unsafe call to sscanf.

Analysis
----------------
ED_PRI CAN-2002-0838 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE

ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows
that stem from different packages.  The KDE security advisory makes
this clear.  Therefore CD:SF-LOC suggests keeping them SPLIT.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1235
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1235
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021024
Category: SF
Reference: BUGTRAQ:20021023 MITKRB5-SA-2002-002: Buffer overflow in kadmind4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103539530729206&w=2
Reference: BUGTRAQ:20021027 Re: Buffer overflow in kadmind4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582805330339&w=2
Reference: BUGTRAQ:20021026 Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103564944215101&w=2
Reference: CERT:CA-2002-29
Reference: URL:http://www.cert.org/advisories/CA-2002-29.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/2002-002-kadm4_attacksig.txt
Reference: CONFIRM:http://www.pdc.kth.se/heimdal/
Reference: CERT-VN:VU#875073
Reference: URL:http://www.kb.cert.org/vuls/id/875073
Reference: MANDRAKE:MDKSA-2002:073
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-073.php
Reference: DEBIAN:DSA-185
Reference: URL:http://www.debian.org/security/2002/dsa-185
Reference: DEBIAN:DSA-184
Reference: URL:http://www.debian.org/security/2002/dsa-184
Reference: DEBIAN:DSA-183
Reference: URL:http://www.debian.org/security/2002/dsa-183
Reference: CONECTIVA:CLA-2002:534
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000534
Reference: REDHAT:RHSA-2002:242
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-242.html
Reference: FREEBSD:FreeBSD-SA-02:40
Reference: NETBSD:NetBSD-SA2002-026
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc
Reference: BUGTRAQ:20021027 KRB5-SORCERER2002-10-27 Security Update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0399.html
Reference: BUGTRAQ:20021028 GLSA: krb5
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582517126392&w=2
Reference: XF:kerberos-kadmind-bo(10430)
Reference: URL:http://www.iss.net/security_center/static/10430.php
Reference: BID:6024
Reference: URL:http://www.securityfocus.com/bid/6024

The kadm_ser_in function in (1) the Kerberos v4compatibility
administration daemon (kadmind4) in the MIT Kerberos 5 (krb5)
krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before
1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when
compiled with Kerberos 4 support, does not properly verify the length
field of a request, which allows remote attackers to execute arbitrary
code via a buffer overflow attack.

Analysis
----------------
ED_PRI CAN-2002-1235 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1345
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1345
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021209
Category: SF
Reference: BUGTRAQ:20021211 Directory Traversal Vulnerabilities in FTP Clients
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2
Reference: CERT-VN:VU#210409
Reference: URL:http://www.kb.cert.org/vuls/id/210409
Reference: SGI:20021205-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A

Directory traversal vulnerabilities in multiple FTP clients on UNIX
systems allow remote malicious FTP servers to create or overwrite
files as the client user via filenames containing /absolute/path or
.. (dot dot) sequences.

Analysis
----------------
ED_PRI CAN-2002-1345 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC, SF-CODEBASE, SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1357
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1357
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
Reference: CERT:CA-2002-36
Reference: URL:http://www.cert.org/advisories/CA-2002-36.html

Multiple SSH2 servers and clients do not properly handle packets or
data elements with incorrect length specifiers, which may allow remote
attackers to cause a denial of service or possibly execute arbitrary
code, as demonstrated by the SSHredder SSH protocol test suite.

Analysis
----------------
ED_PRI CAN-2002-1357 3
Vendor Acknowledgement: yes advisory
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1358
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1358
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF/CF/MP/SA/AN/unknown
Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
Reference: CERT:CA-2002-36
Reference: URL:http://www.cert.org/advisories/CA-2002-36.html

Multiple SSH2 servers and clients do not properly handle lists with
empty elements or strings, which may allow remote attackers to cause a
denial of service or possibly execute arbitrary code, as demonstrated
by the SSHredder SSH protocol test suite.

Analysis
----------------
ED_PRI CAN-2002-1358 3
Vendor Acknowledgement: unknown
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1359
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1359
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF/CF/MP/SA/AN/unknown
Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
Reference: CERT:CA-2002-36
Reference: URL:http://www.cert.org/advisories/CA-2002-36.html

Multiple SSH2 servers and clients do not properly handle large packets
or large fields, which may allow remote attackers to cause a denial of
service or possibly execute arbitrary code via buffer overflow
attacks, as demonstrated by the SSHredder SSH protocol test suite.

Analysis
----------------
ED_PRI CAN-2002-1359 3
Vendor Acknowledgement: unknown
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1360
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1360
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021214
Category: SF
Reference: VULNWATCH:20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html
Reference: CERT:CA-2002-36
Reference: URL:http://www.cert.org/advisories/CA-2002-36.html

Multiple SSH2 servers and clients do not properly handle strings with
null characters in them when the string length is specified by a
length field, which could allow remote attackers to cause a denial of
service or possibly execute arbitrary code due to interactions with
the use of null-terminated strings as implemented using languages such
as C, as demonstrated by the SSHredder SSH protocol test suite.

Analysis
----------------
ED_PRI CAN-2002-1360 3
Vendor Acknowledgement: unknown
Content Decisions: SUITE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0026
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0026
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: CERT:CA-2003-01
Reference: URL:http://www.cert.org/advisories/CA-2003-01.html
Reference: CERT-VN:VU#284857
Reference: URL:http://www.kb.cert.org/vuls/id/284857
Reference: REDHAT:RHSA-2003:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-011.html
Reference: DEBIAN:DSA-231
Reference: URL:http://www.debian.org/security/2003/dsa-231

Multiple stack-based buffer overflows in the error handling routines
of the minires library, as used in the NSUPDATE capability for ISC
DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute
arbitrary code via a DHCP message containing a long hostname.

Analysis
----------------
ED_PRI CAN-2003-0026 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0030
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0030
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030110
Category: SF
Reference: CERT-VN:VU#247545
Reference: URL:http://www.kb.cert.org/vuls/id/247545
Reference: BUGTRAQ:20030313 Protegrity buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104758650516677&w=2

Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension
Feature (SEF) before 2.2.3.9 allow attackers with SQL access to
execute arbitrary code via the extended stored procedures (1)
xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select.

Analysis
----------------
ED_PRI CAN-2003-0030 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2003-0096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030218
Category: SF
Reference: VULNWATCH:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
Reference: BUGTRAQ:20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549743326864&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf
Reference: CERT-VN:VU#840666
Reference: URL:http://www.kb.cert.org/vuls/id/840666
Reference: VULNWATCH:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
Reference: BUGTRAQ:20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104549782327321&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf
Reference: CERT-VN:VU#743954
Reference: URL:http://www.kb.cert.org/vuls/id/743954
Reference: VULNWATCH:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
Reference: BUGTRAQ:20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104550346303295&w=2
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf
Reference: CERT-VN:VU#663786
Reference: URL:http://www.kb.cert.org/vuls/id/663786
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: XF:oracle-bfilename-directory-bo(11325)
Reference: URL:http://www.iss.net/security_center/static/11325.php
Reference: XF:oracle-tzoffset-bo(11326)
Reference: URL:http://www.iss.net/security_center/static/11326.php
Reference: XF:oracle-totimestamptz-bo(11327)
Reference: URL:http://www.iss.net/security_center/static/11327.php

Multiple buffer overflows in Oracle 9i Database release 2, Release 1,
8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code
via (1) a long conversion string argument to the TO_TIMESTAMP_TZ
function, (2) a long time zone argument to the TZ_OFFSET function, or
(3) a long DIRECTORY parameter to the BFILENAME function.

Analysis
----------------
ED_PRI CAN-2003-0096 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

ABSTRACTION: since all of these overflows affect the same Oracle
versions, they are merged into a single identifier as suggested by
CD:SF-LOC.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

Page Last Updated or Reviewed: May 22, 2007