|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster CONFIRM-2002b - 59 candidates
I am proposing cluster CONFIRM-2002b for review and voting by the Editorial Board. Name: CONFIRM-2002b Description: CANs with clear vendor ack. from Oct 2002 to Dec 2002 Size: 59 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0969 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020820 Category: SF Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358628011935&w=2 Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x Reference: XF:mysql-myini-datadir-bo(10243) Reference: URL:http://www.iss.net/security_center/static/10243.php Reference: BID:5853 Reference: URL:http://www.securityfocus.com/bid/5853 Buffer overflow in MySQL before 3.23.50, and 4.0 beta before 4.02, and possibly other platforms, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. Analysis ---------------- ED_PRI CAN-2002-0969 1 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: The changelog for "Changes in release 3.23.50 (21 Apr 2002)" says: "Fixed buffer overflow problem if someone specified a too long datadir parameter to mysqld." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0990 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020827 Category: SF Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103463869503124&w=2 Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html Reference: BID:5958 Reference: URL:http://www.securityfocus.com/bid/5958 Reference: XF:simple-webserver-url-dos(10364) Reference: URL:http://www.iss.net/security_center/static/10364.php The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout. Analysis ---------------- ED_PRI CAN-2002-0990 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1118 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1118 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020909 Category: SF Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf Reference: XF:oracle-net-services-dos(10283) Reference: URL:http://www.iss.net/security_center/static/10283.php TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. Analysis ---------------- ED_PRI CAN-2002-1118 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1178 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021003 Category: SF Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103358725813039&w=2 Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45 Reference: XF:jetty-cgiservlet-directory-traversal(10246) Reference: URL:http://www.iss.net/security_center/static/10246.php Reference: BID:5852 Reference: URL:http://www.securityfocus.com/bid/5852 Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory. Analysis ---------------- ED_PRI CAN-2002-1178 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1197 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1197 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024 Reference: XF:bugzilla-emailappend-command-injection(10234) Reference: URL:http://www.iss.net/security_center/static/10234.php bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail. Analysis ---------------- ED_PRI CAN-2002-1197 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1198 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1198 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221 Reference: XF:bugzilla-email-sql-injection(10235) Reference: URL:http://www.iss.net/security_center/static/10235.php Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack. Analysis ---------------- ED_PRI CAN-2002-1198 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1244 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1244 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642642802889&w=2 Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip Reference: XF:pablo-ftp-username-dos(10532) Reference: URL:http://www.iss.net/security_center/static/10532.php Reference: BID:6099 Reference: URL:http://www.securityfocus.com/bid/6099 Reference: XF:pablo-ftp-username-dos(10532) Reference: URL:http://www.iss.net/security_center/static/10532.php Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command. Analysis ---------------- ED_PRI CAN-2002-1244 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the "whatsnew.txt" file includes an item for version 1.51, dated 11/01/2002, which says "Fixed security vulnerability: sending %n%n%n (and other c-formating strings) c rashed the system (thanks to www.idefense.com) [the discloser]." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1264 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1264 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103643298712284&w=2 Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf Reference: XF:oracle-isqlplus-userid-bo(10524) Reference: URL:http://www.iss.net/security_center/static/10524.php Reference: BID:6085 Reference: URL:http://www.securityfocus.com/bid/6085 Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL. Analysis ---------------- ED_PRI CAN-2002-1264 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1266 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1266 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." Analysis ---------------- ED_PRI CAN-2002-1266 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1267 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1267 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." Analysis ---------------- ED_PRI CAN-2002-1267 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1268 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." Analysis ---------------- ED_PRI CAN-2002-1268 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1270 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1270 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. Analysis ---------------- ED_PRI CAN-2002-1270 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1283 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: BUGTRAQ:20021111 NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103703760321408&w=2 Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963651 Reference: BID:6154 Reference: URL:http://www.securityfocus.com/bid/6154 Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote attackers to cause a denial of service via an authentication request with a long Distinguished Name (DN) attribute. Analysis ---------------- ED_PRI CAN-2002-1283 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1284 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1284 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: BUGTRAQ:20021110 GLSA: kgpg Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103702926611286&w=2 Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. Analysis ---------------- ED_PRI CAN-2002-1284 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1349 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021210 Category: SF Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103953822705917&w=2 Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982 Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). Analysis ---------------- ED_PRI CAN-2002-1349 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1381 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1381 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021216 Category: SF Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103903403527788&w=2 Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358 Reference: BUGTRAQ:20021216 GLSA: exim Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104006219018664&w=2 Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. Analysis ---------------- ED_PRI CAN-2002-1381 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1382 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1382 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021217 Category: SF Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104014220727109&w=2 Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2 Reference: URL:http://marc.theaimsgroup.com/?l=vulnwatch&m=104013370116670 Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569 Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. Analysis ---------------- ED_PRI CAN-2002-1382 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1385 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1385 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021219 Category: SF Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104031696120743&w=2 Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104032263328026&w=2 Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435 openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. Analysis ---------------- ED_PRI CAN-2002-1385 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: the announce page for Open WebMail includes an item "Security Advisory 20021219," which describes the problem and credits the Bugtraq poster. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1391 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1391 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030106 Category: SF Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument. Analysis ---------------- ED_PRI CAN-2002-1391 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1392 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1392 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030106 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. Analysis ---------------- ED_PRI CAN-2002-1392 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1523 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021013 Directory traversal in Daniel Arenz' Mini Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0181.html Reference: CONFIRM:http://www.da-home.de/miniserver/update.html Reference: XF:mini-server-directory-traversal(10366) Reference: URL:http://www.iss.net/security_center/static/10366.php Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. Analysis ---------------- ED_PRI CAN-2002-1523 1 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: the changelog includes an item dated October 14, 2002, which says (in German) "Sicherheits Update: Es ist nicht mehr möglich hinter den Root Ordner zu gelangen." Google translates this to "Security update: It is not to be arrived any longer possible behind the root file," which indicates that a directory traversal vulnerability is being addressed. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1547 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1547 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html Reference: VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html Reference: VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html Reference: BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html Reference: CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html Reference: XF:netscreen-ssh-dos(10528) Reference: URL:http://www.iss.net/security_center/static/10528.php Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. Analysis ---------------- ED_PRI CAN-2002-1547 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: The advisory by Netscreen says "NetScreen has confirmed a customer report that an SSHv1 CRC32 Attack can compromise the ability to manage the NetScreen device and/or force the device to reboot" Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1540 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html Reference: BUGTRAQ:20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html Reference: XF:nav-winhlp32-gain-privileges(10475) Reference: URL:http://www.iss.net/security_center/static/10475.php The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. Analysis ---------------- ED_PRI CAN-2002-1540 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1552 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712790808781&w=2 Reference: BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712498905027&w=2 Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. Analysis ---------------- ED_PRI CAN-2002-1552 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0386 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020522 Category: SF Reference: ATSTAKE:A102802-1 Reference: URL:http://www.atstake.com/research/advisories/2002/a102802-1.txt Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. Analysis ---------------- ED_PRI CAN-2002-0386 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0705 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0705 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020718 Category: SF Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2 The Web Reports Server for SurfControl SuperScout WebFilter stores the "scwebusers" username and password file in a web-accessible directory, which allows remote attackers to obtain valid usernames and crack the passwords. Analysis ---------------- ED_PRI CAN-2002-0705 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0706 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0706 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020718 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2 UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function. Analysis ---------------- ED_PRI CAN-2002-0706 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0707 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0707 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020718 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2 The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow. Analysis ---------------- ED_PRI CAN-2002-0707 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0708 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0708 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020718 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2 Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences. Analysis ---------------- ED_PRI CAN-2002-0708 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0709 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0709 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020718 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021002 wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359690824103&w=2 SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs. Analysis ---------------- ED_PRI CAN-2002-0709 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1191 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: BUGTRAQ:20021016 iDEFENSE Security Advisory 10.16.02: Denial of Service in Sabre Desktop Reservation Client for Windows Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103478372603106&w=2 Reference: MISC:http://www.idefense.com/advisory/10.16.02.txt Reference: XF:sabre-sabserv-client-dos(10378) Reference: URL:http://www.iss.net/security_center/static/10378.php The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001. Analysis ---------------- ED_PRI CAN-2002-1191 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1209 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1209 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: VULNWATCH:20021024 iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0044.html Reference: MISC:http://www.idefense.com/advisory/10.24.02.txt Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. Analysis ---------------- ED_PRI CAN-2002-1209 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1210 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1210 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: VULNWATCH:20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html Reference: MISC:http://www.idefense.com/advisory/11.19.02b.txt Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context. Analysis ---------------- ED_PRI CAN-2002-1210 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1211 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1211 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616306403031&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html Reference: XF:prometheus-php-file-include(10515) Reference: URL:http://www.iss.net/security_center/static/10515.php Reference: BID:6087 Reference: URL:http://www.securityfocus.com/bid/6087 Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts. Analysis ---------------- ED_PRI CAN-2002-1211 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1217 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1217 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021015 Category: SF Reference: BUGTRAQ:20021015 Internet Explorer : The D-Day Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470310417576&w=2 Reference: NTBUGTRAQ:20021015 Internet Explorer : The D-Day Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103470202010570&w=2 Reference: VULNWATCH:20021015 Internet Explorer : The D-Day Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html Reference: MISC:http://security.greymagic.com/adv/gm011-ie/ Reference: XF:ie-iframe-document-script-execution(10371) Reference: URL:http://www.iss.net/security_center/static/10371.php Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. Analysis ---------------- ED_PRI CAN-2002-1217 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1228 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1228 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021020 Category: SF Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47815&zone_32=category%3Asecurity Reference: BUGTRAQ:20021017 NFS Denial of Service advisory from Sun Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487058823193&w=2 Reference: XF:solaris-nfs-lockd-dos(10394) Reference: URL:http://www.iss.net/security_center/static/10394.php Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon. Analysis ---------------- ED_PRI CAN-2002-1228 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: The advisory is too vague to know whether this is the same issue as CVE-2000-0508. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1229 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1229 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021020 Category: SF Reference: CONFIRM:http://support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=Avaya_P580_P882_Undocumented Reference: BUGTRAQ:20021015 Undocumented account vulnerability in Avaya P550R/P580/P880/P882 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470243012971&w=2 Reference: XF:avaya-cajun-default-passwords(10374) Reference: URL:http://www.iss.net/security_center/static/10374.php Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2002-1229 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PASS Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1236 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1236 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021024 Category: SF Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103616324103171&w=2 Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html Reference: XF:linksys-etherfast-gozila-dos(10514) Reference: URL:http://www.iss.net/security_center/static/10514.php Reference: BID:6086 Reference: URL:http://www.securityfocus.com/bid/6086 The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Analysis ---------------- ED_PRI CAN-2002-1236 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1239 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1239 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679043232178&w=2 Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt Reference: XF:qnx-rtos-gain-privileges(10564) Reference: URL:http://www.iss.net/security_center/static/10564.php Reference: BID:6146 Reference: URL:http://www.securityfocus.com/bid/6146 QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. Analysis ---------------- ED_PRI CAN-2002-1239 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1248 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1248 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642597302308&w=2 Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt Reference: XF:xeneo-php-dos(10534) Reference: URL:http://www.iss.net/security_center/static/10534.php Reference: BID:6098 Reference: URL:http://www.securityfocus.com/bid/6098 Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. Analysis ---------------- ED_PRI CAN-2002-1248 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1269 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1269 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem. Analysis ---------------- ED_PRI CAN-2002-1269 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1286 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1286 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. Analysis ---------------- ED_PRI CAN-2002-1286 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1287 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass. Analysis ---------------- ED_PRI CAN-2002-1287 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1288 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1288 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath() method in a File() call. Analysis ---------------- ED_PRI CAN-2002-1288 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1289 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. Analysis ---------------- ED_PRI CAN-2002-1289 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: It is possible that CAN-2002-1289 and CAN-2002-1290 should be combined, as the underlying issue may be that INativeServices exposes methods to untrusted entities. However, without any public commentary by Microsoft as of 2002/11/12, it is unclear whether these should be regarded as being the same. Since CAN-2002-1289 deals with memory addresses and possibly bypassing the Java sandbox model itself, it seems reasonable to separate it from CAN-2002-1290. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1290 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class. Analysis ---------------- ED_PRI CAN-2002-1290 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: It is possible that CAN-2002-1289 and CAN-2002-1290 should be combined, as the underlying issue may be that INativeServices exposes methods to untrusted entities. However, without any public commentary by Microsoft as of 2002/11/12, it is unclear whether these should be regarded as being the same. Since CAN-2002-1289 deals with memory addresses and possibly bypassing the Java sandbox model itself, it seems reasonable to separate it from CAN-2002-1290. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1291 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1291 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL. Analysis ---------------- ED_PRI CAN-2002-1291 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1293 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1293 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method. Analysis ---------------- ED_PRI CAN-2002-1293 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1294 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1294 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. Analysis ---------------- ED_PRI CAN-2002-1294 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1308 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021115 Category: SF Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103730181813075&w=2 Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646 Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. Analysis ---------------- ED_PRI CAN-2002-1308 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1315 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1315 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021120 Category: SF Reference: VULNWATCH:20021118 iPlanet WebServer, remote root compromise Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html Reference: BUGTRAQ:20021119 iPlanet WebServer, remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103772308030269&w=2 Reference: MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CAN-2002-1316). Analysis ---------------- ED_PRI CAN-2002-1315 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1316 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1316 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021120 Category: SF/CF/MP/SA/AN/unknown Reference: VULNWATCH:20021118 iPlanet WebServer, remote root compromise Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html Reference: BUGTRAQ:20021119 iPlanet WebServer, remote root compromise Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103772308030269&w=2 Reference: MISC:http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir paramater, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CAN-2002-1315). Analysis ---------------- ED_PRI CAN-2002-1316 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1321 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1321 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103808645120764&w=2 Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun_player.html Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. Analysis ---------------- ED_PRI CAN-2002-1321 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1322 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: BUGTRAQ:20021122 ClearCase DoS vulnerabilty Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103808239618238&w=2 Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap. Analysis ---------------- ED_PRI CAN-2002-1322 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1334 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1334 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021127 Category: SF Reference: MISC:http://www.securitytracker.com/alerts/2002/Nov/1005681.html Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 and earlier allows remote attackers to execute arbitrary web script as other users via (1) the direct parameter in imageFolio.cgi, or (2) nph-build.cgi. Analysis ---------------- ED_PRI CAN-2002-1334 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1380 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021216 Category: SF Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Reference: BUGTRAQ:20021219 TSLSA-2002-0083 - kernel Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033054204316&w=2 Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface. Analysis ---------------- ED_PRI CAN-2002-1380 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1386 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1386 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021223 Category: SF Reference: BUGTRAQ:20021128 TracerouteNG - never ending story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2 Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow local users to execute arbitrary code via a long hostname argument. Analysis ---------------- ED_PRI CAN-2002-1386 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1387 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1387 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021223 Category: SF Reference: BUGTRAQ:20021128 TracerouteNG - never ending story Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103849968732634&w=2 The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument. Analysis ---------------- ED_PRI CAN-2002-1387 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1515 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: BUGTRAQ:20021012 CoolForum v 0.5 beta shows content of PHP files Reference: URL:http://online.securityfocus.com/archive/1/295358 Reference: VULNWATCH:20021001 [VulnWatch] CoolForum v 0.5 beta shows content of PHP files Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0001.html Reference: CONFIRM:http://www.coolforum.net/index.php?p=dlcoolforum Reference: XF:coolforum-avatar-view-php(10237) Reference: URL:http://www.iss.net/security_center/static/10237.php Reference: BID:5973 Reference: URL:http://www.securityfocus.com/bid/5973 Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. Analysis ---------------- ED_PRI CAN-2002-1515 3 Vendor Acknowledgement: yes changelog Content Decisions: EX-BETA ACKNOWLEDGEMENT/ACCURACY: an examination of diff's between 0.5 beta and 0.5.1 beta suggests that the developer attempted to fix the issue by checking that the file being accessed was a JPG or GIF. While this fix is incomplete (potentially allowing access to JPG's/GIF's that were not expected to be public), this is sufficient demonstration that the vendor was aware of the problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
