[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster CONFIRM-2002a - 51 candidates

I am proposing cluster CONFIRM-2002a for review and voting by the
Editorial Board.

Name: CONFIRM-2002a
Description: CANs with clear vendor ack. from March 2002 to Sep 2002
Size: 51

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-0376
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0376
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020513
Category: SF
Reference: ATSTAKE:A091002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt
Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory
Reference: URL:http://online.securityfocus.com/archive/1/293095
Reference: XF:quicktime-activex-pluginspage-bo(10077)
Reference: URL:http://www.iss.net/security_center/static/10077.php
Reference: BID:5685
Reference: URL:http://www.securityfocus.com/bid/5685

Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote
attackers to execute arbitrary code via a long pluginspage field.

Analysis
----------------
ED_PRI CAN-2002-0376 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0627
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0627
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-unicode-retrieve-password(9348)
Reference: URL:http://www.iss.net/security_center/static/9348.php
Reference: BID:5632
Reference: URL:http://www.securityfocus.com/bid/5632

The Web server for Polycom ViewStation before 7.2.4 allows remote
attackers to bypass authentication and read files via Unicode encoded
requests.

Analysis
----------------
ED_PRI CAN-2002-0627 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0630
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0630
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-icmp-dos(9350)
Reference: URL:http://www.iss.net/security_center/static/9350.php
Reference: BID:5637
Reference: URL:http://www.securityfocus.com/bid/5637

The Telnet service for Polycom ViewStation before 7.2.4 allows remote
attackers to cause a denial of service (crash) via long or malformed
ICMP packets.

Analysis
----------------
ED_PRI CAN-2002-0630 1
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0850
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0850
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020809
Category: SF
Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103133995920090&w=2
Reference: VULNWATCH:20020905 [VulnWatch] Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt

Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers
to execute arbitrary code via an encrypted document that has a long
filename when it is decrypted.

Analysis
----------------
ED_PRI CAN-2002-0850 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The release notes for PGP Corporate Desktop 7.1.x
state: "While PGP supports long file names, it encounters problems
when it tries to encrypt or decrypt files that have names longer than
200 characters... For more information on this issue, see Foundstone
Labs Advisory - 080202-PCRO."  While the advisory ID is different than
the one in Foundstone's Bugtraq post, Foundstone did confirm via email
that both ID's reference the same issue.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1109
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1109
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: CONFIRM:http://marc.theaimsgroup.com/?l=amavis-announce&m=103121272122242&w=2
Reference: BUGTRAQ:20020905 GLSA: amavis
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103124270321404&w=2
Reference: XF:amavis-securetar-tar-dos(10056)
Reference: URL:http://www.iss.net/security_center/static/10056.php

securetar, as used in AMaViS shell script 0.2.1 and earlier, allows
users to cause a denial of service (CPU consumption) via a malformed
TAR file, possibly via an incorrect file size parameter.

Analysis
----------------
ED_PRI CAN-2002-1109 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1117
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1117
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020906
Category: SF
Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134395124579&w=2
Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134930629683&w=2
Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm

Veritas Backup Exec 8.5 and earlier requires that the
"RestrictAnonymous" registry key for Microsoft Exchange 2000 must be
set to 0, which enables anonymous listing of the SAM database and
shares.

Analysis
----------------
ED_PRI CAN-2002-1117 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1122
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1122
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020911
Category: SF
Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165
Reference: XF:is-http-response-bo(10130)
Reference: URL:http://www.iss.net/security_center/static/10130.php
Reference: BID:5738
Reference: URL:http://www.securityfocus.com/bid/5738

Buffer overflow in the parsing mechanism for ISS Internet Scanner
6.2.1, when using the license banner HTTP check, allows remote
attackers to execute arbitrary code via a long web server response.

Analysis
----------------
ED_PRI CAN-2002-1122 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1135
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1135
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020923
Category: SF
Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103279980906880&w=2
Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400
Reference: XF:phpwebsite-modsecurity-file-include(10164)
Reference: URL:http://www.iss.net/security_center/static/10164.php
Reference: BID:5779
Reference: URL:http://www.securityfocus.com/bid/5779

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier,
allows remote attackers to execute arbitrary PHP source code via an
inc_prefix parameter that points to the malicious code.

Analysis
----------------
ED_PRI CAN-2002-1135 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103244572803950&w=2
Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
Reference: XF:websphere-host-header-bo(10140)
Reference: URL:http://www.iss.net/security_center/static/10140.php
Reference: BID:5749
Reference: URL:http://www.securityfocus.com/bid/5749

IBM Websphere 4.0.3 allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via an HTTP
request with long HTTP headers, such as "Host".

Analysis
----------------
ED_PRI CAN-2002-1153 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020925
Category: SF
Reference: CONFIRM:http://www.analog.cx/security5.html
Reference: XF:analog-anlgform-dos(10344)
Reference: URL:http://www.iss.net/security_center/static/10344.php

anlgform.pl in Analog before 5.23 does not restrict access to the
PROGRESSFREQ progress update command, which allows remote attackers to
cause a denial of service (disk consumption) by using the command to
report updates more frequently and fill the web server error log.

Analysis
----------------
ED_PRI CAN-2002-1154 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1414
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1414
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULN-DEV:20020806 qmailadmin SUID buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102859603029424&w=2
Reference: BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html
Reference: CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog
Reference: BID:5404
Reference: URL:http://www.securityfocus.com/bid/5404
Reference: XF:qmailadmin-templatedir-bo(9786)
Reference: URL:http://www.iss.net/security_center/static/9786.php

Buffer overflow in qmailadmin allows local users to gain privileges
via a long QMAILADMIN_TEMPLATEDIR environment variable.

Analysis
----------------
ED_PRI CAN-2002-1414 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: The changelog includes an item dated August 6, 2002,
which states "Fixed local overflow in template code."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1417
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1417
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: BID:5523
Reference: URL:http://www.securityfocus.com/bid/5523
Reference: XF:novell-netbasic-directory-traversal(9910)
Reference: URL:http://www.iss.net/security_center/static/9910.php

Directory traversal vulnerability in Novell NetBasic Scripting Server
(NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and
6, allows remote attackers to read arbitrary files via a URL
containing a "..%5c" sequence (modified dot-dot), which is mapped to
the directory separator.

Analysis
----------------
ED_PRI CAN-2002-1417 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1418
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1418
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: XF:novell-netbasic-interpreter-bo(9911)
Reference: URL:http://www.iss.net/security_center/static/9911.php
Reference: BID:5524
Reference: URL:http://www.securityfocus.com/bid/5524

Buffer overflow in the interpreter for Novell NetBasic Scripting
Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite
5.1 and 6, allows remote attackers to cause a denial of service
(ABEND) via a long module name.

Analysis
----------------
ED_PRI CAN-2002-1418 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1430
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1430
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020730 [ADVISORY]:  Arbitrary file disclosure vulnerability in Sympoll 1.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html
Reference: CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt
Reference: BID:5360
Reference: URL:http://www.securityfocus.com/bid/5360
Reference: XF:sympoll-php-view-files(9723)
Reference: URL:http://www.iss.net/security_center/static/9723.php

Unknown vulnerability in Sympoll 1.2 allows remote attackers to read
arbitrary files when register_globals is enabled, possibly by
modifying certain PHP variables through URL parameters.

Analysis
----------------
ED_PRI CAN-2002-1430 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the vendor's changelog for version 1.3 includes an
item labeled "IMPORTANT SECURITY FIX" and crediting an individual who
is also credited by the author of the Bugtraq post. The dates of the
Bugtraq post and vendor changelog are also the same (July 30).
ACCURACY: while neither the Bugtraq poster nor the vendor say that PHP
variables are directly modified through URL parameters, that is the
behavior that is otherwise prevented by the register_globals feature,
and typical of vulnerabilities in many PHP scripts.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1435
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1435
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020822 Arbitrary code execution problem in Achievo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html
Reference: CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html
Reference: XF:achievo-php-execute-code(9947)
Reference: URL:http://www.iss.net/security_center/static/9947.php
Reference: BID:5552
Reference: URL:http://www.securityfocus.com/bid/5552

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except
0.8.2, allows remote attackers to execute arbitrary PHP code when the
'allow_url_fopen' setting is enabled via a URL in the config_atkroot
parameter that points to the code.

Analysis
----------------
ED_PRI CAN-2002-1435 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1436
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1436
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-code-execution(9916)
Reference: URL:http://www.iss.net/security_center/static/9916.php
Reference: BID:5520
Reference: URL:http://www.securityfocus.com/bid/5520

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6
allows remote attackers to execute arbitrary Perl code via an HTTP
POST request.

Analysis
----------------
ED_PRI CAN-2002-1436 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1437
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1437
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: BID:5522
Reference: URL:http://www.securityfocus.com/bid/5522
Reference: XF:netware-perl-directory-traversal(9915)
Reference: URL:http://www.iss.net/security_center/static/9915.php

Directory traversal vulnerability in the web handler for Perl 5.003 on
Novell NetWare 5.1 and NetWare 6 allows remote attackers to read
arbitrary files via an HTTP request containing "..%5c" (URL-encoded
dot-dot backslash) sequences.

Analysis
----------------
ED_PRI CAN-2002-1437 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1438
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1438
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-information-disclosure(9917)
Reference: URL:http://www.iss.net/security_center/static/9917.php
Reference: BID:5521
Reference: URL:http://www.securityfocus.com/bid/5521

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6
allows remote attackers to obtain Perl version information via the -v
option.

Analysis
----------------
ED_PRI CAN-2002-1438 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1443
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1443
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://online.securityfocus.com/archive/1/286527
Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/
Reference: CONFIRM:http://toolbar.google.com/whatsnew.php3
Reference: BID:5426
Reference: URL:http://www.securityfocus.com/bid/5426

The Google toolbar 1.1.58 and earlier allows remote web sites to
monitor a user's input into the toolbar via an "onkeydown" event
handler.

Analysis
----------------
ED_PRI CAN-2002-1443 1
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1446
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1446
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html
Reference: BID:5498
Reference: URL:http://www.securityfocus.com/bid/5498
Reference: XF:ncipher-cverify-improper-verification(9895)
Reference: URL:http://www.iss.net/security_center/static/9895.php

The error checking routine used for the C_Verify call on a symmetric
verification key in the nCipher PKCS#11 library 1.2.0 and later
returns the CKR_OK status even when it detects an invalid signature,
which could allow remote attackers to modify or forge messages.

Analysis
----------------
ED_PRI CAN-2002-1446 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1448
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1448
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: CF
Reference: BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html
Reference: CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml
Reference: XF:avaya-cajun-default-snmp(9769)
Reference: URL:http://www.iss.net/security_center/static/9769.php
Reference: BID:5396
Reference: URL:http://www.securityfocus.com/bid/5396

An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya
P330, P130, and M770-ATM Cajun products allows remote attackers to
gain administrative privileges.

Analysis
----------------
ED_PRI CAN-2002-1448 1
Vendor Acknowledgement: yes advisory

ACKNOWLEDGEMENT: the vendor's security advisory credits Jacek
Lipkowski, the author of the Bugtraq post.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1463
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1463
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html
Reference: CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and
7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway
Security 5110/5200/5300 generate easily predictable initial sequence
numbers (ISN), which allows remote attackers to spoof connections.

Analysis
----------------
ED_PRI CAN-2002-1463 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1467
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1467
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020808 Macromedia Flash plugin can read local files
Reference: URL:http://online.securityfocus.com/archive/1/286625
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23294
Reference: BID:5429
Reference: URL:http://www.securityfocus.com/bid/5429
Reference: XF:flash-same-domain-disclosure(9797)
Reference: URL:http://www.iss.net/security_center/static/9797.php

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to
bypass the same-domain restriction and read arbitrary files via (1) an
HTTP redirect, (2) a "file://" base in a web document, or (3) a
relative URL from a web archive (mht file).

Analysis
----------------
ED_PRI CAN-2002-1467 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1469
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1469
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 vulnerabilities in scponly
Reference: URL:http://online.securityfocus.com/archive/1/288245
Reference: CONFIRM:http://www.sublimation.org/scponly/
Reference: BID:5526
Reference: URL:http://www.securityfocus.com/bid/5526
Reference: XF:scponly-ssh-env-upload(9913)
Reference: URL:http://www.iss.net/security_center/static/9913.php

scponly does not properly verify the path when finding the (1) scp or
(2) sftp-server programs, which could allow remote authenticated users
to bypass access controls by uploading malicious programs and
modifying the PATH variable in $HOME/.ssh/environment to locate those
programs.

Analysis
----------------
ED_PRI CAN-2002-1469 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: on the release notes for scponly is an item titled
"aug 2002 addendum" and states "Derek D. Martin [the discloser] sent
me an exploitable vulnerability condition that can be used to run
arbitrary commands, thus circumventing scponly!"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1496
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1496
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
Reference: CONFIRM:http://freshmeat.net/releases/97910/
Reference: BID:5774
Reference: URL:http://www.securityfocus.com/bid/5774
Reference: XF:null-httpd-contentlength-bo(10160)
Reference: URL:http://www.iss.net/security_center/static/10160.php

Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier
allows remote attackers to execute arbitrary code via a negative value
in the Content-Length HTTP header.

Analysis
----------------
ED_PRI CAN-2002-1496 1
Vendor Acknowledgement: yes changelog

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1497
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1497
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: CONFIRM:http://freshmeat.net/releases/97910/

Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and
earlier allows remote attackers to insert arbitrary HTML into a "404
Not Found" response.

Analysis
----------------
ED_PRI CAN-2002-1497 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: the changelog for 0.5.1 includes a statement that the
new version "fixes XSS filtering in 404 responses."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1502
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1502
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020912 xbreaky symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html
Reference: CONFIRM:http://xbreaky.sourceforge.net/
Reference: BID:5700
Reference: URL:http://www.securityfocus.com/bid/5700
Reference: XF:xbreaky-breakyhighscores-symlink(10078)
Reference: URL:http://www.iss.net/security_center/static/10078.php

Symbolic link vulnerability in xbreaky before 0.5.5 allows local users
to overwrite arbitrary files via a symlink from the user's
.breakyhighscores file to the target file.

Analysis
----------------
ED_PRI CAN-2002-1502 1
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT: on the front page for xbreaky, a changelog dated
September 12, 2002, says "Marco van Berkum [the discloser] discovered
a bug in xbreaky" and includes a short description of the problem.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1407
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1407
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html
Reference: BUGTRAQ:20020805 IE SSL Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410

TinySSL 1.02 and earlier does not verify the Basic Constraints for an
intermediate CA-signed certificate, which allows remote attackers to
spoof the certificates of trusted sites via a man-in-the-middle
attack.

Analysis
----------------
ED_PRI CAN-2002-1407 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1420
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1420
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918817012863&w=2
Reference: BID:5442
Reference: URL:http://www.securityfocus.com/bid/5442
Reference: XF:openbsd-select-bo(9809)
Reference: URL:http://www.iss.net/security_center/static/9809.php

Integer signedness error in select() on OpenBSD 3.1 and earlier allows
local users to overwrite arbitrary kernel memory via a negative value
for the size parameter, which satisfies the boundary check as a signed
integer, but is later used as an unsigned integer during a data
copying operation.

Analysis
----------------
ED_PRI CAN-2002-1420 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1493
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1493
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
Reference: VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html
Reference: BID:5728
Reference: URL:http://www.securityfocus.com/bid/5728

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook
allows remote attackers to inject arbitrary script via (1) STYLE
attributes or (2) SRC attributes in an IMG tag.

Analysis
----------------
ED_PRI CAN-2002-1493 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1519
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1519
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BID:5814
Reference: URL:http://www.securityfocus.com/bid/5814
Reference: XF:firebox-vclass-cli-format-string(10217)
Reference: URL:http://www.iss.net/security_center/static/10217.php

Format string vulnerability in the CLI interface for WatchGuard
Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows
remote attackers to cause a denial of service and possible execute
arbitrary code via format string specifiers in the password parameter.

Analysis
----------------
ED_PRI CAN-2002-1519 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1520
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1520
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030223
Category: SF
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BID:5815
Reference: URL:http://www.securityfocus.com/bid/5815
Reference: XF:firebox-vclass-cli-admin-privileges(10218)
Reference: URL:http://www.iss.net/security_center/static/10218.php

The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and
RSSA Appliance 3.0.2, does not properly close the SSH connection when
a -N option is provided during authentication, which allows remote
attackers to access CLI with administrator privileges.

Analysis
----------------
ED_PRI CAN-2002-1520 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0626
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0626
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020617
Category: CF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-default-blank-password(9347)
Reference: URL:http://www.iss.net/security_center/static/9347.php
Reference: BID:5631
Reference: URL:http://www.securityfocus.com/bid/5631

Polycom ViewStation before 7.2.4 has a default null password for the
administrator account, which allows arbitrary users to conduct
unauthorized activities.

Analysis
----------------
ED_PRI CAN-2002-0626 3
Vendor Acknowledgement: unknown
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0628
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0628
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-telnet-login-dos(9349)
Reference: URL:http://www.iss.net/security_center/static/9349.php
Reference: BID:5635
Reference: URL:http://www.securityfocus.com/bid/5635

The Telnet service for Polycom ViewStation before 7.2.4 does not
restrict the number of failed login attempts, which makes it easier
for remote attackers to guess usernames and passwords via a brute
force attack.

Analysis
----------------
ED_PRI CAN-2002-0628 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0629
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0629
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020617
Category: SF
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: XF:viewstation-telnet-login-dos(9349)
Reference: URL:http://www.iss.net/security_center/static/9349.php
Reference: BID:5636
Reference: URL:http://www.securityfocus.com/bid/5636

The Telnet service for Polycom ViewStation before 7.2.4 allows remote
attackers to cause a denial of service (crash) via multiple
connections to the server.

Analysis
----------------
ED_PRI CAN-2002-0629 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0664
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0664
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020704
Category: CF
Reference: VULNWATCH:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
Reference: BUGTRAQ:20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103134154721846&w=2
Reference: XF:zmerge-admindb-script-access(10057)
Reference: URL:http://www.iss.net/security_center/static/10057.php
Reference: BID:5101
Reference: URL:http://www.securityfocus.com/bid/5101

The default Access Control Lists (ACLs) of the administration database
for ZMerge 4.x and 5.x provides arbitrary users (including anonymous
users) with Manager level access, which allows the users to read or
modify import/export scripts.

Analysis
----------------
ED_PRI CAN-2002-0664 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-0669
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0669
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020709
Category: SF
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: XF:pingtel-xpressa-web-dos(9564)
Reference: URL:http://www.iss.net/security_center/static/9564.php

The web interface for Pingtel xpressa SIP-based voice-over-IP phone
1.2.5 through 1.2.7.4 allows administrators to cause a denial of
service by modifying the SIP_AUTHENTICATE_SCHEME value to force
authentication of incoming calls, which does not notify the user when
an authentication failure occurs.

Analysis
----------------
ED_PRI CAN-2002-0669 3
Vendor Acknowledgement: unknown
Content Decisions: INCLUSION

INCLUSION: the format of the @Stake advisory makes it difficult to
understand whether this is a vulnerability, or the *result* of a
vulnerability.  It seems to indicate that administrative access to the
web interface is required, but it does not say whether an
administrator should not be allowed to make such deleterious changes.
An earlier "section" of the advisory suggests that the web interface
administrator can be compromised via other vulnerabilities such as a
default admin password (CAN-2002-0667).  If "exploitation" of this
issue is *only* allowed by admins, and admins *should* be allowed to
make such changes (even if they cause undesired effects), then this is
not a new vulnerability - rather, it would be a consequence of other
vulnerabilities.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1090
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1090
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020903
Category: SF
Reference: CONFIRM:http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt

Buffer overflow in read_smtp_response of protocol.c in libesmtp before
0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a
certain response or (2) cause a denial of service via long server
responses.

Analysis
----------------
ED_PRI CAN-2002-1090 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1120
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020910
Category: SF
Reference: VULNWATCH:20020910 Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html
Reference: XF:savant-long-url-bo(10076)
Reference: URL:http://www.iss.net/security_center/static/10076.php

Buffer overflow in Savant Web Server 3.1 and earlier allows remote
attackers to execute arbitrary code via a long HTTP GET request.

Analysis
----------------
ED_PRI CAN-2002-1120 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1121
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020911
Category: SF
Reference: VULNWATCH:20020912 Bypassing SMTP Content Protection with a Flick of a Button
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html
Reference: BUGTRAQ:20020912 Bypassing SMTP Content Protection with a Flick of a Button
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184267105132&w=2
Reference: BUGTRAQ:20020912 MIMEDefang update (was Re: Bypassing SMTP Content Protection )
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184501408453&w=2
Reference: BUGTRAQ:20020912 Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html
Reference: BUGTRAQ:20020912 FW: Bypassing SMTP Content Protection with a Flick of a Button
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html
Reference: MISC:http://www.securiteam.com/securitynews/5YP0A0K8CM.html
Reference: XF:smtp-content-filtering-bypass(10088)
Reference: URL:http://www.iss.net/security_center/static/10088.php

SMTP content filter engines, including (1) GFI MailSecurity for
Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build
1494, (3) the default configuration of MIMEDefang before 2.21, and
possibly other products, do not detect fragmented emails as defined in
RFC2046 ("Message Fragmentation and Reassembly") and supported in such
products as Outlook Express, which allows remote attackers to bypass
content filtering, including virus checking, via fragmented emails of
the message/partial content type.

Analysis
----------------
ED_PRI CAN-2002-1121 3
Vendor Acknowledgement: unknown
Content Decisions: SF-CODEBASE

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1149
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1149
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020924 Information Disclosure with Invision Board installation (fwd)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103290602609197&w=2
Reference: XF:invision-phpinfo-information-disclosure(10178)
Reference: URL:http://www.iss.net/security_center/static/10178.php

The installation procedure for Invision Board suggests that users
install the phpinfo.php program under the web root, which leaks
sensitive information such as absolute pathnames, OS information, and
PHP settings.

Analysis
----------------
ED_PRI CAN-2002-1149 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020924
Category: SF
Reference: BUGTRAQ:20020913 NetMeeting 3.01 Local RDS Session Hijacking
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103228375116204&w=2
Reference: XF:netmeeting-rds-session-hijacking(10119)
Reference: URL:http://www.iss.net/security_center/static/10119.php

The Remote Desktop Sharing (RDS) Screen Saver Protection capability
for Microsoft NetMeeting 3.01 through SP2 (4.4.3396) allows attackers
with physical access to hijack remote sessions by entering certain
logoff or shutdown sequences (such as CTRL-ALT-DEL) and canceling out
of the resulting user confirmation prompts, such as when the remote
user is editing a document.

Analysis
----------------
ED_PRI CAN-2002-1150 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1166
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1166
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20020927
Category: SF
Reference: VULNWATCH:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html
Reference: BUGTRAQ:20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103340145725050&w=2
Reference: XF:wn-server-get-bo(10223)
Reference: URL:http://www.iss.net/security_center/static/10223.php
Reference: BID:5831
Reference: URL:http://www.securityfocus.com/bid/5831

Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows
remote attackers to execute arbitrary code via a long GET request.

Analysis
----------------
ED_PRI CAN-2002-1166 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1338
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1338
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021203
Category: SF
Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2
Reference: MISC:http://security.greymagic.com/adv/gm008-ie/

The Load method in the Chart component of Office Web Components (OWC)
9 and 10 generates an exception when a specified file does not exist,
which allows remote attackers to determine the existence of local
files.

Analysis
----------------
ED_PRI CAN-2002-1338 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1339
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1339
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021203
Category: SF
Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2
Reference: MISC:http://security.greymagic.com/adv/gm008-ie/

The "XMLURL" property in the Spreadsheet component of Office Web
Components (OWC) 10 follows redirections, which allows remote
attackers to determine the existence of local files based on
exceptions, or to read WorkSheet XML files.

Analysis
----------------
ED_PRI CAN-2002-1339 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1340
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1340
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20021203
Category: SF
Reference: BUGTRAQ:20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101830175621193&w=2
Reference: MISC:http://security.greymagic.com/adv/gm008-ie/

The "ConnectionFile" property in the DataSourceControl component in
Office Web Components (OWC) 10 allows remote attackers to determine
the existence of local files by detecting an exception.

Analysis
----------------
ED_PRI CAN-2002-1340 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1399
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1399
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030107
Category: SF
Reference: BUGTRAQ:20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430&w=2
Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00708.php
Reference: MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg00713.php

Unknown vulnerability in cash_out and possibly other functions in
PostgreSQL 7.2.1 and earlier, and possibly later versions before
7.2.3, with unknown impact, based on an invalid integer input which is
processed as a different data type, as demonstrated using cash_out(2).

Analysis
----------------
ED_PRI CAN-2002-1399 3
Vendor Acknowledgement: unknown
Content Decisions: SF-LOC

ABSTRACTION: A large number of buffer overflows and other issues were
discovered in PostgreSQL 7.2.x during August 2002.  The process of
sorting out these different issues was quite arduous.  While CD:SF-LOC
might suggest combining most of the overflows into a single item, some
security advisories are vague enough that it seems appropriate to
create separate candidates for the separate reports, so that vendors
may clarify to their customers which problems they did (or did not)
fix.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1459
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1459
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
Reference: CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
Reference: XF:lforum-html-message-xss(9838)
Reference: URL:http://www.iss.net/security_center/static/9838.php
Reference: BID:5462
Reference: URL:http://www.securityfocus.com/bid/5462

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when
the "Enable HTML in messages" option is off, allows remote attackers
to insert arbitrary script or HTML via message fields including (1)
From, (2) E-Mail, and (3) Subject.

Analysis
----------------
ED_PRI CAN-2002-1459 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests a SPLIT of items if one item appears
in a different version than another. As noted in the Bugtraq post and
vendor acknowledgement, the bugs with the "Enable HTML" option *off*
were fixed, but related bugs when "Enable HTML" is *off* were NOT
fixed. Therefore these items should be SPLIT.
ACKNOWLEDGEMENT: the vendor bug report 579278, dated July 9, 2002,
says "subject, from and e-mail fields ain't passed through
htmlspecialchars" (i.e. cleansed of XSS) and credits the Bugtraq
poster.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1460
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1460
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
Reference: CONFIRM:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343
Reference: BID:5463
Reference: URL:http://www.securityfocus.com/bid/5463
Reference: XF:lforum-upload-read-files(9839)
Reference: URL:http://www.iss.net/security_center/static/9839.php

L-Forum 2.40 and earlier does not properly verify whether a file was
uploaded or if the associated variables were set by POST (attachment,
attachment_name, attachment_size and attachment_type), which allows
remote attackers to read arbitrary files.

Analysis
----------------
ED_PRI CAN-2002-1460 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC

ACKNOWLEDGEMENT: the vendor bug report 579278, dated July 9, 2002,
says "subject, from and e-mail fields ain't passed through
htmlspecialchars" (i.e. cleansed of XSS) and credits the Bugtraq
poster.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1483
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1483
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020919 Advisory: File disclosure in DB4Web
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0124.html
Reference: BUGTRAQ:20020917 Advisory: File disclosure in DB4Web
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0197.html
Reference: CONFIRM:http://www.db4web.de/download/homepage/hotfix/readme_en.txt
Reference: XF:db4web-db4webc-directory-traversal(10123)
Reference: URL:http://www.iss.net/security_center/static/10123.php
Reference: BID:5723
Reference: URL:http://www.securityfocus.com/bid/5723

db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote
attackers to read arbitrary files via an HTTP request whose argument
is a filename of the form (1) C: (drive letter), (2) //absolute/path
(double-slash), or (3) .. (dot-dot).

Analysis
----------------
ED_PRI CAN-2002-1483 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1503
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1503
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020904 AFD 1.2.14 multiple local root compromises
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0029.html
Reference: CONFIRM:http://www.dwd.de/AFD/txt/CHANGES
Reference: BID:5626
Reference: URL:http://www.securityfocus.com/bid/5626
Reference: XF:afd-multiple-binaries-bo(10036)
Reference: URL:http://www.iss.net/security_center/static/10036.php

Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier
allows local users to gain privileges via a long MON_WORK_DIR
environment variable or -w (workdir) argument to (1) afd, (2) afdcmd,
(3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or
(8) udc.

Analysis
----------------
ED_PRI CAN-2002-1503 3
Vendor Acknowledgement: yes changelog
Content Decisions: SF-LOC, SF-EXEC

ACKNOWLEDGEMENT: in the Changelog, an item dated 31.08.2002 (August
31) says "Fix multiple local root exploits in get_afd_path() and
get_mon_path()" and credits the discloser.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007