[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PROPOSAL] Cluster UNIX-2002b - 58 candidates
- To: cve-editorial-board-list@lists.mitre.org
- Subject: [PROPOSAL] Cluster UNIX-2002b - 58 candidates
- From: "Steven M. Christey" <coley@LINUS.mitre.org>
- Date: Mon, 17 Mar 2003 18:21:44 -0500 (EST)
- Delivery-Date: Mon Mar 17 18:21:49 2003
- Sender: owner-cve-editorial-board-list@lists.mitre.org
I am proposing cluster UNIX-2002b for review and voting by the Editorial Board. Name: UNIX-2002b Description: CANs in Linux advisories from Oct 2002 to Nov 2002 Size: 58 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1157 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1157 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020926 Category: SF Reference: DEBIAN:DSA-181 Reference: URL:http://www.debian.org/security/2002/dsa-181 Reference: MANDRAKE:MDKSA-2002:072 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php Reference: ENGARDE:ESA-20021029-027 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html Reference: CONECTIVA:CLA-2002:541 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541 Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) Reference: URL:http://online.securityfocus.com/archive/1/296753 Reference: BUGTRAQ:20021026 GLSA: mod_ssl Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html Reference: BID:6029 Reference: URL:http://www.securityfocus.com/bid/6029 Reference: XF:apache-modssl-host-xss(10457) Reference: URL:http://www.iss.net/security_center/static/10457.php Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. Analysis ---------------- ED_PRI CAN-2002-1157 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1170 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020930 Category: SF Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2 Reference: BUGTRAQ:20021014 GLSA: net-snmp Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532 Reference: REDHAT:RHSA-2002:228 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. Analysis ---------------- ED_PRI CAN-2002-1170 1 Vendor Acknowledgement: unknown ACCURACY: While the initial iDEFENSE report said that 5.0.5 was fixed, a followup consultation with the developer indicated that the fix was incorrect, and 5.0.6 is the first fixed version. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1193 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: DEBIAN:DSA-172 Reference: URL:http://www.debian.org/security/2002/dsa-172 Reference: XF:tkmail-tmp-file-symlink(10307) Reference: URL:http://www.iss.net/security_center/static/10307.php Reference: BID:5911 Reference: URL:http://www.securityfocus.com/bid/5911 tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2002-1193 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1195 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1195 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20020912 ht://Check XSS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2 Reference: DEBIAN:DSA-169 Reference: URL:http://www.debian.org/security/2002/dsa-169 Reference: XF:htcheck-server-header-xss(10089) Reference: URL:http://www.iss.net/security_center/static/10089.php Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. Analysis ---------------- ED_PRI CAN-2002-1195 1 Vendor Acknowledgement: yes advisory ACCURACY: The "DSA-169" number was inadvertently published for two separate issues. Debian confirmed via email that DSA-169 is intended for the htcheck issue (CAN-2002-1195), and DSA-170 is intended for the Tomcat issue (CAN-2002-1148). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1196 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1196 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021009 Category: SF Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2 Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12 Reference: DEBIAN:DSA-173 Reference: URL:http://www.debian.org/security/2002/dsa-173 Reference: XF:bugzilla-usebuggroups-permissions-leak(10233) Reference: URL:http://www.iss.net/security_center/static/10233.php editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits. Analysis ---------------- ED_PRI CAN-2002-1196 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1200 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1200 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt Reference: BUGTRAQ:20021010 syslog-ng buffer overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2 Reference: DEBIAN:DSA-175 Reference: URL:http://www.debian.org/security/2002/dsa-175 Reference: ENGARDE:ESA-20021016-025 Reference: ENGARDE:ESA-20021029-028 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html Reference: CONECTIVA:CLA-2002:547 Reference: SUSE:SuSE-SA:2002:039 Reference: URL:http://www.suse.com/de/security/2002_039_syslog_ng.html Reference: BID:5934 Reference: URL:http://www.securityfocus.com/bid/5934 Reference: XF:syslogng-macro-expansion-bo(10339) Reference: URL:http://www.iss.net/security_center/static/10339.php Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-1200 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1223 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: MANDRAKE:MDKSA-2002:071 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:071 Reference: XF:gsview-dsc-ps-bo(11319) Reference: URL:http://www.iss.net/security_center/static/11319.php Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. Analysis ---------------- ED_PRI CAN-2002-1223 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CAN-2002-0838 and CAN-2002-1223 are different overflows that stem from different packages. The KDE security advisory makes this clear. Therefore CD:SF-LOC suggests keeping them SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1224 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt Reference: REDHAT:RHSA-2002:220 Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver. Reference: URL:http://online.securityfocus.com/archive/1/294991 Reference: XF:kpf-icon-view-files(10347) Reference: URL:http://www.iss.net/security_center/static/10347.php Reference: BID:5951 Reference: URL:http://www.securityfocus.com/bid/5951 Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. Analysis ---------------- ED_PRI CAN-2002-1224 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1227 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: DEBIAN:DSA-177 Reference: URL:http://www.debian.org/security/2002/dsa-177 Reference: XF:pam-disabled-bypass-authentication(10405) Reference: URL:http://www.iss.net/security_center/static/10405.php Reference: BID:5994 Reference: URL:http://www.securityfocus.com/bid/5994 PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users. Analysis ---------------- ED_PRI CAN-2002-1227 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1231 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1231 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: CALDERA:CSSA-2002-SCO.41 Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41 Reference: XF:openunix-unixware-rcp-dos(10425) Reference: URL:http://www.iss.net/security_center/static/10425.php Reference: BID:6025 Reference: URL:http://www.securityfocus.com/bid/6025 SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. Analysis ---------------- ED_PRI CAN-2002-1231 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1232 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1232 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021022 Category: SF Reference: DEBIAN:DSA-180 Reference: URL:http://www.debian.org/security/2002/dsa-180 Reference: REDHAT:RHSA-2002:223 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html Reference: CONECTIVA:CLA-2002:539 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539 Reference: MANDRAKE:MDKSA-2002:078 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php Reference: CALDERA:CSSA-2002-054.0 Reference: HP:HPSBTL0210-074 Reference: URL:http://online.securityfocus.com/advisories/4605 Reference: BUGTRAQ:20021028 GLSA: ypserv Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2 Reference: BID:6016 Reference: URL:http://www.securityfocus.com/bid/6016 Reference: XF:ypserv-map-memory-leak(10423) Reference: URL:http://www.iss.net/security_center/static/10423.php Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Analysis ---------------- ED_PRI CAN-2002-1232 1 Vendor Acknowledgement: yes advisory ACCURACY: Via email, Thorsten Kukuk (the developer) clarified that this is a basic memory leak, and not an information leak of old domain/map names, which was suggested in some vendor advisories. ACCURACY: an early version of MANDRAKE:MDKSA-2002:078 included a description that discussed the ypserv issue, but its references were for other problems. Mandrake has confirmed that MDKSA-2002:078 is intended for CAN-2002-1232 only. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1245 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1245 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2 Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html Reference: DEBIAN:DSA-189 Reference: URL:http://www.debian.org/security/2002/dsa-189 Reference: XF:luxman-maped-read-memory(10549) Reference: URL:http://www.iss.net/security_center/static/10549.php Reference: BID:6113 Reference: URL:http://www.securityfocus.com/bid/6113 Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program. Analysis ---------------- ED_PRI CAN-2002-1245 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1251 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1251 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: DEBIAN:DSA-186 Reference: URL:http://www.debian.org/security/2002/dsa-186 Reference: XF:log2mail-log-file-bo(10527) Reference: URL:http://www.iss.net/security_center/static/10527.php Reference: BID:6089 Reference: URL:http://www.securityfocus.com/bid/6089 Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message. Analysis ---------------- ED_PRI CAN-2002-1251 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1271 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1271 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021105 Category: SF Reference: SUSE:SuSE-SA:2002:041 Reference: URL:http://www.suse.de/de/security/2002_041_perl_mailtools.html Reference: BUGTRAQ:20021106 GLSA: MailTools Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2 Reference: MANDRAKE:MDKSA-2002:076 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2 Reference: XF:mail-mailer-command-execution(10548) Reference: URL:http://www.iss.net/security_center/static/10548.php Reference: BID:6104 Reference: URL:http://www.securityfocus.com/bid/6104 The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. Analysis ---------------- ED_PRI CAN-2002-1271 1 Vendor Acknowledgement: yes advisory Note: Debian has stated that they are not vulnerable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1277 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1277 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: DEBIAN:DSA-190 Reference: URL:http://www.debian.org/security/2002/dsa-190 Reference: CONECTIVA:CLA-2002:548 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548 Reference: MANDRAKE:MDKSA-2002:085 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php Reference: REDHAT:RHSA-2003:009 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html Reference: REDHAT:RHSA-2003:043 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html Reference: XF:window-maker-image-bo(10560) Reference: URL:http://www.iss.net/security_center/static/10560.php Reference: BID:6119 Reference: URL:http://www.securityfocus.com/bid/6119 Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. Analysis ---------------- ED_PRI CAN-2002-1277 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1278 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021108 Category: CF Reference: CONECTIVA:CLA-2002:544 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544 Reference: XF:linuxconf-sendmail-mail-relay(10554) Reference: URL:http://www.iss.net/security_center/static/10554.php Reference: BID:6118 Reference: URL:http://www.securityfocus.com/bid/6118 The mailconf module in Linuxconf 1.24 on Conectiva Linux 6.0 through 8 generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email. Analysis ---------------- ED_PRI CAN-2002-1278 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1285 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: SUSE:SuSE-SA:2002:040 Reference: URL:http://www.suse.de/de/security/2002_040_lprng_html2ps.html Reference: XF:lprng-runlpr-gain-privileges(10525) Reference: URL:http://www.iss.net/security_center/static/10525.php Reference: BID:6077 Reference: URL:http://www.securityfocus.com/bid/6077 runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. Analysis ---------------- ED_PRI CAN-2002-1285 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1307 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021115 Category: SF Reference: DEBIAN:DSA-199 Reference: URL:http://www.debian.org/security/2002/dsa-199 Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com Reference: BID:6204 Reference: URL:http://online.securityfocus.com/bid/6204 Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. Analysis ---------------- ED_PRI CAN-2002-1307 1 Vendor Acknowledgement: yes advisory ACKNOWLEDGEMENT: an email posted by the author to the mhonarc-users mailing list on October 21, 2002 indicates acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1311 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1311 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021116 Category: SF Reference: DEBIAN:DSA-197 Reference: URL:http://www.debian.org/security/2002/dsa-197 Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-1311 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1313 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021118 Category: SF Reference: DEBIAN:DSA-198 Reference: URL:http://www.debian.org/security/2002/dsa-198 nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. Analysis ---------------- ED_PRI CAN-2002-1313 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1318 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021125 Category: SF Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html Reference: REDHAT:RHSA-2002:266 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html Reference: CONECTIVA:CLA-2002:550 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550 Reference: TURBO:TSLSA-2002-0080 Reference: SUSE:SuSE-SA:2002:045 Reference: URL:http://www.suse.de/de/security/2002_045_samba.html Reference: MANDRAKE:MDKSA-2002:081 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php Reference: DEBIAN:DSA-200 Reference: URL:http://www.debian.org/security/2002/dsa-200 Reference: SGI:20021204-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I Reference: BUGTRAQ:20021121 GLSA: samba Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2 Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=2 Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string. Analysis ---------------- ED_PRI CAN-2002-1318 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1319 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021111 i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2 Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2 Reference: REDHAT:RHSA-2002:262 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html Reference: REDHAT:RHSA-2002:264 Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html Reference: CONECTIVA:CLA-2002:553 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553 The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs. Analysis ---------------- ED_PRI CAN-2002-1319 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1320 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021125 Category: SF Reference: BUGTRAQ:20021107 Remote pine Denial of Service Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2 Reference: SUSE:SuSE-SA:2002:046 Reference: URL:http://www.suse.de/de/security/2002_046_pine.html Reference: ENGARDE:ESA-20021127-032 Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html Reference: MANDRAKE:MDKSA-2002:084 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php Reference: CONECTIVA:CLA-2002:551 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551 Reference: REDHAT:RHSA-2002:270 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html Reference: BUGTRAQ:20021202 GLSA: pine Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2 Reference: XF:pine-from-header-dos(10555) Reference: URL:http://www.iss.net/security_center/static/10555.php Reference: BID:6120 Reference: URL:http://www.securityfocus.com/bid/6120 Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a >From header that contains a large number of quotation marks ("). Analysis ---------------- ED_PRI CAN-2002-1320 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1323 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1323 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744 Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5 Reference: DEBIAN:DSA-208 Reference: URL:http://www.debian.org/security/2002/dsa-208 Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2 Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2 Reference: BUGTRAQ:20021220 GLSA: perl Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2 Reference: VULNWATCH:20021105 [VulnWatch] Perl Safe.pm compartment reuse vuln Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html Reference: BID:6111 Reference: URL:http://www.securityfocus.com/bid/6111 Reference: XF:safe-pm-bypass-restrictions(10574) Reference: URL:http://www.iss.net/security_center/static/10574.php Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls. Analysis ---------------- ED_PRI CAN-2002-1323 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1335 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021202 Category: SF Reference: CONFIRM:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=124484 Reference: REDHAT:RHSA-2003:044 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html Reference: DEBIAN:DSA-250 Reference: URL:http://www.debian.org/security/2003/dsa-250 Reference: DEBIAN:DSA-251 Reference: URL:http://www.debian.org/security/2003/dsa-251 w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to access files or cookies. Analysis ---------------- ED_PRI CAN-2002-1335 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1364 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1364 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021216 Category: SF Reference: SUSE:SuSE-SA:2002:043 Reference: URL:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2 Reference: BID:6166 Reference: URL:http://www.securityfocus.com/bid/6166 Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses. Analysis ---------------- ED_PRI CAN-2002-1364 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1394 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1394 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030106 Category: SF Reference: BUGTRAQ:20021015 GLSA: tomcat Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103470282514938&w=2 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2 Reference: CONFIRM:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365 Reference: DEBIAN:DSA-225 Reference: URL:http://www.debian.org/security/2003/dsa-225 Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. Analysis ---------------- ED_PRI CAN-2002-1394 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1403 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1403 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030110 Category: SF Reference: CONECTIVA:CLA-2002:549 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549 Reference: DEBIAN:DSA-219 Reference: URL:http://www.debian.org/security/2002/dsa-219 Reference: BUGTRAQ:20030105 GLSA: dhcpcd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104189546709447&w=2 Reference: MANDRAKE:MDKSA-2003:003 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:003 Reference: BID:6200 Reference: URL:http://online.securityfocus.com/bid/6200 dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. Analysis ---------------- ED_PRI CAN-2002-1403 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1510 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1510 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030219 Category: SF Reference: CONECTIVA:CLA-2002:533 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533 Reference: MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG Reference: XF:xfree86-xdm-unauth-access(11389) Reference: URL:http://www.iss.net/security_center/static/11389.php xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. Analysis ---------------- ED_PRI CAN-2002-1510 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1511 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030219 Category: SF Reference: REDHAT:RHSA-2003:041 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html Reference: CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog Reference: MANDRAKE:MDKSA-2003:022 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022 Reference: XF:vnc-rand-weak-cookie(11384) Reference: URL:http://www.iss.net/security_center/static/11384.php The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. Analysis ---------------- ED_PRI CAN-2002-1511 1 Vendor Acknowledgement: yes changelog Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1516 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: XF:irix-rpcbind-w-symlink(10272) Reference: URL:http://www.iss.net/security_center/static/10272.php Reference: BID:5889 Reference: URL:http://online.securityfocus.com/bid/5889 rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2002-1516 1 Vendor Acknowledgement: yes advisory ABSTRACTION: this is most likely a different vulnerability than CVE-1999-0190 because CVE-1999-0190 is remotely exploitable, and symlink issues are, by there nature, only locally exploitable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1517 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: XF:irix-fsr-efs-symlink(10275) Reference: URL:http://www.iss.net/security_center/static/10275.php Reference: BID:5897 Reference: URL:http://www.securityfocus.com/bid/5897 fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file. Analysis ---------------- ED_PRI CAN-2002-1517 1 Vendor Acknowledgement: yes advisory ACCURACY: the only source that specifically mentions the ".fsrlast" file is SecurityFocus, and it is not clear where that knowledge came from. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1518 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030223 Category: SF Reference: CIAC:N-004 Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml Reference: SGI:20020903-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P Reference: BID:5893 Reference: URL:http://www.securityfocus.com/bid/5893 Reference: XF:irix-mv-directory-insecure(10276) Reference: URL:http://www.iss.net/security_center/static/10276.php mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. Analysis ---------------- ED_PRI CAN-2002-1518 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1543 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1543 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030225 Category: SF Reference: NETBSD:NetBSD-SA2002-025 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc Reference: XF:trek-keyboard-input-bo(10458) Reference: URL:http://www.iss.net/security_center/static/10458.php Reference: BID:6036 Reference: URL:http://www.securityfocus.com/bid/6036 Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. Analysis ---------------- ED_PRI CAN-2002-1543 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1548 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: AIXAPAR:IY31934 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html Unknown vulnerability in autofs, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to improper "string handling." Analysis ---------------- ED_PRI CAN-2002-1548 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1550 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: AIXAPAR:IY34617 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html dump_smutil.sh in IBM AIX allows local users to perform unauthorized file operations via a symlink attack on temporary files. Analysis ---------------- ED_PRI CAN-2002-1550 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1551 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1551 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030304 Category: SF Reference: AIXAPAR:IY34670 Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-1551 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0711 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0711 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020719 Category: unknown Reference: COMPAQ:SSRT2265 Reference: URL:http://www.securityfocus.com/advisories/4633 Reference: XF:hp-trucluster-interconnect-dos(10551) Reference: URL:http://www.iss.net/security_center/static/10551.php Reference: BUGTRAQ:20021105 RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103651974926272&w=2 Reference: BID:6102 Reference: URL:http://www.securityfocus.com/bid/6102 Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2002-0711 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0839 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: VULNWATCH:20021003 iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: SGI:20021105-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: BUGTRAQ:20021015 GLSA: apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Reference: BID:5884 Reference: URL:http://www.securityfocus.com/bid/5884 Reference: XF:apache-scorecard-memory-overwrite(10280) Reference: URL:http://www.iss.net/security_center/static/10280.php The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. Analysis ---------------- ED_PRI CAN-2002-0839 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0843 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0843 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020808 Category: SF Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04 Reference: CONFIRM:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2 Reference: CONECTIVA:CLA-2002:530 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 Reference: ENGARDE:ESA-20021007-024 Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html Reference: MANDRAKE:MDKSA-2002:068 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: HP:HPSBUX0210-224 Reference: URL:http://online.securityfocus.com/advisories/4617 Reference: SGI:20021105-01-I Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2 Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Analysis ---------------- ED_PRI CAN-2002-0843 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC INCLUSION: While the exploit scenario for this issue may be very rare, the overflow nonetheless crosses privilege boundaries. This is therefore a vulnerability and should be included in CVE (pending supporting votes from Board members). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020927 Category: SF Reference: BUGTRAQ:20021001 iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2 Reference: CONFIRM:http://www.sendmail.org/smrsh.adv.txt Reference: NETBSD:NetBSD-SA2002-023 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-023.txt.asc Reference: CONECTIVA:CLA-2002:532 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532 Reference: FREEBSD:FreeBSD-SA-02:41 Reference: CALDERA:CSSA-2002-052.0 Reference: MANDRAKE:MDKSA-2002:083 Reference: SGI:20030101-01-P Reference: REDHAT:RHSA-2003:073 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html Reference: XF:sendmail-forward-bypass-smrsh(10232) Reference: URL:http://www.iss.net/security_center/static/10232.php Reference: BID:5845 Reference: URL:http://www.securityfocus.com/bid/5845 Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified. Analysis ---------------- ED_PRI CAN-2002-1165 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1167 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020927 Category: SF Reference: VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues Reference: AIXAPAR:IY24527 Reference: BID:6000 Reference: URL:http://online.securityfocus.com/bid/6000 Reference: XF:ibm-wte-html-xss(10453) Reference: URL:http://www.iss.net/security_center/static/10453.php Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. Analysis ---------------- ED_PRI CAN-2002-1167 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: The Location: header CSS is separated from the "standard" XSS because the Location: header issue has another component - CRLF injection. These are therefore very similar, but slightly different types of issues, and CD:SF-LOC suggests that they be SPLIT into multiple items. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1168 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1168 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020927 Category: SF Reference: VULNWATCH:20021023 R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues Reference: AIXAPAR:IY35139 Reference: BID:6001 Reference: URL:http://online.securityfocus.com/bid/6001 Reference: XF:ibm-wte-header-injection(10454) Reference: URL:http://www.iss.net/security_center/static/10454.php Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. Analysis ---------------- ED_PRI CAN-2002-1168 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: The Location: header CSS is separated from the "standard" XSS because the Location: header issue has another component - CRLF injection. These are therefore very similar, but slightly different types of issues, and CD:SF-LOC suggests that they be SPLIT into multiple items. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1169 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020927 Category: SF Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Reference: AIXAPAR:IY35970 Reference: BID:6002 Reference: URL:http://online.securityfocus.com/bid/6002 Reference: XF:ibm-wte-helpout-dos(10452) Reference: URL:http://www.iss.net/security_center/static/10452.php IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. Analysis ---------------- ED_PRI CAN-2002-1169 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1192 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1192 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: BUGTRAQ:20020928 local exploitable overflow in rogue/FreeBSD Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103342413220529&w=2 Reference: NETBSD:NetBSD-SA2002-021 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc Reference: XF:freebsd-rogue-bo(10261) Reference: URL:http://www.iss.net/security_center/static/10261.php Reference: BID:5837 Reference: URL:http://www.securityfocus.com/bid/5837 Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain "games" group privileges via malformed entries in a game save file. Analysis ---------------- ED_PRI CAN-2002-1192 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1194 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1194 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021008 Category: SF Reference: NETBSD:NetBSD-SA2002-019 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc Reference: XF:netbsd-talkd-bo(10303) Reference: URL:http://www.iss.net/security_center/static/10303.php Reference: BID:5910 Reference: URL:http://www.securityfocus.com/bid/5910 Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message. Analysis ---------------- ED_PRI CAN-2002-1194 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1202 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1202 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021011 Category: SF Reference: COMPAQ:SSRT2208 Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q4/0002.html Reference: XF:tru64-routed-file-access(10316) Reference: URL:http://www.iss.net/security_center/static/10316.php Reference: BID:5913 Reference: URL:http://www.securityfocus.com/bid/5913 Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A allows local and remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-1202 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1215 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1215 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021015 Category: SF Reference: CONFIRM:http://linux-ha.org/security/sec01.txt Reference: SUSE:SuSE-SA:2002:037 Reference: URL:http://www.suse.de/de/security/2002_037_heartbeat.html Reference: DEBIAN:DSA-174 Reference: URL:http://www.debian.org/security/2002/dsa-174 Reference: CONECTIVA:CLA-2002:540 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540 Reference: XF:linuxha-heartbeat-bo(10357) Reference: URL:http://www.iss.net/security_center/static/10357.php Reference: BID:5955 Reference: URL:http://www.securityfocus.com/bid/5955 Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources). Analysis ---------------- ED_PRI CAN-2002-1215 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ACCURACY: Debian confirmed via email that DEBIAN:DSA-174 is addressing the same issue as SuSE. The original release of the Debian advisory said that hearbeat mentioned "buffer overflows," but Debian confirmed that they really meant "buffer overflows as exploited through format strings" - i.e. format string vulnerabilities. In addition, Debian's mention of TCP was a typo. So, the Debian and SuSE advisories are discussing the same issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1225 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021017 Category: SF Reference: SUSE:SuSE-SA:2002:034 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2 Reference: BUGTRAQ:20021014 GLSA: heimdal Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2 Reference: DEBIAN:DSA-178 Reference: URL:http://www.debian.org/security/2002/dsa-178 Reference: XF:heimdal-kf-kfd-bo(10116) Reference: URL:http://www.iss.net/security_center/static/10116.php Reference: BID:5729 Reference: URL:http://www.securityfocus.com/bid/5729 Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. Analysis ---------------- ED_PRI CAN-2002-1225 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1233 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1233 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021022 Category: SF Reference: BUGTRAQ:20021016 Apache 1.3.26 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103480856102007&w=2 Reference: DEBIAN:DSA-187 Reference: URL:http://www.debian.org/security/2002/dsa-187 Reference: DEBIAN:DSA-188 Reference: URL:http://www.debian.org/security/2002/dsa-188 Reference: DEBIAN:DSA-195 Reference: URL:http://www.debian.org/security/2002/dsa-195 Reference: XF:apache-htdigest-tmpfile-race(10413) Reference: URL:http://www.iss.net/security_center/static/10413.php A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CAN-2001-0131. Analysis ---------------- ED_PRI CAN-2002-1233 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC, REGRESSION ABSRACTION: This is a Debian-specific regression error for CAN-2001-0131; they had released a fix, but the fix did not make it into upstream versions. Mark Cox noted that this problem had never been fixed by the Apache group; rather, various distributions had fixed it when it first came out. Should there be a separate candidate for this regression error? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1247 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1247 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021101 Category: SF Reference: BUGTRAQ:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103704823501757&w=2 Reference: VULNWATCH:20021111 iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0068.html Reference: BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2 Reference: MISC:http://www.idefense.com/advisory/11.11.02.txt Reference: DEBIAN:DSA-193 Reference: URL:http://www.debian.org/security/2002/dsa-193 Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: MANDRAKE:MDKSA-2002:080 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:080 Reference: CIAC:N-020 Reference: URL:http://www.ciac.org/ciac/bulletins/n-020.shtml Reference: BUGTRAQ:20021114 GLSA: kdelibs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2 Reference: BID:6157 Reference: URL:http://www.securityfocus.com/bid/6157 Reference: XF:kde-kdenetwork-reslisa-bo(10592) Reference: URL:http://www.iss.net/security_center/static/10592.php Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon. Analysis ---------------- ED_PRI CAN-2002-1247 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CAN-2002-1247 (resLISA/LOGNAME overflow) is kept distinct from CAN-2002-1306 (lisa daemon overflow, lan:// overflow) because there is some evidence that these two candidates are being treated separately, and thus some LISa packages may have fixed one issue but not the other. Therefore these issues should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1275 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1275 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: SUSE:SuSE-SA:2002:040 Reference: URL:http://www.suse.de/de/security/2002_040_lprng_html2ps.html Reference: DEBIAN:DSA-192 Reference: URL:http://www.debian.org/security/2002/dsa-192 Reference: XF:lprng-html2ps-command-execution(10526) Reference: URL:http://www.iss.net/security_center/static/10526.php Reference: BID:6079 Reference: URL:http://www.securityfocus.com/bid/6079 Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input." Analysis ---------------- ED_PRI CAN-2002-1275 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1276 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021108 Category: SF Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471 Reference: DEBIAN:DSA-191 Reference: URL:http://www.debian.org/security/2002/dsa-191 Reference: REDHAT:RHSA-2003:042 Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-042.html An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. Analysis ---------------- ED_PRI CAN-2002-1276 3 Vendor Acknowledgement: yes advisory Content Decisions: INCLUSION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1279 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1279 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: DEBIAN:DSA-194 Reference: URL:http://www.debian.org/security/2002/dsa-194 Reference: CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000040.html Reference: CONFIRM:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000041.html Reference: XF:masqmail-bo(10605) Reference: URL:http://www.iss.net/security_center/static/10605.php Reference: BID:6164 Reference: URL:http://www.securityfocus.com/bid/6164 Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option). Analysis ---------------- ED_PRI CAN-2002-1279 3 Vendor Acknowledgement: yes Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1281 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1281 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt Reference: MANDRAKE:MDKSA-2002:079 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: DEBIAN:DSA-204 Reference: URL:http://www.debian.org/security/2002/dsa-204 Reference: BUGTRAQ:20021114 GLSA: kdelibs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2 Reference: XF:kde-rlogin-command-execution(10602) Reference: URL:http://www.iss.net/security_center/static/10602.php Reference: BID:6182 Reference: URL:http://www.securityfocus.com/bid/6182 Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL. Analysis ---------------- ED_PRI CAN-2002-1281 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: Since the telnet.protocol problem only appears in KDE 2.x, but the rlogin.protocol problem appears in 2.x *and* 3.x, CD:SF-LOC suggests creating separate identifiers because the rlogin.protocol problem appears in a different version than telnet.protocol. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1282 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021112 Category: SF Reference: BUGTRAQ:20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2 Reference: MANDRAKE:MDKSA-2002:079 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: DEBIAN:DSA-204 Reference: URL:http://www.debian.org/security/2002/dsa-204 Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-1.txt Reference: BUGTRAQ:20021114 GLSA: kdelibs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2 Reference: XF:kde-telnet-command-execution(10603) Reference: URL:http://www.iss.net/security_center/static/10603.php Reference: BID:6182 Reference: URL:http://www.securityfocus.com/bid/6182 Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. Analysis ---------------- ED_PRI CAN-2002-1282 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE, SF-LOC ABSTRACTION: Since the telnet.protocol problem only appears in KDE 2.x, but the rlogin.protocol problem appears in 2.x *and* 3.x, CD:SF-LOC suggests creating separate identifiers because the rlogin.protocol problem appears in a different version than telnet.protocol. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1306 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021114 Category: SF Reference: BUGTRAQ:20021112 KDE Security Advisory: resLISa / LISa Vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2 Reference: SUSE:SuSE-SA:2002:042 Reference: URL:http://www.suse.de/de/security/2002_042_kdenetwork.html Reference: MANDRAKE:MDKSA-2002:080 Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php Reference: REDHAT:RHSA-2002:220 Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021111-2.txt Reference: DEBIAN:DSA-214 Reference: URL:http://www.debian.org/security/2002/dsa-214 Reference: BUGTRAQ:20021114 GLSA: kdelibs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2 Reference: CIAC:N-020 Reference: URL:http://www.ciac.org/ciac/bulletins/n-020.shtml Reference: XF:kde-kdenetwork-lisa-bo(10597) Reference: URL:http://www.iss.net/security_center/static/10597.php Reference: XF:kde-kdenetwork-lan-bo(10598) Reference: URL:http://www.iss.net/security_center/static/10598.php Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. Analysis ---------------- ED_PRI CAN-2002-1306 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CAN-2002-1247 (resLISA/LOGNAME overflow) is kept distinct from CAN-2002-1306 (lisa daemon overflow, lan:// overflow) because there is some evidence that these two candidates are being treated separately, and thus some LISa packages may have fixed one issue but not the other. Therefore these issues should remain SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1402 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1402 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030107 Category: SF Reference: BUGTRAQ:20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2 Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php Reference: SUSE:SuSE-SA:2002:038 Reference: CONFIRM:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php Reference: CONECTIVA:CLA-2002:524 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524 Reference: MANDRAKE:MDKSA-2002:062 Reference: URL:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062 Reference: BUGTRAQ:20020826 GLSA: PostgreSQL Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2 Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code. Analysis ---------------- ED_PRI CAN-2002-1402 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
- Prev by Date: [PROPOSAL] Cluster UNIX-2002a - 52 candidates
- Next by Date: [PROPOSAL] Cluster UNIX-2002c - 36 candidates
- Prev by thread: [PROPOSAL] Cluster UNIX-2002a - 52 candidates
- Next by thread: [PROPOSAL] Cluster UNIX-2002c - 36 candidates
- Index(es):
